Page 1
H3C SecPath V100-E Security Gateway
Installation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: APW100-20090518
Page 2
Copyright © 2009, Hangzhou H3C Technologies Co., Ltd. and its licensors
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
H3C, , Aolynk, , H3Care,
SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Technical Support
customer_service@h3c.com
http://www.h3c.com
, TOP G, , IRF, NetPilot, Neocean, NeoVTL,
2
G, VnG, PSPT,
Page 3
About This Manual
Organization
H3C SecPath V100-E Security Gateway Installation Manual is organized as follows:
Chapter Contents
1 Product Overview
2 Installation Preparations
3 Installing the V100-E
4 Starting and Configuring the V100-E
5 Maintaining Software
Introduces the features and applications of the
V100-E and provides the appearance and
system specifications of the V100-E.
Introduces the environment requirements for
installing the V100-E, installation precautions
and installation tools.
Introduces how to install the V100-E and how to
connect the power cable, console cable and
Ethernet cable.
Introduces the startup and configuration of the
V100-E, including device boot and powering up
and system file initialization.
Introduces software maintenance of the V100-E,
including software upgrade and configuration file
loading.
6 Maintaining Hardware
7 Troubleshooting
8 MIM Modules
Appendix Compliance and Safety Manual
Conventions
The manual uses the following conventions:
Command conventions
Convention Description
Boldface
Introduces hardware maintenance of the
V100-E, including replacing a DDR SDRAM.
Introduces the faults that may occur during the
installation and startup of the V100-E and the
corresponding solutions.
Introduces the appearance, panel and LEDs of
the MIMs, and describes how to install the MIMs
and how to connect the interface cables.
This section introduces part of the safety
precautions that should be followed during the
installation and maintenance of the equipment.
The keywords of a command line are in Boldface.
italic
[ ] Items (keywords or arguments) in square brackets [ ] are optional.
{ x | y | ... }
[ x | y | ... ]
Command arguments are in italic.
Alternative items are grouped in braces and separated by vertical bars.
One is selected.
Optional alternative items are grouped in square brackets and
separated by vertical bars. One or none is selected.
Page 4
Convention Description
{ x | y | ... } *
[ x | y | ... ] *
&<1-n>
# A line starting with the # sign is comments.
Alternative items are grouped in braces and separated by vertical bars.
A minimum of one or a maximum of all can be selected.
Optional alternative items are grouped in square brackets and
separated by vertical bars. Many or none can be selected.
The argument(s) before the ampersand (&) sign can be entered 1 to n
times.
GUI conventions
Convention Description
Boldface
>
Window names, button names, field names, and menu items are in
Boldface. For example, the New User window appears; click OK.
Multi-level menus are separated by angle brackets. For example, File >
Create > Folder.
Symbols
Convention Description
Related Documentation
In addition to this manual, each H3C SecPath Series Security Products documentation set includes the
following:
Manual Description
H3C SecPath Series Security Products
Operation Manual
H3C SecPath Series Security Products
Command Manual
Means reader be extremely careful. Improper operation may cause
bodily injury.
Means reader be careful. Improper operation may cause data loss or
damage to equipment.
Means a complementary description.
It introduces the functional features, principles
and guide to configuration and operation for H3C
SecPath Series Security Gateways/Firewalls.
It discusses all commands available in the
configuration and operation on H3C SecPath
Series Security Gateways/Firewalls. The details
include command name, complete command
form, parameter, operation view, usage
description and configuration example.
H3C SecPath Series Security Products
Web-Based Configuration Manual
H3C SecPath SSL VPN Administrator Manual
It directs users to configure the H3C SecPath
Series Firewalls through the Web interface.
It provides guides for the administrator of the
H3C SecPath SSL VPN system to configure
users, resources and various policies of the
system.
Page 5
Manual Description
H3C SecPath SSL VPN User Manual
Obtaining Documentation
You can access the most up-to-date H3C product documentation on the World Wide Web at this URL:
http://www.h3c.com.
The following are the columns from which you can obtain different categories of product docume ntation:
[Products & Solutions]: Provides information about products and technologies.
[Technical Support & Document > Technical Documents]: Provides several categories of product
documentation, such as installation and configuration.
[Technical Support & Document > Software Download]: Provides the documentation released with the
software version.
Documentation Feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
Environmental Protection
It introduces resource access methods for users
of the H3C SecPath SSL VPN system.
This product has been designed to comply with the requirements on environmental protection. For the
proper storage, use and disposal of this product, national laws and regulations must be ob served.
Page 6
Table of Contents
1 Product Overview······································································································································1-1
Overview ·················································································································································1-1
Hardware Features ·································································································································1-2
Appearance ·····································································································································1-2
System Specifications ·····················································································································1-2
LEDs················································································································································1-3
Fixed Interface Attributes ················································································································1-3
MIMs················································································································································1-4
2 Installation Preparations···························································································································2-1
Environment Requirements ····················································································································2-1
Temperature and Humidity··············································································································2-1
Cleanness Requirements ················································································································2-1
Electrostatic Discharge Prevention ·································································································2-2
Electromagnetic Interference Prevention ························································································2-2
Lightning Protection·························································································································2-2
Rack-Mounting Requirements·········································································································2-3
Safety Precautions ··································································································································2-3
Safety Signs ····································································································································2-3
General Safety Recommendations ·································································································2-3
Checklist Before Installation····················································································································2-3
Installation Tools, Meters and Equipment·······························································································2-3
3 Installing the V100-E··································································································································3-1
Preparations············································································································································3-1
Installation Flowchart ······························································································································3-1
Installing the V100-E·······························································································································3-2
Free-Standing··································································································································3-2
Rack-Mounting ································································································································3-2
Installing Generic Modules······················································································································3-2
Connecting the PGND Cable ··················································································································3-3
Connecting to the Console Terminal·······································································································3-4
Connecting to the Ethernet Interface ······································································································3-4
Connecting the Power Cable ··················································································································3-5
Verifying Installation································································································································3-6
4 Starting and Configuring the V100-E·······································································································4-1
Booting ····················································································································································4-1
Setting Up a Configuration Environment·························································································4-1
Powering Up the V100-E·················································································································4-3
Booting Process ······························································································································4-4
Configuration Fundamentals···················································································································4-5
Basic Configuration Procedures······································································································4-5
Command Line Interface ·················································································································4-5
i
Page 7
5 Maintaining Software·································································································································5-1
Boot Menu···············································································································································5-1
Upgrading Application and Boot ROM Using XMODEM ········································································5-2
Backing Up and Restoring the Extended Segment of the Boot ROM ····················································5-5
Upgrading the Application Program Using TFTP····················································································5-5
Uploading/Downloading Applications/Files Using FTP···········································································5-7
Modifying Boot ROM Password ············································································································5-10
Resetting a Lost Password ···················································································································5-12
6 Maintaining Hardware ·······························································································································6-1
Preparing Tools·······································································································································6-1
Opening the Chassis Cover ····················································································································6-1
Installing and Removing a DDR SDRAM································································································6-2
Locating the DDR SDRAM on the Main Board ···············································································6-3
Removing a DDR SDRAM···············································································································6-4
Install a DDR SDRAM ·····················································································································6-5
Installing the Chassis Cover ···················································································································6-5
Installing and Removing MIMs················································································································6-5
7 Troubleshooting ········································································································································7-1
Troubleshooting PSU······························································································································7-1
Troubleshooting the Configuration System·····························································································7-1
Troubleshooting Application Upgrading ··································································································7-2
8 MIM Modules··············································································································································8-1
MIM Options············································································································································8-1
Installing and Removing an MIM·············································································································8-1
Troubleshooting an MIM ·························································································································8-3
1FE/2FE/4FE Module······························································································································8-3
Introduction······································································································································8-3
Appearance ·····································································································································8-3
Interface Attributes ··························································································································8-4
Panel and Interface LEDs ···············································································································8-5
Interface Cable ································································································································8-5
Connecting the Interface Cable·······································································································8-7
1GBE/2GBE Module ·······························································································································8-7
Introduction······································································································································8-7
Appearance ·····································································································································8-8
Interface Attributes ··························································································································8-8
Panel and Interface LEDs ···············································································································8-8
Interface Cable ································································································································8-9
1GEF/2GEF Module······························································································································8-10
Introduction····································································································································8-10
Appearance ···································································································································8-10
Interface Attributes ························································································································8-10
Panel and Interface LEDs ·············································································································8-11
Interface Cable ······························································································································8-12
HNDE Module ·······································································································································8-13
Introduction····································································································································8-13
Interface Attributes ························································································································8-13
ii
Page 8
Panel and Interface LEDs ·············································································································8-13
Troubleshooting the HNDE Module·······························································································8-14
iii
Page 9
1 Product Overview
Overview
The H3C SecPath V100-E Security Gateway (referred to as the V100-E hereinafter) is a
new-generation network security device intended for enterprise users. The V100-E serves as the
access gateway for small- and medium-sized enterprises by providing various VPN access solutions,
including the SSL VPN.
The V100-E has the following features:
z Providing four 10/100 Mbps autosensing Ethernet interfaces, allowing for flexible configurations of
internal networks, external networks, demilitarized zone (DMZ), and out-of-band management.
z Offering an extension slot for multifunctional interface modules (MIMs), which can be 1FE, 2FE,
4FE, 1GBE, 1GEF, 2GBE, 2GEF, and HNDE.
z Fully satisfying the carrier-class reliability requirements as it supports power supply unit (PSU)
redundancy backup (AC+AC), detection of internal chassis temperature, network management,
and Web-based configuration and management.
z Supporting multiple VPN services, such as secure socket layer (SSL) VPN, Layer 2 tunneling
protocol (L2TP) VPN, IP security (IPsec) VPN, generic routing encapsulation (GRE) VPN, and
dynamic VPN.
z Supporting hardware encryption and connection to remote users through ADSL dial-up, VLAN, or
tunneling to implement Internet, intranet, and access VPNs.
z Integrating such technologies as the firewall, authentication, authorization and accounting (AAA),
network address translation (NAT), and quality of service (QoS) to guarantee high security and
reliability for private networks over the Internet.
z Offering chip-based encryption solution to deliver high-speed SSL VPN features.
z Delivering basic routing capabilities, supporting RIP, OSPF, BGP, route policy, and policy-based
routing, supporting abundant QoS features, and providing traffic policing, traffic shaping, and
multiple queue scheduling policies.
The V100-E supports automatically upgrading configuration and application files through the branch
intelligent management system (BIMS), and supports deploying and configuring VPNs using the VPN
manager.
1-1
Page 10
Hardware Features
Appearance
Figure 1-1 Front panel of the V100-E
Figure 1-2 Rear panel of the V100-E
System Specifications
Table 1-1 Technical specifications of the V100-E
MIM slot 1
Fixed interface
Boot ROM 512 KB
DDR SDRAM 512 MB (default)
Flash memory 16 MB
Physical dimensions excluding rubber feet (H ×
W × D)
Power supply AC+AC
Power consumption
Item Description
4 × 10/100 Mbps Ethernet interfaces
1 AUX port (AUX)
1 console port (CONSOLE)
44 × 436 × 430 mm (1.73 × 17.17 × 16.93 in.)
Rated voltage range: 100 VAC to 240 VAC, 50
Hz or 60 Hz
Rated current: 1.0 A
57 W
Operating temperature
Operating humidity (noncondensing)
0°C to 45°C (32°F to 113°F)
1-2
10% to 95%
Page 11
LEDs
z Double data rate synchronous dynamic random access memory (DDR SDRAM) stores the data
exchanged between the system and the CPU.
z Flash memory functions as the major file storage medium to store application files, anomaly
information, and configuration files.
z Boot ROM stores the boot file for device startup.
Table 1-2 LEDs on the V100-E
LED Description
PWR0
PWR1
SYS
ACT (system)
LINK
ACT (interface)
OFF means the PSU0 is not supplying power to the device.
ON means the PSU0 is supplying power to the device.
OFF means the PSU1 is not supplying power to the device.
ON means the PSU1 is supplying power to the device.
ON means the system is operating normally.
OFF means the system is operating abnormally.
Blinking means the software is operating normally.
OFF means the software is operating abnormally.
OFF means no link is present.
ON means a link is present.
OFF means no packets are being transmitted or received on the interface.
Blinking means packets are being transmitted or received on the interface.
Fixed Interface Attributes
Console port (CONSOLE)
Table 1-3 Attributes of the console port
Item Description
Connector
Interface standard
RJ-45
RS-232
Baud rate 1,200 bps to 115,200 bps, defaults to 9,600 bps
Connected to an ASCII terminal
Services
Connected to the serial interface of a local PC running terminal
emulation software
Command line interface (CLI)
1-3
Page 12
AUX port (AUX)
Table 1-4 Attributes of the AUX port
Item Description
Connector
Interface standard
Baud rate 1,200 bps to 115,200 bps
Services
RJ-45
RS-232
Modem dialup
Backup
Ethernet interfaces
The V100-E provides four fixed 10/100 Mbps autosensing Ethernet interfaces. Their attributes are
described in
Table 1-5.
Table 1-5 Attributes of the Ethernet interfaces
Item Description
Connector type
Interface type MDI/MDIX autosensing
Frame formats
RJ-45
Ethernet_II
Ethernet_SNAP
MIMs
Operating mode
10/100 Mbps autosensing
Half/full duplex
The V100-E provides one expansion slot for the following MIMs:
z 1-port 10Base-T/100Base-TX fast Ethernet interface module (1FE)
z 2-port 10Base-T/100Base-TX fast Ethernet interface module (2FE)
z 4-port 10Base-T/100Base-TX fast Ethernet interface module (4FE)
z 1-port 10Base-T/100Base-TX/1000Base-T Ethernet interface module (1GBE)
z 2-port 10Base-T/100Base-TX/1000Base-T Ethernet interface module (2GBE)
z 1-port 1000Base-LX/1000Base-SX Ethernet optical interface module (1GEF)
z 2-port 1000Base-LX/1000Base-SX Ethernet optical interface module (2GEF)
z High performance network data encryption module (HNDE)
For details about these MIMs, refer to
MIM Modules .
1-4
Page 13
2 Installation Preparations
Environment Requirements
The H3C SecPath series security gateways are designed for indoor application. To guarantee the
normal operation and prolong the service life of the device, the installation site must meet the
requirements mentioned hereunder.
Temperature and Humidity
The temperature and humidity in the equipment room shall be maintained at an appropriate level.
z A long-time high relative humidity will quite likely result in poor insulation performance, electric
leakage, mechanical property change, and corrosion.
z A long-term low relative humidity will result in looseness of fastening screws owing to shrinkage of
insulation washers, or electrostatic discharge (ESD), which may damage the CMOS circuit on the
device.
z A high temperature will speed up the aging of insulation materials, which greatly lower the device’s
reliability and shortens the service life.
Table 2-1 lists the requirements on temperature and humidity for the V100-E. .
Table 2-1 Temperature and humidity requirements in the equipment room
Temperature Relative humidity
0°C to 45°C (32°F to 113°F)
Cleanness Requirements
Dust is harmful to the safe operation of the device. Dust on the chassis may result in static adsorption,
which causes poor contact between metal connectors or joints. The poor contact not only shortens the
service life of the device, but also brings about communication failures. Especially under the condition
of low indoor humidity, static adsorption is more likely to occur.
The equipment room must be free of explosive, electrically and magnetically conductive, and corrosive
dust. The following table lists the limit on dust particles.
Table 2-2 Limitation on dust concentration and diameter in the equipment room
Mechanical active
material
Dust particle
Unit Content
Particle/m³
10% to 95% (noncondensing)
≤ 3 × 10
(No visible dust on desk in three days)
4
Note: Dust particles diameter ≥ 5 µm
2-1
Page 14
Besides, the amounts of salt, acid, and sulfide in the equipment room should be strictly restricted.
Harmful gases could accelerate the corrosion of metal parts and the aging of some parts.
Table 2-3 lists the concentration limit of SO2, H2S, NH3, and CI2 in the equipment room.
Table 2-3 Concentration limit of some harmful gases in the equipment room
Gas Max content (mg/m3)
SO
2
H2S 0.006
NH
3
Cl
2
Electrostatic Discharge Prevention
In the communication network to which the device is connected, static induction mainly results from:
z External electrical fields such as outdoor high voltage power line or lightning
z Indoor environment, flooring materials, and the device structure
Although the V100-E adopts many antistatic measures, damage to board circuits or even the device
may still happen when the static electricity exceeds a certain limit.
To prevent ESD,
z Make sure that the device and the floor are well grounded.
z Take dust-proof measures for the equipment room.
z Maintain the humidity and temperature at a proper level.
z Always wear an ESD-preventive wrist strap or antistatic clothing when touching a circuit board.
z Place the removed circuit board on an antistatic workbench, with the face upward, or put it into an
antistatic bag.
z Hold by the edges, instead of electronic components when observing or moving a circuit board.
0.2
0.05
0.01
Electromagnetic Interference Prevention
All possible interference sources, external or internal, affect the device in the way of capacitance
coupling, inductance coupling, electromagnetic radiation, and common impedance (including the
grounding system) coupling. To minimize the influence of interference sources on the device, take the
following into consideration:
z Take effective measures to protect the power system from power grid interference.
z Separate the protection ground of the device from the grounding device or lightning protection
grounding device of the common power supply equipments as far as possible.
z Keep the device far from heavy-duty radio transmitters, radar transmitters, and high-frequency
devices.
z Adopt electromagnetic shielding measures when necessary.
Lightning Protection
Although many measures have been taken to protect the device from lightning, damage to the device
may still happen if the lightning intensity exceeds a certain limit. To better protect the device from
lightning, do the following:
2-2
Page 15
z Ensure the PGND cable of the chassis is well grounded.
z Ensure the grounding terminal of the AC power socket is well grounded.
z Install a lightning arrester at the input end of the power supply to enhance the lightning protection
capability of the power supply.
Rack-Mounting Requirements
When installing the V100-E,
z Reserve adequate clearance around the air inlet and exhaust of the chassis for heat ventilation.
z Make sure that the cabinet is equipped with a good ventilation system.
z Make sure the cabinet is sturdy enough to support the weight of the device and installation
accessories.
z The rack is well-grounded.
Safety Precautions
Safety Signs
When reading this manual, pay attention to the following:
: Means the reader be extremely careful. Improper operation may cause device damage
or bodily injury.
: Means the reader be careful. Improper operation may cause device malfunction.
General Safety Recommendations
z Keep the device far away from heat sources and water/liquid.
z Make sure that the device has been correctly grounded.
z Wear an ESD-preventive wrist strap during installation and maintenance, making sure that the
strap has good skin contact.
z Do not hot swap the console cable or AUX cable.
z Use laser with caution. Do not directly stare into apertures or fiber connectors that emit laser
radiation.
z Equip an uninterrupted power supply (UPS).
Checklist Before Installation
Check the arrived shipment contents against the packing list, making sure all the items are included and
in good condition. Contact your agent for shortage or wrong delivery.
Installation Tools, Meters and Equipment
Tools
z Phillips screwdriver
z Flat-blade screwdriver
z ESD-preventive wrist strap
z Antistatic bags
2-3
Page 16
Cables
z Grounding wire and power cord
z Console cable
z Optional cables
Meters and other equipment
z Hub or LAN switch
z Console terminal (or a PC)
z Accessories for the ordered interface modules
z Multimeter
The device is not shipped with any installation tools, meters, or equipment. You need to prepare them
yourself.
2-4
Page 17
3 Installing the V100-E
Preparations
z Before installing the V100-E, make sure that you have read through Chapter 2 Installation
Preparations.
z Make sure all the requirements mentioned in Chapter 2 are satisfied.
Installation Flowchart
Figure 3-1 Installation flowchart for the V100-E
Start
Install the cabinet (optional)
Install the device to
the specified position
Connect the PGND cable
Connect the power cables
Connect the device to
a configuration terminal
Verify the installation
Turn on the power switch
Normal?
Yes
Power off the device and
disconnect the power cables
Install a MIM
optional
(
)
Troubleshooting
No
Turn off the power
switch
Connect the device to the
Ethernet network
Verify the installation
Connect the power cables
and power on the device
End
3-1
Page 18
Installing the V100-E
You can place the V100-E on a workbench or mount it in a 19-inch standard rack.
Free-Standing
Place the V100-E on a clean and flat workbench. To prevent any damage, observe the following:
z Ensure the workbench is stable enough.
z Allow 10 cm (3.9 in.) of clearance around the ventilation openings.
z Do not place heavy stuff on the V100-E.
Rack-Mounting
The V100-E is designed to be mounted in 19-inch standard racks. Table 3-1 shows its physical
dimensions.
Table 3-1 Physical dimensions of the V100-E
Model Physical dimensions (H × W × D)
H3C SecPath V100-E security gateway
44 × 436 × 430 mm (1.73 × 17.17 × 16.93 in.)
(excluding rubber feet)
Follow these steps to rack-mount the V100-E:
Step1 Check the grounding and stability of the rack. Use the screws to fix the mounting brackets at both sides
near the front panel of the device.
Step2 Put the device in a rack tray. Depending on the actual situation, slide the device along the guide rails to
an appropriate place.
Step3 Fix the mounting brackets to the rack posts with suitable antirust pan-head screws. Make sure that the
device is placed horizontally and securely fixed.
Figure 3-2 Install the V100-E in a rack
(1)
(1) Screws (four) (2) Mounting bracket
(3) Guide rail
Installing Generic Modules
For how to install MIMs, refer to MIM Modules.
3-2
(2)
(3)
Page 19
Connecting the PGND Cable
A correct connection of the protection ground (PGND) cable on the device chassis is an essential
safeguard against lightning strokes and electromagnetic interference (EMI). When installing or using
the device, make sure the PGND cable is correctly connected.
The V100-E provides a grounding screw, which must be well grounded, so as to safely conduct the
inductive and leaky current to the earth ground, and thereby improve the capability of the whole device
to guard against the electromagnetic interference.
The grounding screw of the V100-E, which is marked with grounding symbol, is at the right end on the
real panel, as shown in
Figure 3-3 Grounding screw of the V100-E
Figure 3-3.
(1) Ground screw
Use a PGND cable to connect the grounding screw to the earth ground, and the grounding resistance
should not be greater than 5 ohm. Likewise, if the V100-E is installed in a 19-inch standard rack, this
rack is required to be grounded too.
The V100-E must be well grounded during its operation. Otherwise, it cannot be protected reliably from
lightning, which may damage the V100-E itself and even the peer device.
3-3
Page 20
Connecting to the Console Terminal
Console port
The H3C SecPath series security gateways provide an RS-232 asynchronous serial console port
(CON), through which you can configure the device. For the attributes of the console port, refer to
Console port (CONSOLE).
Console cable
The console cable is an 8-core shielded cable. At one end of the cable is an RJ-45 connector that can
be plugged to the console port of the V100-E; at the other end is a DB-9 (female) connector, which can
be plugged to the serial interface of the console terminal.
Figure 3-4 illustrates a console cable.
Figure 3-4 Console cable assembly
A
X3
A
Connecting the console cable
Before configuring the V100-E through a console terminal, follow these steps to connect the console
cable:
Step1 Select a console terminal. The console terminal can be either a PC or a standard ASCII terminal with an
RS-232 serial interface.
Step2 Connect the cable. Turn the power switch off, connect the DB-9 serial interface of the console cable to
the PC, and then connect the RJ-45 interface to the console port of the V100-E.
Step3 Verify the connection and power up the V100-E and console terminal. The console terminal shows the
startup information of the V100-E if the connection is correct. For details, see
Booting Process.
Connecting to the Ethernet Interface
Ethernet interface
The V100-E provides four fixed 10/100 Mbps autosensing Ethernet interfaces.
Ethernet cable
The V100-E uses the category-5 twisted pair cable (straight-through or crossover) to connect its
electrical Ethernet interfaces. See
Figure 3-5.
3-4
Page 21
Figure 3-5 Ethernet cable assembly
When preparing network cables, it is recommended to use shielded cables for the sake of
electromagnetic compatibility.
Connecting the Ethernet cable
Take the fixed 10/100M interface Ethernet 0/0 on the front panel of the V100-E for example. Follow
these steps to connect its Ethernet cable:
Read the symbol above the interface carefully to avoid misconnection.
Step1 Connect one end of the Ethernet cable to the V100-E and the other end to the peer device.
Step2 Check that the LINK LED corresponding to Ethernet 0/0 is on. ON means a link is present on the
interface. OFF means no link is present on the interface and you should check the connection.
Connecting the Power Cable
The V100-E supports dual AC power supplies.
Two AC power modules can serve as backup of each other to implement power redundancy.
AC power supply
AC input: 100 VAC to 240 VAC, 50 Hz or 60 Hz
Figure 3-6 shows the power sockets and switches on the V100-E.
3-5
Page 22
Figure 3-6 Physical view of the power sockets and switches
(1) PWR1 power switch (2) PWR0 power switch
(3) PWR1 power socket (4) PWR0 power socket
Recommended AC power socket
You are recommended to use a single-phase three-terminal socket with an earth contact, which must be
properly grounded. The building ground system is often buried during the wiring engineering. Make sure
that the building ground system is normal before connecting the AC power cord.
Connecting the AC power cord
Follow these steps to connect the AC power cord to the V100-E:
Step1 Make sure that the grounding screw on the chassis is securely connected to the earth ground.
Step2 Make sure that the power switch is in the OFF position. Connect one end of the AC power cord to the
AC-input socket (PWR0) on the left end of the rear panel and the other end to the AC site power.
Step3 Connect one end of the AC power cord to the AC-input socket (PWR1) on the left end of the rear panel
and the other end to the AC site power. (Omit this step if only one AC power module is needed.)
Step4 Push the power switch(es) of the V100-E to ON position.
Step5 Check that the corresponding PWR LED on the front panel is on. ON means the power connection is
correct.
Step6 Check that the SYS LED on the front panel is on. ON means the hardware system is operating normally.
Verifying Installation
Each time you power up the V100-E during installation, verify that:
z Enough clearance has been reserved around the ventilation openings of the device and the
workbench or rack is stable enough.
z The power supply matches the requirements of the V100-E.
z The PGND cable is correctly connected.
z The V100-E is correctly connected to other devices, such as a console terminal.
3-6
Page 23
It is very important to verify the installation because instability and poor grounding of the V100-E and an
unmatched power supply will affect the operation of the V100-E.
3-7
Page 24
4 Starting and Configuring the V100-E
Booting
For the initial use of the V100-E, you can only make CLI configuration through the console port.
Setting Up a Configuration Environment
Connecting a console terminal to the V100-E
Connect the RJ-45 connector of the console cable to the console port on the V100-E and the DB-9
connector to the serial interface on the PC (see
Figure 4-1 Local configuration through the console port
Figure 4-1).
Setting terminal parameters
Step1 Start the PC (or the console terminal), run on the PC the emulation (the Terminal on Windows 3.1, or the
HyperTerminal on Windows 9X/Windows 2000/Windows XP for example) and create a new connection.
Enter the name of the new connection in the Name field and click OK. See
Figure 4-2 Create a new connection
Figure 4-2.
4-1
Page 25
Step2 Define terminal parameters (using the HyperTerminal on Windows XP as an example).
1) Select connection port
Select the serial interface to be used from the Connect using drop-down list in the Connect To dialog
box as shown below. Be sure to select the serial port to which the console cable is actually connected.
Figure 4-3 Select a port for local configuration connection
2) Set the connection port
Set the properties of the serial port in the COM1 Properties dialog box as follows:
z Bits per second = 9600
z Data bits = 8
z Parity = None
z Stop bit = 1
z Flow control = None
Click OK and the HyperTerminal dialog box appears.
4-2
Page 26
Figure 4-4 Define port parameters
Powering Up the V100-E
Checking before power-up
Check the following issues before powering up the V100-E:
z Both the power cord and the PGND cable are correctly connected.
z The voltage of the power supply matches the requirements.
z The console cable is correctly connected. The console terminal (or PC) has been started and the
associated parameters have been set on it.
Before powering on the V100-E, locate the power switch so that you can disconnect the power supply in
time in case of an emergency.
Powering up the V100-E
z Turn on the site power.
z Turn on the power switch of the V100-E.
Checking after power-up
After the V100-E is powered up, please check:
4-3
Page 27
z The ventilation system works normally. You can hear that the fans are working and feel the flow of
the air.
z The LEDs on the front panel are normal. Refer to LEDs for the LED description.
z The console terminal display is correct. After powering up the V100-E, you can see the startup
window on the console terminal (see
you are prompted to press Enter. When the prompt <H3C> appears, the system is ready for your
configuration.
Booting Process
After being powered up, the V100-E first runs the Boot ROM program. The terminal screen displays the
following system information.
The contents displayed on the terminal may vary with Boot ROM versions.
Booting Process). After the startup (or power-on self-test),
**************************************************
* *
* H3C SecPath Series Gateway BOOTROM Version 1.27*
* *
**************************************************
Copyright(C) 2004-2007 by Hangzhou H3C Technologies Co.,Ltd.
Compiled at Wed Oct 31 10:33:08 CST 2007
Testing memory...OK!
512M bytes DDR SDRAM Memory
16M bytes Flash Memory
Hardware Version is 2.0
CPLD Version is 1.0
Press Ctrl-B to enter Boot Menu
Press Ctrl + B right now and the system will enter the Boot menu. Otherwise, the system starts to read
and decompress the application program.
To enter the Boot menu, you need to press Ctrl + B within three seconds after the prompt information
“Press Ctrl-B to Enter Boot menu...” appears.
The terminal screen gives this information when the system starts decompression and initialization:
System is self-decompressing.....................
4-4
Page 28
System is starting...
User interface Con 0 is available.
Press ENTER to get started
Press Enter, and the system displays (if login authentication is not enabled):
<H3C>
Now the V100-E has entered user view and is ready for your configuration.
Configuration Fundamentals
Basic Configuration Procedures
Following are the basic steps that you can follow to configure the V100-E.
Step1 Figure out detailed networking requirements, including networking objectives, the role of the V100-E in
the network, transmission medium, security policy, and network reliability.
Step2 Draw a networking topology based on the requirements.
Step3 Configure IP addresses for the interfaces on the V100-E.
Step4 Configure routes, and if a dynamic routing protocol is enabled, set parameters for the protocol.
Step5 Configure security features as required.
Step6 Configure reliability features as required.
For more information on the configuration of protocols and functions for the V100-E, see the H3C
SecPath Series Security Products Operation Manual.
Command Line Interface
Characteristics of CLI
The CLI of the V100-E enables you to configure, manage, and maintain the V100-E.
The CLI provides the following functions:
z Configure the device locally through the console port.
z Perform local or remote configuration and directly log in to and manage other devices by using the
telnet command.
z Get online help whenever you enter ”?”.
z Test network connectivity quickly with network diagnostic tools, such as tracert and ping.
z Have detailed debugging information for troubleshooting your network.
z Enter the conflict-free keyword portion instead of the whole command, because the CLI supports
command prompting. For example, you simply need to enter “dis” for the display command.
CLI
In system view, all the commands are put into groups for the convenience of management, each being
associated to a view. For details, see H3C SecPath Series Security Products Operation Manual. You
can switch between the views by executing corresponding commands. In general, only certain
commands can be executed in a particular view. However, some commonly used commands, such as
ping and display current-configuration, and interface can be executed in any view.
4-5
Page 29
5 Maintaining Software
The V100-E manages three types of files:
z Boot ROM program files
z Application program files
z Configuration files
Software maintenance mainly involves upgrading/downloading Boot ROM/application program files
and uploading/downloading configuration files.
Boot Menu
This section introduces the Boot menu that you use in maintaining the software of the V100-E.
Set up a configuration environment (see
system prompts “Press Ctrl-B to enter Boot menu”. Then the system displays:
Please input Boot ROM password :
z Press Ctrl + B within three seconds to access the Boot menu after the prompt “Press Ctrl-B to
Enter Boot menu...” appears. Otherwise, the system starts decompressing the program.
z If you want to access the Boot menu after the system starts decompressing the program, you need
to reboot the V100-E.
Type the correct password and press Enter (If no Boot ROM password has been set, just press Enter).
The system accesses the Boot menu shown as follows:
Figure 4-1) and then boot the V100-E. Press Ctrl + B when the
Boot menu on the V100-E
Boot Menu:
1: Download application program with XMODEM
2: Download application program with NET
3: Display file in flash
4: Delete file from flash
5: Start up and ignore configuration
6: Enter debugging environment
7: Boot Rom Operation Menu
8: Do not check the version of the software
9: Exit and reboot
Enter your choice(1-9):
Further description is given for the option 8:
5-1
Page 30
If you fail to upgrade the software and the system prompts “invalid version” although you use the correct
software version, you can select this option to ignore the version check during software upgrade. Note
that this option works only once when you select it. The system resumes version check after you reboot
the V100-E.
Boot ROM operation menu of the V100-E
As mentioned previously, you can select 7 in the Boot menu to enter the Boot ROM operation menu as
follows:
Boot ROM Operation Menu:
1: Download Boot ROM with XModem
2: Download Extended Segment of Boot ROM with XModem
3: Restore Extended Segment of Boot ROM from FLASH
4: Backup Extended Segment of Boot ROM to FLASH
5: Exit to Main Menu
Enter your choice(1-5):
The menu provides approaches to upgrade, back up, and restore the Boot ROM program. See
Upgrading Application and Boot ROM Using XMODEM and Backing Up and Restoring the Extended
Segment of the Boot ROM for details.
You are recommended to upgrade the software under the guidance of technical support engineers.
When upgrading the V100-E, make sure that the version of the Boot ROM software is consistent with
the application program.
Upgrading Application and Boot ROM Using XMODEM
You can use XMODEM to upgrade the software through the console port even without setting up a
configuration environment.
Upgrading the application program
Step1 Enter the Boot menu and select 1 to download an application program using XMODEM. These
download speeds are available on the V100-E:
Downloading application program from serial ...
Please choose your download speed:
1: 9600 bps
2: 19200 bps
3: 38400 bps
4: 57600 bps
5: 115200 bps
6: Exit to Main Menu
Enter your choice(1-6):
Step2 Select an appropriate downloading speed (for example, 115200 bps by entering 5).
5-2
Page 31
Download speed is 115200 bps. Change the terminal's speed to 115200 bps, and select XModem
protocol. Press ENTER key when ready.
Step3 Change your terminals baud rate (see Figure 4-4) to the same baud rate for software downloading
(115200 bps in this example). After that, disconnect the terminal ([Dial-in/Disconnect]), reconnect it
([Dial-in/Dialing]), and press Enter to start downloading. Then the system displays:
Downloading ... CCCCC
The new baud rate takes effect only after you disconnect and reconnect the terminal emulation
program.
Step4 Select Transmit > Send File in the HyperTerminal window. The following dialog box pops up:
Figure 5-1 Send File dialog box
Step5 Click Browse…, select the application file to be downloaded, set protocol to XMODEM, and click Send.
The following interface pops up:
Figure 5-2 Sending File interface
5-3
Page 32
Step6 After completing the downloading, the system begins writing data to the Flash memory and then
displays the following information in the terminal window, indicating the completion of the downloading:
XModem download completed, Packet length 8790321 bytes.
System file length 7868992 bytes, http.zip file length 921329 bytes.
Writing file flash:/system to FLASH...
Please wait, it may take a long time
################################################
Writing into Flash Succeeds.
Writing file flash:/http.zip to FLASH...
Please wait, it may take a long time
################################################################################
#########
Writing into Flash Succeeds.
Please use 9600 bps.Press <ENTER> key to reboot the system.
Restore the speed of the console terminal to 9600 bps as prompted, and then disconnect and reconnect
the terminal. The system boots normally.
Upgrading the entire Boot ROM program
Step1 Enter the Boot menu, and select 7 to enter the Boot ROM operation menu.
Step2 Select 1 in the Boot ROM operation menu to download the Boot ROM program using XMODEM. The
subsequent operation steps are the same as those upgrading the application program.
If you fail to upgrade the entire Boot ROM program, you cannot restore it on site. Therefore, you can
only upgrade the entire Boot ROM program under the direction of technical support engineers and
when it is urgently necessary.
Upgrading the extended segment of the Boot ROM program
Step1 Enter the Boot menu, and select 7 to enter the Boot ROM operation menu.
Step2 Select 2 in the Boot ROM operation menu to download the extended segment of Boot ROM with
XMODEM. The subsequent operation steps are the same as those for upgrading the application
program.
This upgrade approach is used to upgrade only a portion of the Boot ROM program, so you may make
a second attempt once an error occurs.
5-4
Page 33
Backing Up and Restoring the Extended Segment of the Boot ROM
Backing up the extended segment to Flash memory
Follow these steps to back up the Boot ROM program.
Step1 Enter the Boot menu, and select 7 to enter the Boot ROM operation menu.
Step2 Select 4 in the Boot ROM operation menu to copy the current extended segment of the Boot ROM
program to the Flash memory.
Backup Extended Segment, are you sure?[Y/N]
Step3 Enter Y and the system starts backing up the extended segment.
If the backup attempt is successful, the following message appears:
Writing to FLASH.Please wait...####
Backuping Boot ROM program to FLASH successed!
Step4 When the Boot ROM operation menu appears again, select 5 to exit and reboot the V100-E.
Restoring the extended segment from the Flash memory
If faults occur to the extended segment of the Boot ROM program or you upgrade it by mistake, you can
restore the extended segment saved in the Flash memory to the Boot ROM following these steps:
Step1 Enter the Boot menu, and select 7 to enter the Boot ROM operation menu.
Step2 Select 3 in the Boot ROM operation menu to restore the extended segment of the Boot ROM program
from the Flash memory. The system displays the following message:
Restore Extended Segment, are you sure?[Y/N]
Step3 Enter Y and the system starts backing up the extended segment.
If the restoration is successful, the system displays:
Writing to Boot ROM.Please wait...######
Restoring Boot ROM program successed!
Step4 When the Boot ROM operation menu appears again, select 5 to exit and reboot the V100-E.
Upgrading the Application Program Using TFTP
The application program is downloaded using TFTP through the Ethernet interface. In this case, the
V100-E acts as the client and must be connected to the TFTP server through one of its fixed Ethernet
interfaces.
The TFTP server program is not shipped with the V100-E. You need to purchase and install it by
yourself.
The V100-E can only act as the TFTP client, so you can only upgrade the application program using
TFTP in these steps:
1) Start the TFTP server.
5-5
Page 34
Start the TFTP server on the PC connected to the Ethernet interface on the V100-E and set the path to
the file to be downloaded.
2) Configure the V100-E
Step1 Boot the V100-E and enter the Boot menu (refer to
Boot Menu for details). Select 2 to enter the Net Port
Download Menu shown as follows:
Net Port Download Menu:
1: Change Net Parameter
2: Download From Net
3: Exit to Main Menu
Enter your choice(1-3): 1
Step2 Select 1 in the Net Port Download Menu to set parameters for the Ethernet interface on the V100-E
(including the interface in use, IP address and subnet mask of the interface) and parameters for the
TFTP server (including IP address of the Ethernet interface on the TFTP server and the name of the
application program).
Change Download parameter
Download device : ETH0/3
Download file(Max 60 char) :system
IP address of ETH0/3 :192.168.1.15
Subnet mask for ETH0/3 :255.255.255.0
IP address of the server :192.168.1.10
IP address of the gateway :10.110.95.117
z The upgrade should be performed through interface ETH0/3 on the V100-E.
z The IP address of the server field must be set to the IP address of the TFTP server connected to
the Ethernet interface on the V100-E.
z You are recommended to configure the IP addresses of the network interface on the TFTP server
and that of the ETH0/3 on the V100-E into the same network segment.
Step3 After you input the last parameter value, the system displays the following message and returns to the
Net Port Download Menu:
Saving config, please wait...OK!
Net Port Download Menu:
1: Change Net Parameter
2: Download From Net
3: Exit to Main Menu
Enter your choice(1-3): 2
3) Download application program using TFTP
Select 2 to download the application program through TFTP. The system displays the following
message:
Starting the TFTP download...
........................................................................................
.........
5-6
Page 35
TFTP download completed, Packet length 8790321 bytes.
System file length 7868992 bytes, http.zip file length 921329 bytes.
Writing file flash:/system to FLASH...
Please wait, it may take a long time
####################################################################
Writing into Flash Succeeds.
Writing file flash:/http.zip to FLASH...
Please wait, it may take a long time
################################################################################
#########
Writing into Flash Succeeds.
Uploading/Downloading Applications/Files Using FTP
The H3C SecPath series security gateway offers FTP server function, which provides you another way
of updating configuration files, and upgrading application and Boot ROM program. You only need to
connect a FTP client, local or remote, to the V100-E. When you pass the authentication, you can upload
and download configuration files or applications.
Upload: Transfer files from PCs running FTP client to the V100-E, namely the put operation.
Download: Transfer files from the V100-E to PCs running FTP client, namely the get operation.
Setting up upload/download environment
z Setting up the local upload/download environment
Figure 5-3 Set up the local upload/download environment
Step1 Connect the PC to the Ethernet port of the V100-E.
Step2 Configure the IP address of the Ethernet port of the V100-E. Here suppose it is 10.110.10.10.
Step3 Configure the IP address of the PC. Here suppose it is 10.110.10.13.
5-7
Page 36
Step4 Copy the application, Boot ROM program or configuration files to a specific path. Here suppose the path
is C:\\ version.
The network port IP address of the PC must be in the same network segment with that of the Ethernet
port of the V100-E.
z Setting up the remote upload/download environment
Figure 5-4 Set up the remote upload/download environment
Step1 Connect the PC through WAN to any interface of the V100-E. The IP addresses of the PC and the
V100-E can be in different network segments.
Step2 Copy the application, Boot ROM program or configuration files to a specific path. Here suppose the path
is C:\\ version.
Booting FTP server
Ask the technical personnel at the V100-E side to make the following configuration:
Step1 Configure the authentication mode.
You can perform AAA authentication configuration as needed. See the AAA and RADIUS configuration
part in the H3C SecPath Series Security Products Operation Manual for details.
Step2 Add the username and password.
[VPNGateway] local-user VPNGateway
VPNGateway is the username.
Step3 Add the password.
[VPNGateway-luser-vpngateway] password simple 123
Step4 Add the service type and specify the FTP directory.
[VPNGateway-luser-vpngateway] service-type ftp ftp-directory flash:
5-8
Page 37
Step5 Add an authority level.
[VPNGateway-luser-vpngateway] level 3
Step6 Enable the FTP server.
[VPNGateway] ftp-server enable
After the above operation, the FTP server is enabled on the V100-E, and a user is set. Then, any FTP
client program can access FTP server using this user name and password.
Uploading/downloading application, configuration files and uploading Boot ROM program
Step1 Enter the path of the files or applications in DOS window, perform FTP command, and create the FTP
connection to the V100-E, for example:
C:\version\ftp 10.110.10.10
If the connection is set up, the system displays the following message (taking Windows XP as an
example):
Connected to 10.110.10.10
220 FTP server ready on SecPath Gateway at
User(10.110.10.10:(none)):
Step2 Access FTP server using the configured user name and password.
User(10.110.10.10:(none)): VPNGateway
331 Password required for ftp
Password:
230 User ftp logged in
ftp>
At the prompt of ftp>, you can upload or download files.
Step3 Upload/download applications, configuration files, or upload Boot ROM programs.
By default, the application name of the V100-E side is system, the filename is config.cfg, Boot ROM
filename extension is bootrom, and the entire Boot ROM filename is bootromfull.
z Upload application, Boot ROM program, or configuration files.
ftp> put
local file
remote file
After the upload, at the prompt of “ftp>”, you can input dir to view the filenames and file sizes on the
V100-E. If the upload succeeds, the size of the configuration file is the same as that of the file on the
host.
5-9
Page 38
z When using FTP to upgrade the application program, make sure that the V100-E has enough flash
memory. If the memory is not enough, you need to use the delete /unreserved command to
permanently delete old version files or other files to save the memory space; otherwise, new files
cannot be uploaded.
z After uploading Boot ROM program using the put command, read the bootrom/bootromfull
program from Flash root directory using the upgrade bootrom [ full ] command, and write it into
Boot ROM to complete Boot ROM upgrade.
z After uploading the application program into the flash memory, you need to rename the program
file to “system” to make the program take effect at next startup.
z After uploading configuration files into the flash memory, you need to rename the file to “config.cfg”
to make the files take effect at next startup of the system, or use the startup saved-configuration
command to set the configuration files used for next startup.
z Download application or configuration files
ftp> get
remote file
local file
After the upload/download, quit the FTP client program.
ftp>quit
Detaching the Web file
When the downloading using FTP is completed, the Web file is included in the application program. You
need to detach it from the application program using the detach command.
<SecPath> detach system
System file length 7856557 bytes, http file length 834724 bytes.
<SecPath> dir
Directory of flash:/
0 -rw- 8691281 Jun 16 2009 06:46:36 system
1 -rw- 1830 Jun 17 2009 07:47:16 config.cfg
2 -rw- 834724 Jun 18 2009 02:22:39 http.zip
If the Web file is not included, the system gives the corresponding prompt. The Web file name defaults
to http.zip.
Modifying Boot ROM Password
You can use the Boot menu of the V100-E to change the Boot ROM password.
Start the V100-E. When “System starts booting” appears on the configuration terminal, press Ctrl + D,
and then the system prompts:
Please input Boot ROM password :
5-10
Page 39
z To enter the Boot menu, you must press Ctrl + D within three seconds after the “System starts
booting” prompt appears on the configuration terminal; otherwise, the system starts
decompressing the program.
z You need to restart the V100-E if you want to enter the Loader menu after entering the Boot ROM
extended segment.
After entering the correct password, press Enter to enter the Boot menu (press Enter directly if the
password is not set), and the system displays the information as follows:
Boot Menu:
1: Download Boot ROM with XModem
2: Download Extended Segment of Boot ROM with XModem
3: Modify Boot ROM password
4: System booting from Flash
5: Do not check the version of Extended Segment of Boot ROM
6: Exit and reboot
Enter your choice(1-6):
Following is the description on the options of Boot menu:
1: Download Boot ROM with XMODEM
2: Upgrade the extended segment of Boot ROM with XMODEM
3: Modify Boot ROM password
4: Boot the system from flash (This option requires backing up the extended segment of Boot ROM in
flash, refer to
Backing up the extended segment to Flash memory for details.)
5: Do not check the software version of extended segment of Boot ROM (This option is used for
backward compatibility of version upgrade. When the software version is correctly adopted for software
upgrade, but you still cannot operate successfully, the system prompts “invalid version”. At this time,
select this option to cancel the version checking for version upgrade. However, this option can function
only once, the version checking is restored after restarting the V100-E.)
6: Exit from the Loader menu and restart the V100-E.
Select 3 in the Boot menu to change the Boot ROM password, and the system prompts:
Modify Boot ROM password, are you sure?[Y/N]y
Please input new password(Max 32 char) :
Retype the new password(Max 32 char) :
Saving the password... Success!
The password can contain up to 32 characters.
5-11
Page 40
Resetting a Lost Password
Please contact support technicians if your Boot ROM password or user password of the V100-E is lost.
Then you can get assistance to log in to the V100-E again and set a new password.
5-12
Page 41
6 Maintaining Hardware
Preparing Tools
z Phillips screwdrivers
z Flat-blade screwdrivers
z ESD-preventive wrist straps
z Antistatic bags
None of the above installation tools are shipped with the device.
Opening the Chassis Cover
Follow these steps to open the chassis cover of the V100-E:
Step1 Power off the device and unplug the power cord.
Step2 Unplug all interface cables from the front panel while keeping the ground cable connected.
Step3 Put the device on a table with the rear panel facing you. Remove all the fastening screws on the rear
panel and both sides of the device with a Phillips screwdriver.
Step4 Lift the front of the cover to separate the front part from the chassis bottom.
Step5 Draw the cover toward you to separate the cover from the front panel and then put the removed cover
away.
Figure 6-1 shows how to open the chassis cover.
Figure 6-1 Open the chassis cover
(1)
(2)
(1)
(1) Remove six screws from these places (2) Pull the cover out
6-1
(1)
Page 42
z Replace the hardware of the V100-E only when necessary and under the guidance of technical
engineers.
z Do not remove the H3C tamper-proof seal on the chassis cover of the device without permission. If
you want to open the chassis, contact your sales agent for permission. Otherwise, H3C shall not be
held liable for any consequence caused thereby.
z Make sure that all power supplies have been disconnected from the V100-E before performing
hardware maintenance on it. Otherwise, you may get injured through an electric shock and the
device may be damaged.
z Always wear an ESD-preventive strap and ensure a good skin contact when maintaining the device
hardware.
z Use the memory module provided by H3C only. The device may not be compatible with other
memories.
Installing and Removing a DDR SDRAM
The V100-E is equipped with three types of storage devices:
z DDR SDRAM: Stores the running programs
z Flash memory: Stores the programs and configuration files of the V100-E
z Boot ROM: Stores the boot and initialization programs of the V100-E
Hardware maintenance mainly involves replacing the DDR SDRAM.
Figure 6-2 presents the procedure of replacing a memory module.
Figure 6-2 Memory replacement flowchart
Start
Prepare the tools
Remove the
chassis cover
Locate the DDR
SDRAM
Remove the old
DDR SDRAM
Install a new
DDR SDRAM
Install the
chassis cover
End
6-2
Page 43
Memory modules are removable components on the main board. You may need to replace a DDR
SDRAM or expand it in the following situations:
z More memory is needed to upgrade the application program.
z The V100-E needs to maintain a large routing table or support memory-demanding operations.
Upon starting up the V100-E, the system displays:
**************************************************
* *
* H3C SecPath Series Gateway BOOTROM Version 1.27*
* *
**************************************************
Copyright(C) 2004-2007 by Hangzhou H3C Technologies Co.,Ltd.
Compiled at Wed Oct 31 10:33:08 CST 2007
Testing memory...OK!
512M bytes DDR SDRAM Memory
16M bytes Flash Memory
Hardware Version is 2.0
CPLD Version is 1.0
Press Ctrl-B to enter Boot Menu
The information indicates the memory size of the V100-E.
There is a limit on the times that you can install a memory module in the memory bank.
Locating the DDR SDRAM on the Main Board
When removing or installing a DDR SDRAM, make sure to identify the type of main board and the exact
position of the DDR SDRAM. See the following table for the types of the memory used in the V100-E
and the configuration information:
Table 6-1 Specification of the V100-E memory
Item Specification
Memory type DDR SDRAM
Max memory size per memory bank 256 MB
Max memory size per device 512 MB
Figure 6-3 illustrates the location of the DDR SDRAM on the main board.
6-3
Page 44
Figure 6-3 Location of the DDR SDRAM on the main board
Each DDR SDRAM has one positioning recess at its bottom for correct orientation. When installing a
DDR SDRAM into a memory bank, press the positioning recess into the pin in the bank.
Removing a DDR SDRAM
Follow these steps to remove the DDR SDRAM of the V100-E:
Step1 Locate the DDR SDRAM on the main board.
Step2 Pull the release latches away from the DDR SDRAM at both ends so that the memory is lifted from the
memory bank.
Figure 6-4 Remove the DDR SDRAM
Step3 Hold the DDR SDRAM by its non-conductive edge and separate it from the bank. Place the removed
memory module in an antistatic bag in view of protection.
6-4
Page 45
z Hold the memory module only by its non-conductive edge. Because a memory module is
vulnerable to ESD, improper operation may cause damage to it.
z Do not use too much force in the operation.
z Do not touch the surface-mounted components of the memory module directly with your hands.
Install a DDR SDRAM
Follow these steps to install a DDR SDRAM:
Step1 Locate the position to install the DDR SDRAM.
Step2 Hold the memory by its non-conductive edge and insert it into the bank.
Step3 Firmly press the memory and press the latches to lock the DDR SDRAM in position.
Installing the Chassis Cover
Follow these steps to install the chassis cover:
Step1 Place the V100-E on a table with its front panel forwards.
Step2 Hold the chassis cover and align the small tabs on the cover with the edges of the bottom of the chassis.
Step3 Push the cover until the tabs on the cover and the tabs on the top of the front panel are engaged.
Step4 Lower the chassis cover onto the chassis bottom, engaging the tabs on the cover with the tabs on the
top of the side panels.
Figure 6-5 shows how to install the chassis cover.
Figure 6-5 Install the chassis cover
(2)
(1)
(2)
(1) Push the cover forwards (2) Fasten six screws at these places
Step5 Fasten the six screws to fix the chassis cover.
Installing and Removing MIMs
Refer to MIM Modules.
(2)
6-5
Page 46
7 Troubleshooting
Troubleshooting PSU
1) Symptom
The power LED (PWR) is always off.
2) Solution
Check whether:
z The power switch of the V100-E is turned on.
z The site power supply is turned on.
z The power cord is properly connected.
z The required power supply is used.
Do not hot-swap the power cable. If the PWR LED is still off after you have checked the above items,
contact the agent.
Troubleshooting the Configuration System
If the V100-E operates normally after being powered up, the console terminal displays booting
information; if the system fails, the console terminal displays nothing or just illegible characters.
No Display on the Terminal Screen
1) Symptom
The console terminal displays nothing on the screen after the V100-E is powered on.
2) Solution
Step1 Check whether:
z The PSU operates normally.
z The console cable is connected correctly.
Step2 If no problem is found, examine the parameters configured at the terminal (such as HyperTerminal), or
check the console cable.
Illegible Characters on the Terminal Screen
1) Symptom
The console terminal displays illegible characters on the screen after the V100-E is powered on.
2) Solution
Confirm the parameters configured at the terminal (such as HyperTerminal):
7-1
Page 47
z Bits per second = 9600
z Data bits = 8
z Parity = none
z Stop bits = 1
z Flow control = none
z Emulation = VT100
Reset them if they are not set to these values.
Troubleshooting Application Upgrading
Fault 1
1) Symptom
Boot the V100-E, upgrade Comware software using TFTP, and the system displays the following:
Net Port Download Menu:
1: Change Net Parameter
2: Download From Net
3: Exit to Main Menu
Enter your choice(1-3): 2
Starting the TFTP download...
Failed to connect the tftp server!!
Please check the network setting!!
2) Solution
The above symptom may be caused by either of the two problems:
z The TFTP server program does not run.
z The Ethernet is not connected properly.
Run the TFTP server program on the system, confirm that the IP address is set correctly and the
network cables are connected.
Fault 2
1) Symptom
Boot the V100-E, upgrade Comware software using TFTP, and the system displays the following:
Net Port Download Menu:
1: Change Net Parameter
2: Download From Net
3: Exit to Main Menu
Enter your choice(1-3): 2
Starting the TFTP download...
Failed to find the updated file
Please check the network setting!!
2) Solution
The above symptom is caused by either of the two problems:
7-2
Page 48
z The downloaded files are not available.
z The paths of the files are not correct.
Confirm that the files to be downloaded are under the path specified by the TFTP server.
Fault 3
1) Symptom
Boot the V100-E, upgrade Comware software using TFTP, and the system displays the following:
Net Port Download Menu:
1: Change Net Parameter
2: Download From Net
3: Exit to Main Menu
Enter your choice(1-3): 2
Starting the TFTP download...
The downloaded software is not a valid version.
Please download the correct version.
2) Solution
The above problem is caused by the wrong version of the download program, so the program cannot
pass the version authentication. Confirm that the program version is correct.
The barcodes stuck on the V100-E chassis and interface cards contain information about production
and servicing. Before you return a faulty V100-E for servicing, please provide the barcode information of
the V100-E to your local sales agent.
7-3
Page 49
8 MIM Modules
MIM Options
Currently the V100-E supports these types of MIMs:
z 1-port 10Base-T/100Base-TX FE interface module (1FE)
z 2-port 10Base-T/100Base-TX FE interface module (2FE)
z 4-port 10Base-T/100Base-TX FE interface module (4FE)
z 1-port 10Base-T/100Base-TX/1000Base-T Ethernet interface module (1GBE)
z 2-port 10Base-T/100Base-TX/1000Base-T Ethernet interface module (2GBE)
z 1-port 1000Base-LX/1000Base-SX Ethernet interface module (1GEF)
z 2-port 1000Base-LX/1000Base-SX Ethernet interface module (2GEF)
z High-performance network data encryption module (HNDE)
Installing and Removing an MIM
There is a shield finger on the front panel of the MIM module, which provides electromagnetic shielding
for the V100-E. You need to keep the shield finger intact when replacing the module. Do not remove the
shield finger.
Before installing MIMs, read
Tools
ESD-preventive wrist strap
Installing an MIM
Installation Preparations carefully.
Before performing any of the following operations, make sure you have completely powered down the
V100-E to avoid getting electric shocks.
Follow these steps to install an MIM:
Step1 Place the V100-E with its front panel facing you.
Step2 Turn off the site power and remove the power cord.
8-1
Page 50
Step3 Select a slot and push the MIM into the chassis until it is fully seated in the slot and its front panel is flush
with the front of the chassis.
Step4 Tighten the captive screws to secure the MIM.
Step5 Power up the V100-E and check the state of the ACT LED for the slot on the V100-E. Blinking means
the MIM is installed correctly.
Figure 8-1 Install the MIM I
Figure 8-2 Install the MIM II
Removing an MIM
Follow these steps to remove an MIM:
Step1 Place the V100-E with its front panel facing you.
Step2 Turn off the site power and remove the power cord.
Step3 Remove all interface cables from the front of the chassis.
Step4 Loosen the captive screws at both sides of the MIM.
Step5 Pull the MIM towards you until it is completely separated from the bottom of the chassis.
z If you do not install a new MIM in the slot, install a blank panel to prevent dust from entering the
chassis.
z Do not operate at MIMs near the passageway to avoid accidents to the unit or the removed MIMs.
8-2
Page 51
Troubleshooting an MIM
You can read the LEDs on the MIM panel to check for the MIM installation.
If the MIM on the V100-E does not operate normally, check that:
z Correct interface cables are used.
z The interfaces are working well by reading the interface LEDs.
z The configurations on the MIM are validated by executing the display command.
1FE/2FE/4FE Module
Introduction
1-/2-/4-port 10Base-T/100Base-TX Fast Ethernet interface module (1FE/2FE/4FE) provides the
communications between the V100-E and a LAN.
The 1FE provides one 10/100 Mbps Ethernet interface with the RJ-45 connector, while the 2FE and
4FE can provide two and four. All of them support:
z The transmission distance of 100 meters (328 ft) over the category-5 twisted-pair cable.
z The operating rates of 100 Mbps and 10 Mbps, with autosensing.
z Full duplex (commonly used) and half duplex.
Appearance
Appearance of the 1FE module
Figure 8-3 shows the 1FE module.
Figure 8-3 1FE module
Appearance of the 2FE module
Figure 8-4 shows the 2FE module.
8-3
Page 52
Figure 8-4 2FE module
Appearance of the 4FE module
Figure 8-5 shows the 4FE module.
Figure 8-5 4FE module
Interface Attributes
Table 8-1 shows the interface attributes of the 1FE, 2FE and 4FE modules.
Table 8-1 Interface attributes of the 1FE, 2FE and 4FE modules
Attribute 1FE module 2FE module 4FE module
Connector RJ-45
Number of connectors 1 2 4
Cable type Ethernet cable
Operating mode
Frame format
Full/half duplex
10/100 Mbps autosensing
Ethernet_II
Ethernet_SNAP
8-4
Page 53
Panel and Interface LEDs
Figure 8-6 shows the 1FE module panel.
Figure 8-6 1FE module panel
Figure 8-7 shows the 2FE module panel.
Figure 8-7 2FE module panel
10/100BASE-TX
01
Figure 8-8 shows the 2FE module panel.
Figure 8-8 4FE module panel
Table 8-2 describes the LEDs on the 1FE/2FE/4FE module panel and how to read their state.
Table 8-2 LEDs on the 1FE/2FE/4FE module
LED Description
LINK OFF means no link is present; ON means a link is present.
ACTIVE/ACT
OFF means no packets are being transmitted or received on the interface;
blinking means packets are being transmitted/received on the interface.
Interface Cable
Ethernet cable
The FE modules use category-5 twisted-pair cables with RJ-45 connectors (see Figure 8-9). Pins 1 and
2 of the connectors are for transmitting data, and Pins 3 and 6 are for receiving data.
Figure 8-9 Ethernet cable
8-5
Page 54
Making an Ethernet cable
To make an Ethernet cable with RJ-45 connectors using a category-5 twisted-pair cable, refer to Figure
8-10. A category-5 twisted-pair cable is composed of eight wires that are identified and grouped by
colors of the outer insulator. Usually a solid color wire and a white/solid color wire are organized in pairs.
But sometimes, wires are also paired by color coded points.
Figure 8-10 Category-5 twisted-pair cable
Blue
Pair 1
White/blue
Orange
Pair 1
White/orange
Green
Pair 1
White/green
Brown
Pair 1
White/brown
Table 8-3 Straight-through cable pinout
Category-5
RJ-45 Signal
twisted-pair
cable
1 Tx+ White (orange)
2 Tx- Orange
3 Rx+ White (green)
Direction of
signal
→
→
←
RJ-45
1
2
3
4 –– Blue –– 4
5 –– White (blue) –– 5
6 Rx- Green
←
6
7 –– White (brown) –– 7
8 –– Brown –– 8
Table 8-4 Crossover cable pinout
Category-5
twisted-pair
cable
Direction of
signal
RJ-45
RJ-45
Direction of
signal
1 Tx+ White (orange)
2 Tx- Orange
3 Rx+ White (green)
→
→
←
3
6
1
4 –– Blue –– 4
5 –– White (blue) –– 5
6 Rx- Green
8-6
←
2
Page 55
Category-5
twisted-pair
cable
Direction of
signal
RJ-45
RJ-45
Direction of
signal
7 –– White (brown) –– 7
8 –– Brown –– 8
Ethernet cables are divided into two categories: straight-through and crossover.
z Straight-through cable: The sequences of the twisted pairs crimped in the RJ-45 connectors at both
ends are the same. It connects a terminal device (PC or router) to a HUB or LAN switch.
z Crossover cable: The sequences of the twisted pairs crimped in the RJ-45 connectors at both ends
are different. It connects a terminal device (PC or router) to another terminal device. You make
crossover cables by yourself.
In making network cables, shielded cables are preferred for the sake of electromagnetic compatibility.
Connecting the Interface Cable
Follow these steps to connect the interface cable:
Step1 Plug one end of the cable to an Ethernet port of the FE module on the V100-E and another end to the
desired device. (For a PC or router, use a crossover cable; for a hub or LAN switch, use a
straight-through cable.)
Step2 Power up the V100-E and check state of the LINK LED on the FE module. ON means a link is present.
OFF means no link is present and you should check the connection.
Read the mark of a port carefully before you connect it; a wrong connection can cause damages to the
interface module and even the device.
1GBE/2GBE Module
Introduction
1GBE and 2GBE are 10/100/1000Base-T electrical interface (RJ-45) modules, where GBE stands for
Gigabit Ethernet. 1GBE provides one interface and 2GBE provides two interfaces. They are designed
for the communication between the V100-E and the LAN.
The GBE modules support:
z The transmission distance of 100 meters (328 ft) over the category-5 twisted-pair cable.
z The operating rates of 1000 Mbps, 100 Mbps and 10 Mbps, with autosensing.
8-7
Page 56
z Full duplex.
Appearance
Appearance of the 1GBE module
Figure 8-11 1GBE module
Appearance of the 2GBE module
Figure 8-12 2GBE module
Interface Attributes
Table 8-5 shows the interface attributes of the 1GBE and 2GBE modules.
Table 8-5 Interface attributes of the 1GBE and 2GBE modules
Attribute 1GBE module 2GBE module
Connector RJ-45
Number of connectors 1 2
Interface type MDI/MDIX
Interface standards 802.3, 802.3u, 802.3ab
Cable type Ethernet cable
Operating mode
Full/half duplex auto-negotiation
10/100/1000 Mbps autosensing
Panel and Interface LEDs
Figure 8-13 and Figure 8-14 show the front panel of 1GBE and 2GBE respectively.
8-8
Page 57
Figure 8-13 Front panel of 1GBE
Figure 8-14 Front panel of 2GBE
Table 8-6 describes the LEDs on 1GBE and 2GBE modules.
Table 8-6 LEDs on 1GBE and 2GBE modules
LED Description
LINK
ACT
OFF means that no link is present.
ON means that a link is present on the interface.
OFF means that no data is being transmitted or received.
ON means that data is being transmitted or received.
Interface Cable
Ethernet cable
The 1GBE and 2GBE modules use the same Ethernet cable as the FE modules. For details, refer to
Ethernet cable.
Making an Ethernet cable
Refer to Making an Ethernet cable.
Connecting the Interface Cable
Follow these steps to connect the interface cable:
Step1 Plug one end of the cable to an Ethernet port of the GBE module on the V100-E and another end to the
desired device. (For a PC or router, use a crossover cable; for a hub or LAN switch, use a
straight-through cable.)
Step2 Power up the V100-E and check state of the corresponding LED on the V100-E. ON means that the
module has succeeded in the power-on self test (POST) and works normally. OFF means that the
module fails the POST. Contact your agent in the latter case.
Step3 Check the state of the LINK LED on the GBE module. ON means a link is present and OFF means no
link is present. Check the connection in the latter case.
8-9
Page 58
1GEF/2GEF Module
Introduction
1GEF and 2GEF modules are 1000Base-LX/1000Base-SX Ethernet optical interface modules, where
GE stands for Gigabit Ethernet and F stands for fiber. 1GEF and 2GEF can provide the communications
between the V100-E and a LAN.
The 1GEF and 2GEF modules support:
z Five types of 1000Base-LX/SX SFP optical transceivers, including short-distance multi-mode (850
nm) optical module, medium-distance single-mode (1310 nm) optical module, long-distance
single-mode (1310 nm) optical module, long-distance single-mode (1550 nm) optical module, and
ultra long-distance single-mode (1550 nm) optical module.
z The operating rate of 1000 Mbps.
z Full-duplex mode.
Appearance
Appearance of the 1GEF module
Figure 8-15 1GEF module
Appearance of the 2GEF module
Figure 8-16 2GEF module
Interface Attributes
Table 8-7 shows the interface attributes of the 1GEF and 2GEF modules.
8-10
Page 59
Table 8-7 Interface attributes of the 1GEF and 2GEF modules
Attribute 1FE module 2FE module
Connector SFP/LC
Number of connectors 1 2
Interface standards 802.3, 802.3u, 802.3ab
Optical
transmit
power
Multi-mode
Type
short
distance
(850 nm)
Min. –9.5 dBm –9 dBm –2 dBm –4 dBm –4 dBm
Single-mode
medium
distance
(1310 nm)
Single-mode
long
distance
(1310 nm)
Single-mode
long
distance
(1550 nm)
Single-mode
ultra-long
distance
(1550 nm)
Max. 0 dBm –3 dBm 5 dBm 1 dBm 2 dBm
Receive sensitivity –17 dBm –20 dBm –23 dBm –21 dBm –22 dBm
Central wavelength
Cable type
Max transmission
distance
Operating mode
850 nm 1310 nm 1310 nm 1550 nm 1550 nm
62.5/125 μm
multi-mode
550 m (0.34
miles)
9/125 μm
single-mode
10 km (6.21
miles)
9/125 μm
single-mode
40 km
(24.86
miles)
9/125 μm
single-mode
40 km
(24.86
miles)
Full duplex mode
1000 Mbps
9/125 μm
single-mode
70 km
(43.50
miles)
Use only the optical transceivers that have pass H3C authentication.
Panel and Interface LEDs
Figure 8-17 and Figure 8-18 show the front panel of 1GEF and 2GEF respectively.
Figure 8-17 Front panel of 1GEF
Figure 8-18 Front panel of 2GEF
Table 8-8 describes the LEDs on 1GEF and 2GEF modules.
8-11
Page 60
Table 8-8 LEDs on 1GEF and 2GEF modules
LED Description
LINK
ACT
Interface Cable
Ethernet cable
The 1GEF and 2GEF modules need to work with 1000Base-SX/1000Base-LX SFP optical transceivers
and optic fibers with LC-type connectors.
LC-type connectors are compact fiber-optical connecters with a latch mechanism developed by Lucent.
The optical fibers are optional accessories. To obtain these optical fibers, specify the SFP transceivers
when ordering an interface module.
OFF means that no link is present.
ON means that a link is present on the interface.
OFF means that no data is being transmitted or received.
ON means that data is being transmitted or received.
Connecting the Interface Cable
When connecting an optical fiber, observe that:
z The curvature radius should be not less than 10 cm (3.9 in).
z The Tx and Rx ends are correctly connected.
z The sectional surface of optical fibers should be clean and free from dust.
Laser is dangerous! Never stare into an optical fiber connectors directly.
Follow these steps to connect the optical fiber:
Step1 Install the optical transceiver in the SFP interface.
Step2 Distinguish between the Tx and Rx ports. Connect one end of an optical fiber in the Rx port of the optical
transceiver and the other end to the Tx port of the peer device. Use another optical fiber to connect the
Tx port of the optical transceiver and the Rx port of the peer device.
8-12
Page 61
Step3 Power up the V100-E and check state of the corresponding LED on the V100-E. ON means that the
module has succeeded in the POST and works normally. OFF means that the module fails the POST.
Contact your agent in the latter case.
Step4 Check the state of the LINK LED on the GEF module. ON means the Rx link is present and OFF means
no Rx link is present. Check the connection in the latter case.
HNDE Module
Introduction
High Network Data Encryption (HNDE) supports IPsec protocol, multiple hardware
encryption/de-encryption and hash algorithm to speed up the encryption of the IP packets, featuring
high-performance and high-reliability.
Insert HNDE module in the MIM slot of the SecPath Series Security Products. The main board forwards
the IP packets and implements the VPN with encryption feature which is complemented by encryption
card.
Interface Attributes
Table 8-9 Interface attributes of the HNDE module
Attribute Description
Protocol supported IPsec
Hardware algorithm
Panel and Interface LEDs
Figure 8-19 shows the HNDE module panel.
Figure 8-19 HNDE module panel
Table 8-10 LEDs on the HNDE module
Key algorithm (DES, 3DES, AES)
Authentication algorithm (HMAC-MD5-96, HMAC-SHA-1-96)
STATUS
ACTIVE
LED Description
ON (green): The HNDE module is powered on properly.
OFF: There is no power supply, damaged power supply, or sever hardware
failure.
OFF after flashing yellow for two seconds: Initialized the HNDE module.
Blinking continuously: The HNDE module operates normally and there is data
transmission with the host.
OFF: HNDE module runs normally and no data transmission exists with the
host.
8-13
Page 62
Troubleshooting the HNDE Module
1) Symptom 1: The STATUS LED stays off after turning on the V100-E.
Solution: The STATUS LED should stay solid on after powered on. The OFF status indicates that the
HNDE module or some hardware is not powered on properly. Check the connection of the power
supply.
If the device is powered on, the failure may due to the damaged power supply of the module, or
abnormal operation of CPLD (Complex Programmable Logic Device). In these circumstances, contact
our agents for support.
2) Symptom 2: The ACTIVE LED stays off when powering on the V100-E.
Solution: When powering up the device, the ACTIVE LED should flashing for two seconds before
turning off, which indicates the encryption processor of the HNDE module has been configured and is
ready for work. If the ACTIVE LED stays on when powering up the device, this means the initialization of
the processor fails and the system bus does not work normally. Check the connection between the
HNDE module and the host. If the connection is good, the abnormal status may due to the host or the
HNDE module, contact our agents for support.
3) Symptom 3: The ACTIVE LED stays on or off when the HNDE module is running.
Solution: The ACTIVE LED should be blinking when the HNDE module runs the encryption service. The
solid on or off indicates the system bus works abnormally. Check the connection between the HNDE
module and host. If the connection is good, the abnormal status may due to the host or the HNDE
module, contact our agents for support.
8-14
Page 63
Table of Contents
Appendix A Regulatory Compliance Information ···················································································· A-1
Regulatory compliance standards·········································································································· A-1
European Directives compliance ··········································································································· A-1
LVD/EMC Directive························································································································· A-1
WEEE Directive–2002/96/EC········································································································· A-2
USA regulatory compliance ···················································································································A-2
FCC Part 15···································································································································· A-2
FDA·················································································································································A-2
Canada regulatory compliance··············································································································A-2
ICES-003········································································································································A-2
Japan regulatory compliance················································································································· A-3
VCCI···············································································································································A-3
EN55022 / CISPR 22 Compliance········································································································· A-3
Appendix B Safety Information Sicherheits informationen安全信息······················································B-1
Overview Überblick 概述························································································································ B-1
Conventions Used Symbole Erläuterung应用惯例········································································· B-2
General Requirements Allgemeine Anforderungen通用要求························································· B-2
Power Cable Zuleitung电缆············································································································B-4
Laser Laser激光辐射 ······················································································································B-5
i
Page 64
Appendix A Regulatory Compliance Information
Regulatory compliance standards
Table A-1 Regulatory compliance standards
Discipline Standards
FCC Part 15 (CFR 47) CLASS A
ICES-003 CLASS A
VCCI-3 CLASS A
VCCI-4 CLASS A
CISPR 22 CLASS A
EMC
EN 55022 CLASS A
AS/NZS CISPR22 CLASS A
CISPR 24
EN 55024
EN 61000-3-2
EN 61000-3-3
UL 60950-1
CAN/CSA C22.2 No 60950-1
IEC 60950-1
Safety
EN 60950-1/A11
AS/NZS 60950
EN 60825-1
EN 60825-2
FDA 21 CFR Subchapter J
European Directives compliance
LVD/EMC Directive
These products comply with the European Low Voltage Directive 2006/95/EC and EMC Directive
2004/108/EC.
A copy of the signed Decl aration of Conformity can be downloaded from:
http://www.h3c.com/portal/Technical_Documents
A-1
Page 65
WEEE Directive–2002/96/EC
The products this manual refers to are covered by the Waste Electrical & Electronic Equipment (WEEE)
Directive and must be disposed of in a responsible manner.
USA regulatory compliance
FCC Part 15
These products comply with Part 15 of the FCC Rules. Operation is subject to the following two
conditions:
z This device may not cause harmful interference.
z This device must accept any interference received, including interference that may cause
undesired operation.
FDA
If the customer modifies the equipment without the authorization of H3C and 3Com, which directly or
indirectly contribute to the equipment incompliance with FCC requirements for Class A digital devices,
H3C is not liable for such interference problem and the expenses incurred therefrom shall be covered
by the customers.
This equipment has been tested and found to comply with the limits for a Class A digital device,
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference when the equipment is operated in a commercial environment. This
equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in
accordance with the instruction manual, may cause harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference in which case the
user will be required to correct the interference at his own expense.
These products conform to the applicable requirements of 21 CFR Subchapter J
Canada regulatory compliance
ICES-003
This Class A digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.
A-2
Page 66
Japan regulatory compliance
VCCI
These products comply with the requirements of VCCI Class A Information Technology Equipment
(ITE).
Warning: If this e quipment is used in a domestic environment, radi o disturbance may arise. When such
trouble occurs, the user may be required to take corrective actions.
EN55022 / CISPR 22 Compliance
These products comply with the requirements of EN55022/CISPR 22 for Class A Information
Technology Equipment (ITE).
Warning: If this equipment is used in a domestic e nvironment, radio disturbance may arise. When such
trouble occurs, the user may be required to take corrective actions.
A-3
Page 67
Appendix B Safety Information Sicherheits informationen 安全信息
Overview Überblick
This section introduces part of the safety precautions that should be followed during the in stallation and
maintenance of the equipment. And for the safety statements and warnings, there followed the
translations of both German and Chinese to comply with the national requirements.
Dieser Abschnitt macht Sie mit den Sicherheitsvorschriften vertraut, die Sie bei der Installation und
Instandhaltung der Ausrüstung beachten müssen.
本章节介绍了在安装、日常维护本系列设备时,必须遵循的安全预防规范。
Before any operation is performed, please read the operation instructions and precautions carefully to
minimize the possibility of accidents. The Note, Caution, Warning and Danger items in other manuals
do not cover all safety precautions that should be followed. They are only the supplements to the safety
precautions for operations as a whole. Therefore, the personnel in charge of the installation and
maintenance of the products are required to understand these basics of safety operation.
In performing various operations, please follow the local safety regulations. The safety precautions
introduced in the product manuals are supplementary and subject to the local safety regulations.
When various operations are executed on the products, the precautions and special safety instruction s
provided with the products must be followed to the full.
概述
Lesen Sie bitte alle Arbeitsanweisungen und Sicherheitvorschriften sorgfältig durch, bevor Sie mit dem
Arbeiten beginnen. Nur durch Beachtung dieser Hinweise lässt si ch das Unfall ri si ko minimie re n. Die in
anderen Handbüchern aufgeführten Symbole Anmerkung, Achtung, Warnung und Gefahr
beinhalten nicht alle zu beachtenden Sicherheitvorschriften. Sie dienen lediglich der Ergänzung.
Deshalb muss sich das für die Installation und Instandhaltung der A usrüstung verantwortliche Personal
mit allen Sicherheitshinweise vertraut machen.
Bei der Durchführung der verschiedenen Arbeitsschritte müssen außerdem die örtlichen
Sicherheitsvorschriften beachtet werden. Die in den Handbüch ern der einzelnen Produkte aufgef ührten
Sicherheitshinweise sind Ergänzungen und unterliegen den nationalen Sicherheitsvorschriften.
Während der Arbeit mit den Produkten sind deshalb grundsätzlich alle Sicherheitsvorschriften und
spezifischen Sicherheitshinweise genau zu beachten.
B-1
Page 68
为了避免可能发生的事故,请在进行任何操作前,仔细阅读设备操作手册和本章节的安全规范。手册中 出
现的说明、注意、警告、危险,不能涵盖所有的安全预防,仅仅是在整个操作过程中的安全提示和补充。
因此,负责安装和日常维护本设备的人员必须具备安全操作基本技能。
操作人员要按照当地的安全规范进行操作。出现在产品手册中的安全预防措施仅仅是当地安全规范的补
充。
在操作本设备时,请认真执行产品手册规定的安全规范。
Conventions Used Symbole Erläuterung 应用惯例
The symbols in this manual are shown in the following t able. They a re used to rem ind the rea der of the
safety precautions during equipment installation and maintenance.
Die Symbole in diesem Handbuch verwendeten sind in der folgenden Tabelle dargestellt. Diese
Symbole sollen das Personal während der Installation und Instandhaltung der Ausrüstung an die
Wichtigkeit der im Handbuch aufgeführten Sicherheitsvorschriften erin nern.
以下表格中的安全标识,是用来提示读者在进行设备安装和维护时的安全预防要求。
Table B-1 Safety symbol and description
Sicherheitssymbole und Beschreibung安全标识和描述
Safety Symbol
Symbole
安全标识
Generic alarm symbol: To suggest a general safety concern
Alarm: Hinweis auf ein generelles Sicherheitsproblem
一般注意标识:用于一般安全提示
ESD protection symbol: To suggest electrostatic-sensitive equipment.
ESD-Schutz: Hinweis auf Beschädigung infolge elektrostatischer Entladung
防静电标识:用于表示静电敏感的设备
Electric shock symbol: To suggest a danger of high voltage
Elektrischer Schlag: Hinweis auf Gefährdung durch Hochspannung
电击防护标识:用于表示高压危险
Laser symbol: To suggest a strong laser beam
Laser: Hinweis auf starken Laser
激光辐射标识:用于表示强激光辐射
Description
Erläuterung
描述
General Requirements Allgemeine Anforderungen 通用要求
In order to reduce the technically unavoidable residual risk to a minimum, it is imperative to follow the
rules below:
Um das technisch bedingte Restrisiko auf ein Minimum zu begre nzen, ist es unbedingt erfo rderlich, die
folgenden Regeln zu beachten:
B-2
Page 69
为了避免对人和设备造成伤害,请认真执行下列要求:
z Read all the instructions before operation.
z Lesen Sie alle Anweisungen sorgfältig durch, bevor Sie mit dem Arbeiten beginnen.
z 在进行操作前仔细阅读手册内容。
z When installing the unit, always make the ground connection first and disconnect it last.
z Beachten Sie, dass bei der Installation des Systems stets zuerst die Erdverbindung angebracht
wird und das die Erdverbindung stets als letztes getrennt wird.
z 进行设备安装时,必须确保接地连接是最先连接和最后断开。Do not block ventilation openings while
the system is on, and keep at least 5 cm distance from ventilation openings and walls or other
things which may block the openings(Is there any fan in these products?)
z Sorgen Sie dafür, dass die Öffnungen der Ventilation zu keinem Zeitpunkt verschlossen, verstopft
oder anderweitig blockiert sind. Zwischen den Ventilationsöffnungen und Wänden bzw. anderen
Gegenständen muss stets ein Abstand von mindestens 5cm bestehen.
z 设备在工作时必须确保通风口的畅通,确保设备离墙壁或是其它的可能堵塞通风口的物体的间距至
少 5cm。
z Never defeat the ground conductor or operate the equipment in the absence of a suitably installed
ground conductor. Contact the appropriate electrical inspection.
z Betreiben Sie die Ausrüstung niemals ohne Erdung. Trennen Sie das System nicht von der
Erdung.
z 不允许破坏设备的接地导线或是在无接地连接的情况下操作设备,要进行适当的电气检查。The
unit/system must be connected to the protection ground before operation. And the cross-sectio n of
2
protective earthing conductor shall be at least 1.0 mm
z Das System muss vor der ständigen Inbetriebnahme geerdet werden. Der Querschnitt der
2
Erdverbindung sollte mindestens 1.0mm
z 进行设备/系统操作前,请确保永久接地,并且用于进行保护接地连接的接地线截面不小于 1.0mm
z For AC supplied model: The device applies to TN power systems.
z Mit Wechselstrom betriebenes Modell: Das Gerät arbeitet mit einem Phase-Nullleiter-System.
z AC 电源输入:此设备用于 TN 电源系统。
z For DC supplied model: The device applies to DC power source that complies with the Safety
betragen.
2
。
Extra-Low Voltage (SELV) requirements in IEC 60950 based safety standards.
z Mit Gleichstrom betriebenes Modell: Das Gerät arbeitet mit Gleichstrom, wobei die Anforderung en
der Norm (IEC60950) für Schutzkleinspannung eingehalten werden müssen.
z DC 电源输入:设备使用满足 IEC60950安规标准的安全超低电压(SELV)电源。
z For AC supplied model: The plug-socket combination must be accessible at all times because it
serves as the main disconnecting device.
z Mit Wechselstrom betriebenes Modell: Der Netzstecker muss jederzeit leicht zugänglich sein.
z AC 供电:插座必须随时可用,因为它是主要的切断电源装置。
z Because These products has several power supplies, disconnect all of them to switch off the
device.
z Da das Gerät mehrere Energiequellen hat, ist es notwendig stets alle Verbindungen zu
unterbrechen, um den energiefreien Zustand zu erreichen.
z 因为设备存在多种电源输入,在关闭设备时确保切断所有电源连接。
z To prevent laser radiation from hurting your eyes, never stare into the open optical port.
z Nehmen Sie das Gerät nicht in Betrieb, solange das optische Fenster nicht geschlossen ist. Der
Laserstrahl kann zu Augenverletzungen führen.
z 为了避免光纤发出的高能量的激光光束伤害到视网膜,请不要直视光接口。
z These products may be powered by a DC RPS, if the Customer pwer source,but the DC RPS
pwer source must be supplied by H3C company
B-3
Page 70
z können durch eine DC RPS Energiequelle angetrieben werden, aber die DC RPS Energiequelle
muß von H3C geliefert werden.
z 设备可以使用 DC RPS 电源供电,如果用户希望使用 DC RPS 电源为设备供电,那么必须向杭州华
三通信技术有限公司购买指定型号的 DC RPS 电源。
Power Cable Zuleitung 电缆
Installation and removal of live power cable is prohibited strictly. Transi ent conta ct between the co re of
power cable and conductor may generate electric arc or spark or electric arc, which may lead to fire or
eye injury.
Das Entfernen und Anbringen von Zuleitungen ist strengstens verboten. Kurzschlüsse zwischen
innerem und äußerem Leiter können Lichtbögen oder Funkenflug verursachen, was zu Feuer oder
einer Augenverletzung führen kann.
禁止安装和移动带电的线缆。因为导电体和带电的线缆,即使短暂接触,也会引起电火花或电弧,从而
导致失火或是伤害眼睛。
z Before the power cable is installed or removed, the power switch must be turned off.
z Das System muss stets abgeschaltet werden, bevor die Zuleitung angebracht oder entfernt wird.
z 在安装、移动线缆之前,请切断电源。
z Before the power cable is connected, it must be confirmed that the power cable and label comply
with the requirements of the actual installation.
z Überprüfen Sie vor dem Anbringen der Zuleitung immer, ob das von Ihnen verwendete Kabel den
Anforderungen entspricht.
z 在进行线缆连接前,请确认线缆和线缆的标识与实际安装要求是一致的。
For DC power supplied equipment, please use 1.0 mm2 or 16 AWG minimum power supply cord.
2
For AC power supplied equipment, please use 1.0 mm
or 16 AWG minimum power supply cord.
B-4
Page 71
Für mit Gleichstrom betriebene Ausrüstung benutzen Sie bitte eine 1.0 mm2 oder 16 AWG Zuleitung.
Für mit Wechselstrom betriebene Ausrüstung benutzen Sie bitte eine 1.0 mm
DC 电源设备,请使用 1.0mm2或 16AWG 电缆;
AC 电源设备,请使用 1.0mm
Laser Laser 激光辐射
The laser hazard level of this equipment is Class 1.
2
oder 16 AWG Zuleitung.
2
或 16AWG 电缆。
Die von diesem Laser ausgehende Gefahr entspricht der Kateg orie 1.
本设备的激光防护等级是 1 类
When performing installation and maintenance operations of optical fibers, you should not stand close
to, or look into the optical fiber outlet directly with unaided eyes.
Während der Installation und Instandhaltung der optischen Fasern dürfen Sie nicht zu nahe am
Ausgang der optischen Fasern stehen und nicht ohne Augenschutz in die optischen Fasern sehen.
在安装和维护设备的光纤接口时,请不要把眼睛靠近或是直视这些光接口。
B-5
Loading...