The information in this document is subject to change without notice. The statements, configurations, technical data, and
recommendations in this document are believed to be accurate and reliable, but are presented without express or implied
warranty. Users must take full responsibility for their applications of any products specified in this document. The
information in this document is proprietary to Nortel Networks Inc.
Trademarks
Nortel, the Nortel logo, the Globemark, and Contivity are trademarks of Nortel Networks.
Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated.
Celeron and Intel are trademarks of Intel Corporation.
All other trademarks are the property of their respective owners.
Statement of conditions
In the interest of improving internal design, operational function, and/or reliability, Nortel Networks Inc. reserves the
right to make changes to the products described in this document without notice.
Nortel Networks Inc. does not assume any liability that may occur due to the use or application of the product(s) or
circuit layout(s) described herein.
USA requirements only
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
•This device may not cause harmful interference.
•This device must accept any interference received, including interference that may cause undesired operation.
Note: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a
residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and
used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no
guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try
to correct the interference by one or more of the following measures:
•Reorient or relocate the receiving antenna.
•Increase the separation between the equipment and receiver.
•Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
•Consult the dealer or an experienced radio/TV technician for help.
European requirements only
EN 55 022 statement
This is to certify that the Nortel Networks VPN Router 1010/1050/1100 is shielded against the generation of radio
interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by
the application of EN 55 022 Class B (CISPR 22).
NN46110-313 02.01
EC Declaration of Conformity
This product conforms (or these products conform) to the provisions of the R&TTE Directive 1999/5/EC.
Japan/Nippon requirements only
Denan statement
Voluntary Control Council for Interference (VCCI) statement (Class B)
3
Canada requirements only
Canadian Department of Communications Radio Interference Regulations
This digital apparatus (VPN Router 1010/1050/1100) does not exceed the Class B limits for radio-noise emissions from
digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.
Règlement sur le brouillage radioélectrique du ministère des Communications
Cet appareil numérique (VPN Router 1010/1050/1100) respecte les limites de bruits radioélectriques visant les appareils
numériques de classe B prescrites dans le Règlement sur le brouillage radioélectrique du ministère des Communications
du Canada.
Nortel Networks Inc. software license agreement
This Software License Agreement (“License Agreement”) is between you, the end-user (“Customer”) and Nortel
Networks Corporation and its subsidiaries and affiliates (“Nortel Networks”). PLEASE READ THE FOLLOWING
CAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE
SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE
AGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original shipping
container, within 30 days of purchase to obtain a credit for the full purchase price.
“Software” is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrighted
and licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content
(such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel
Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain no
rights other than those granted to you under this License Agreement. You are responsible for the selection of the
Software and for the installation of, use of, and results obtained from the Software.
1.Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software
on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable.
To the extent Software is furnished for use with designated hardware or Customer furnished equipment (“CFE”),
Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software
contains trade secrets and Customer agrees to treat Software as confidential information using the same care and
discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate.
Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement.
Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse
assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or
modifications unless expressly authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property
to Nortel Networks are beneficiaries of this provision. Upon termination or breach of the license by Customer or in the
event designated hardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or
certify its destruction. Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s
Software activation or usage levels. If suppliers of third party software included in Software require Nortel Networks to
include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect
to such third party software.
2.Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer,
Software is provided “AS IS” without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS
ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING,
BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to
provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in
such event, the above exclusions may not apply.
3.Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE
LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF,
OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL,
INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS),
WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR
USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN
ADVISED OF THEIR POSSIBILITY. The forgoing limitations of remedies also apply to any developer and/or supplier
of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not
allow these limitations or exclusions and, in such event, they may not apply.
4.General
a.If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks
Software available under this License Agreement is commercial computer software and commercial computer
software documentation and, in the event Software is licensed for or on behalf of the United States
Government, the respective rights to the software and software documentation are governed by Nortel
Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections
12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).
b.Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer fails
to comply with the terms and conditions of this license. In either event, upon termination, Customer must
either return the Software to Nortel Networks or certify its destruction.
NN46110-313 02.01
c.Customer is responsible for payment of any taxes, including personal property taxes, resulting from
Customer’s use of the Software. Customer agrees to comply with all applicable laws including all applicable
export and import laws and regulations.
d.Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.
e.The terms and conditions of this License Agreement form the complete and exclusive agreement between
Customer and Nortel Networks.
f.This License Agreement is governed by the laws of the country in which Customer acquires the Software. If
the Software is acquired in the United States, then this License Agreement is governed by the laws of the state
of New York.
This chapter explains how to get help for Nortel products and services.
Finding the latest updates on the Nortel Web site
The content of this documentation was current at the time the product was
released. To check for updates to the latest documentation and software for VPN
Router, go to:
www.nortel.com/support
Select Security & VPN and then, in the section called Virtual Private Networking
(VPN), IPSEC, and SSL, click the appropriate VPN Router product.
Getting help from the Nortel Web site
15
The best way to get technical support for Nortel products is from the Nortel
Technical Support Web site:
www.nortel.com/support
This site provides quick access to software, documentation, bulletins, and tools to
address issues with Nortel products. From this site you can:
•download software, documentation, and product bulletins
•search the Technical Support site and the Nortel Knowledge Base for answers
to technical issues
•sign up for automatic notification of new software and documentation for
Nortel equipment
Getting help over the phone from a Nortel Solutions
Center
If you do not find the information you require on the Nortel Technical Support
Web site, and you have a Nortel support contract, you can also get help over the
phone from a Nortel Solutions Center.
In North America, call 1-800-4NORTEL (1-800-466-7835).
Outside North America, go to the following Web site to obtain the phone number
for your region:
www.nortel.com/callus
Getting help from a specialist by using an Express
Routing Code
To access some Nortel Technical Solutions Centers, you can use an Express
Routing Code (ERC) to quickly route your call to a specialist in your Nortel
product or service. To locate the ERC for your product or service, go to:
www.nortel.com/erc
Getting help through a Nortel distributor or reseller
If you purchased a service contract for your Nortel product from a distributor or
authorized reseller, contact the technical support staff for that distributor or
reseller.
NN46110-313 02.01
Preface
The VPN Router 1010, 1050, and 1100 are part of the Nortel VPN Router system.
Nortel VPN Routers support secure, reliable IP VPNs in a single, integrated
hardware device. Throughout this guide, the VPN Router 1010, 1050, and 1100
are also referred to collectively as the gateway.
This guide provides instructions about how to install the VPN Router 1010, 1050,
and 1100 and about how to install and replace option cards in the VPN Router
1100. This guide also includes technical specifications.
For complete information about configuring and monitoring the VPN Router
1010, 1050, and 1100, see the documentation on the software CD. (For
information about VPN Router documentation, see “Related publications” on
page 19.)
Before you begin
17
This guide is intended for qualified service personnel who are installing the VPN
Router 1010, 1050, or 1100 for the first time or who need to install or replace an
option card in the VPN Router 1100.
Note: Before you install the VPN Router 1010, 1050, or 1100, use
standard cable system practices to install all network wiring on the
premises.
Indicates command names and options and text that
you need to enter.
Example: Use the
Example: Enter
Indicates system output, for example, prompts and
system messages.
Example:
Example: Choose Status > Health Check.
File not found.
show health command.
terminal paging {off | on}.
CSU/DSUchannel service unit/digital service unit
DIMMdual inline memory module
DTEdata terminal equipment
FRUfield replacement unit
IPInternet Protocol
ISDNIntegrated Services Digital Network
LANlocal area network
LEDlight emitting diode
LOSloss of signal
NN46110-313 02.01
MACmedia access control
MDI-Xmedium dependent interface crossover
OOFout of frame
PCIperipheral component interconnect
URLuniform resource locator
VPNvirtual private network
WANwide area network
Related publications
For more information about using the VPN Router 1010, 1050, and 1100
(formerly known as the Contivity Secure IP Services Gateway 1010, 1050, and
1100), refer to the following publications (included on the VPN Router software
CD):
•Release notes provide the latest information, including brief descriptions of
the new features, problems fixed in this release, and known problems and
workarounds.
•Read Me First: Connecting for VPN Access (314962-C) describes how to set
up the VPN Router 1010/1050/1100 for basic Internet and VPN access.
•Nortel VPN Router Configuration — Basic Features (NN46110-500)
introduces the product and provides information about initial configuration.
•Nortel VPN Router Security — Servers, Authentication, and Certificates
(NN46110-600) provides instructions for configuring authentication servers
and services, as well as digital certificates.
•Nortel VPN Router Security — Firewalls, Filters, NAT, and QoS
(NN46110-601) provides instructions for configuring the VPN Router
Stateful Firewall, NAT, and VPN Router interface and tunnel filters.
•Nortel VPN Router Configuration — Tunneling Protocols (NN46110-503)
provides instructions for configuring the tunneling protocols IPsec, L2TP,
PPTP, and L2F.
•Nortel VPN Router Configuration — Advanced Features (NN46110-502)
provides instructions for configuring 802.1Q VLANs, circuitless IP, advanced
WAN settings, PPP, PPPoE, frame relay, ADSL and ATM, T1/E1 CSU/DSU
interfaces, dial services and BIS, DLSw, IPX, and Hardware Accelerator
cards.
•Nortel VPN Router Configuration — Routing (NN46110-504) provides
instructions for configuring RIP, OSPF, and VRRP, as well as instructions for
configuring ECMP, routing policy services, and client address redistribution.
•Nortel VPN Router Configuration — SSL VPN Services (NN46110-501)
provides instructions for configuring services on the SSL VPN Module 1000,
including authentication, networks, user groups, and portal links.
•Nortel VPN Router Using the Command Line Interface (NN46110-507)
provides syntax, descriptions, and examples for the commands that you can
use to configure, manage, and monitor the gateway.
•Nortel VPN Router Troubleshooting (NN46110-602) provides information
about backup and recovery, file management, upgrading software, and
troubleshooting. This guide also provides instructions for monitoring gateway
status and performance.
•Nortel VPN Router Configuration — TunnelGuard (NN46110-307) provides
information about configuring and using the TunnelGuard feature.
Printed technical manuals
You can print selected technical manuals and release notes free, directly from the
Internet. Go to www.nortel.com/documentation, find the product for which you
need documentation, then locate the specific category and model or version for
your hardware or software product. Use Adobe Reader to open the manuals and
release notes, search for the sections you need, and print them on most standard
printers. Go to Adobe Systems at www.adobe.com to download a free copy of the
Adobe Reader.
NN46110-313 02.01
Chapter 1
Hardware overview
The Nortel VPN Router 1010/1050/1100 series provides scalable, secure,
manageable extranet access for up to five concurrent tunnels across the public
data network. These models are based on Intel architecture with a 300 MHz
Celeron CPU and 128 MB SDRAM. Instead of a hard drive, this series uses a
removable, upgradeable compact flash card. The VPN Router 1010, 1050, and
1100 fit on a bookshelf or on a shelf in a rack (Figure 1).
Figure 1 VPN Router 1010/1050/1100 series
21
ABC
LAN 0
VPN Router 1010
DLAN 1Console
VPN Router 1100
LAN 0LAN 1Console
VPN Router 1050
ABC
DLAN 1Console
LAN 0
10674EA
The VPN Router 1010/1050/1100 series provides the following network ports:
•The VPN Router 1010 has dual 10/100BASE-TX Ethernet ports and a serial
port.
•The VPN Router 1050 has a single Ethernet port and a four-port switch.
•The VPN Router 1100 has a single Ethernet port, a four-port switch, and two
PCI slots (purchase option cards separately).
•All models have a serial (console) port.
Caution: Route all cabling for all WAN, LAN, and serial connections
inside the building environment.
Tabl e 1 lists the hardware accessories and other items shipped with the VPN
Router 1010, 1050, and 1100.
Note: Nortel does not ship a power cord with the VPN Router unless
you order one.
Table 1 Items shipped with the VPN Router 1010, 1050, and 1100
DescriptionQuantity
VPN Router 1010/1050/11001
Molded serial cable RJ-45 to DB9
AC to DC external power supply1
VPN Router CD (contains documentation)1
Ethernet crossover cable (VPN Router 1010 only)1
Power cord (if ordered separately)1
1 To connect the gateway to a modem, you can order a null modem adapter.
Inspect all items for shipping damage. If you detect any damage, do not install the
VPN Router 1010/1050/1100. Call the Nortel Technical Solutions Center in your
area (“How to get help” on page 15).
1
1
NN46110-313 02.01
Chapter 1 Hardware overview 23
Internal LAN connections (LAN 0 and LAN 1)
The VPN Router 1010, 1050, and 1100 have two internal LANs built in:
•LAN 0 is the private LAN and also the LAN to use for Web management.
•LAN 1 defaults to a public LAN. The software refers to the LAN 1 port as
slot 1, interface 1.
The VPN Router 1010 has a single autonegotiating 10/100 Ethernet port on LAN
0. The VPN Router 1050 and the VPN Router 1100 have an internal four-port
autonegotiating 10/100 Ethernet switch for LAN 0.
Note: The LAN 0 statistics for the VPN Router 1050 and 1100 provide
accurate information for reports and troubleshooting, but the LAN 0
interface always reports a 100 Mb/s full-duplex connection regardless of
the actual connection speed. For example, if one of the LAN 0 ports on a
VPN Router 1050 is connected to a hub, the connection runs at half
duplex, but the LAN 0 statistics page reports a full-duplex connection.
Figure 2, Figure 3 on page 24, and Figure 4 on page 24 show the front views of
the VPN Router 1010, the VPN Router 1050, and the VPN Router 1100,
respectively. For a description of the LEDs, see “Understanding the LEDs” on
Figure 5 shows the rear view of the VPN Router 1010, 1050, and 1100.
Figure 5 Rear view of the VPN Router 1010/1050/1100
Chapter 1 Hardware overview 25
DC power supply
On/Off switch
DC Input
19V/3.16 A
60W max.
1
Power RC
0
Power LEDRecovery switchGround screw
The components on the rear of the gateway include the following:
•The port labeled “DC Input” is the receptacle for the external power supply
that is shipped with the VPN Router 1010, 1050, and 1100.
•Mechanical on/off switch.
Note: Nortel recommends that you wait 5 seconds after you turn off the
gateway before you turn it on again.
•The Power LED is green when power is supplied to the unit and the internal
power converters are not in a protective shutdown state.
•The recessed recovery switch boots the recovery image. To boot the recovery
image, press the switch by inserting a paper clip into it during the power-on
self-test memory test. For more information about system recovery, see
Nortel VPN Router Troubleshooting (NN46110-602).
•You use the ground screw (GND) to ground the chassis.
•The label on the rear panel lists the media access control (MAC) addresses for
LAN 0 and LAN 1.
You must order the power cord for the VPN Router 1010/1050/1100 separately.
The power cord must meet the requirements described in Tab le 2 .
Caution: Risk of equipment damage
Do not modify or use the AC power cord if it is not the exact type that is
required for your power outlet.
Table 2 Power cord requirements
RequirementDescription
Current ratingThe power cord must be rated for the available AC voltage
and must have a current rating that is at least 125 percent of
the gateway’s current rating (1.5 A).
CertificationThe power cord must have certification marks from an
acceptable regional agency.
Cord length and flexibility The power cord must be less than 4.5 meters (14.7 feet) long.
It must be a flexible HAR (harmonized) cord or VDE-certified
cordage to comply with the gateway’s safety certifications.
Power supply connectorThe connector that you plug into the AC receptacle on the
gateway power supply must be an IEC 320, Sheet C5 female.
Wall outlet connectorThe power cord must terminate in a male plug with
appropriate grounding.
To connect the power cord and turn on the power:
1Plug the power cord into the AC receptacle on the external power supply
NN46110-313 02.01
Caution: Before you connect the power supply to the gateway, connect
the cables to the Ethernet and serial ports. If you have a VPN Router
1100, also connect the cables to the ports on any installed option cards.
shipped with the VPN Router 1010/1050/1100.
2Plug the power cord into the AC power outlet.
Caution: Risk of equipment damage
Protect the VPN Router 1010/1050/1100 by plugging it into a surge
suppressor.
3Plug the external power supply into the port labeled “DC Input” on the back
of the gateway (Figure 5 on page 25).
4Press the power switch to the “on” position and wait for the gateway to boot.
5Verify a successful installation by checking the LEDs on the front panel (see
“Front panel LEDs” on page 27).
Note: For information about connecting the VPN Router 1010/1050/
1100 to the network, see Read Me First: Connecting for VPN Access
(314962-C).
Understanding the LEDs
Chapter 1 Hardware overview 27
This section describes the LEDs on the front panel of the VPN Router 1010/1050/
1100 and on the communication cards that you can install in the VPN Router
1100.
Front panel LEDs
The front panel of the gateway has two LEDs that indicate the status of the VPN
Router 1010/1050/1100: the Boot/Ready and the Alert LEDs (Figure 6). The VPN
Router 1100 also has an audible alarm that corresponds to the Alert LED.
Tabl e 3 describes the LEDs on the VPN Router 1010/1050/1100 front panel.
Table 3 Front panel LED indicators
LEDIndicatorDescription
Boot/ReadyYellowThe gateway is booting and is in a non-ready state.
GreenThe boot process is complete and the gateway is in a
AlertYellow (on)An alarm condition exists. The alarm may indicate a
OffNo alarm condition exists.
Boot/Ready LED
10/100 Mb/s LEDs
LAN 0LAN 1Console
Link/Activity LEDs
state of readiness.
serious condition, such as a hardware defect, or a
software attention condition. The alarm condition is
described in the health check display.
Alert LED
10675EA
For complete information about the health check, see Nortel VPN Router Troubleshooting (NN46110-602).
Ethernet port LEDs
To confirm that you cabled the Ethernet LAN interface properly, examine the port
LEDs on the front of the gateway. (Figure 6 on page 28 shows the LAN 0 and
LAN 1 port LEDs on the front of the VPN Router 1010.)
NN46110-313 02.01
Chapter 1 Hardware overview 29
Tabl e 4 describes the Ethernet port LEDs on the VPN Router 1010/1050/1100.
Table 4 Ethernet port LED indicators
LEDIndicatorDescription
10/100 Mb/s
(Amber)
Link/Act
(Green)
OnThe LAN port is operating at 100 Mb/s.
OffThe LAN port is operating at 10 Mb/s.
OnThe cable connections between the LAN port and the
hub are good.
OffThe cable connections between the LAN port and the
hub are faulty.
FlashingThe LAN port is sending or receiving network data.
The frequency of the flashes increases with
increased traffic.
10/100BASE-TX Ethernet interface card LEDs
Figure 7 shows the LEDs on the 10/100BASE-TX Ethernet interface card.
Figure 7 LEDs on the 10/100BASE-TX Ethernet interface card
DATA
ACT/LINK
Activity/Link
100TX
10/100Mbs
CS260009B
Tabl e 5 describes the LEDs on the 10/100BASE-TX Ethernet interface card.
Table 5 LED indicators on the 10/100BASE-TX Ethernet interface card
The card is sending or receiving network data. The
frequency of the flashes increases with increased
traffic.
30 Chapter 1 Hardware overview
1000BASE-T (1000 GT) Ethernet interface card LEDs
The following figures show the LEDs on the 1000BASE-T (1000 GT) Ethernet
interface card. Although the card supports 10/100/1000 Mbit/s operation, the VPN
Router 1100 only supports 10/100 Mbit/s operation.
Figure 8 LEDs on the full-height 1000BASE-T (1000 GT) Ethernet interface card
Figure 9 LEDs on the half-height 1000BASE-T (1000 GT) Ethernet card
The following table describes the LEDs on the 1000BASE-T (1000 GT) Ethernet
interface card.
Table 6 LED indicators on the 1000BASE-T (1000 GT) Ethernet interface card
LEDIndicatorDescription
ACT/LINKSteady greenThe port is connected to a valid link partner.
10/100TXGreenThe port is operating at 100 Mb/s.
NN46110-313 02.01
Flashing greenThe card is sending or receiving network data. The
frequency of the flashes increases with increased
traffic.
OffThe card is not sending or receiving data.
OffThe port is operating at 10 Mb/s.
Chapter 1 Hardware overview 31
56/64K CSU/DSU WAN interface card LEDs
Figure 10 shows the LEDs on the 56/64K CSU/DSU WAN interface card.
Figure 10 LEDs on the 56/64K CSU/DSU WAN interface card
Blue LED
Red LED
56/64K
DDS
Green LED
Yellow LED
Tabl e 7 describes the LEDs on the 56/64K CSU/DSU WAN interface card.
Table 7 LED indicators on the 56/64K CSU/DSU WAN interface card
LEDDescription
BlueThe blue alarm LED is lit when receiving an upstream failure
RedThe red alarm LED is lit when a loss-of-signal (LOS) or
YellowThe yellow alarm LED is lit when the far-end equipment is in the
GreenThe green LED is lit when the condition is normal operation.
denoted by an alarm indication signal (AIS).
out-of-frame (OOF) condition is detected on the receive signal.
red alarm condition.
ADSL WAN interface card LEDs
Figure 11 shows the LEDs on the ADSL WAN interface card.
Tabl e 8 describes the LEDs on the ADSL WAN interface card.
Table 8 LED indicators on the ADSL WAN interface card
CONN LEDTx/Rx LEDDescription
Steady greenSteady greenThe ADSL interface card is not initialized; the
OffOffThe ADSL interface card is initialized, but has not
Flashing greenOffThe ADSL interface card is attempting to establish a
Steady greenOffThe ADSL interface card has established a link with
Steady greenFlashing greenThe ADSL interface card is sending or receiving
software driver is not installed.
established a link with the ADSL network.
link with the ADSL network.
the ADSL network.
network data. (The LED can be dim.)
T1/E1 CSU/DSU WAN interface card LEDs
Figure 12 shows the LEDs on the T1/E1 CSU/DSU WAN interface card.
Note: The brackets of the full-height and half-height T1/E1 CSU/DSU
cards are almost identical. The LEDs on the two cards indicate the same
conditions.
Figure 12 LEDs on the T1/E1 CSU/DSU WAN interface card
ED 1, RedLED 2, Blue
ED 4, GreenLED 3, Yellow
CS160012A
NN46110-313 02.01
Chapter 1 Hardware overview 33
Tabl e 9 describes the LEDs on the T1/E1 CSU/DSU WAN interface card.
Table 9 LED indicators on the T1/E1 CSU/DSU WAN interface card
LEDIndicatorDescription
LED 1RedThe red alarm LED is lit when a loss-of-signal (LOS) or
LED 2BlueThe blue alarm LED is lit when receiving an upstream
LED 3YellowThe yellow alarm LED is lit when the far-end equipment
LED 4GreenThe green LED is lit when the condition is normal
out-of-frame (OOF) condition is detected on the receive
signal.
failure denoted by an alarm indication signal (AIS).
is in the red alarm condition.
operation.
Single V.35/X.21 WAN interface card LEDs
Figure 13 shows the LEDs on the single V.35/X.21 WAN interface card.
Figure 13 LEDs on the single V.35/X.21 WAN interface card
LED 1, RedLED 2, Green
LED 4, GreenLED 3, Green
CS160011A
Tabl e 10 describes the LEDs on the single V.35/X.21 WAN interface card.
Table 10 LED indicators on the single V.35/X.21 WAN interface card
LEDIndicatorDescription
LED 1RedNo external transmit clock source is available.
LED 2GreenThe signals CDC and DSR are on between the DSU
and the adapter. LED 2 detects receive link status.
Table 10 LED indicators on the single V.35/X.21 WAN interface card
LED 3GreenPower to the adapter is on and the onboard
LED 4GreenCable is detected.
microcode is loaded.
NN46110-313 02.01
Chapter 2
Installing option cards in the Nortel VPN Router
1100
The Nortel VPN Router 1100 has two expansion slots for option cards. This
chapter provides instructions about how to install and replace LAN, WAN, and
serial option cards in the VPN Router 1100.
Tabl e 11 lists the option cards that you can install in the VPN Router 1100..
Note: The 1000BASE-T (1000 GT) Ethernet interface card only
operates at 10/100 Mbit/s on the VPN Router 1100.
Tabl e 11 lists the option cards that you can install in the VPN Router 1100.
Table 11 Supported option cards for the Nortel VPN Router 1100
35
Option cardMaximum number
10/100BASE-TX Ethernet interface2
1000BASE-T (1000 GT) Ethernet interface
56/64K CSU/DSU WAN interface
ADSL WAN interface
ISDN BRI S/T or U interface
T1/E1 CSU/DSU WAN interface (half-height)2
T1 CSU/DSU WAN interface (full-height)1
Single V.35/X.21 WAN interface (half-height)
Single V.35/X.21 WAN interface (full-height)1
V.90 modem interface
1 When only one card of a type is supported, you must install that card in the larger
36 Chapter 2 Installing option cards in the Nortel VPN Router 1100
2 The VPN Router 1100 must be running Version 5.05.330, 6.05.140 and later,
7.00.062, 7.05.100 and later, or 7.05.300 and later. The VPN Router 1100 supports
10/100 Mbps operation only.
3 The VPN Router 1100 must be running Version 5.0 or later.
4 The VPN Router 1100 must be running Version 4.90 or later.
5 The VPN Router 1100 must be running Version 4.80 or later.
6 The VPN Router 1100 must be running Version 4.80 or later.
7 The VPN Router 1100 must be running Version 4.80 or later.
To install a new LAN, WAN, or serial option card:
1Use the Web GUI or the command line interface to shut down the gateway.
•Web GUI: Choose Admin > Shutdown. Select the option to power off the
gateway after shutdown.
•Command line interface: Use the
system. For example, enter
“Upgrade hardware”
(for the complete syntax of the reload
reload command to shut down the
reload power-off disable-logins
command, see Nortel VPN Router Using the Command Line Interface.
2Wait for the system to shut down.
3Turn off the VPN Router 1100 power.
4Disconnect the power cord from the power outlet and then disconnect the cord
5Remove the cables attached to the ports of the VPN Router 1100.
6If there are option cards currently installed, unscrew the two screws on each
NN46110-313 02.01
The power switch and power outlet are on the rear of the VPN Router 1100.
from the VPN Router 1100.
Warning: Risk of electric shock
Make sure to turn off the VPN Router 1100 and unplug it before you
attempt to remove or install an option card.
bracket and remove the bracket.
Caution: Risk of equipment damage
Unscrew the option card brackets before you remove the cover from the
VPN Router 1100, or you will damage the option cards.
Chapter 2 Installing option cards in the Nortel VPN Router 1100 37
7Remove the four screws on the sides of the VPN Router 1100.
8Slide the chassis cover away from the base.
The VPN Router 1100 system board is now exposed. Figure 14 on page 37
shows the location of the option card slots on the system board.
9Locate the slot where you plan to install the new or replacement option card
(Table 11 on page 35).
Figure 14 VPN Router 1100 system board
Compact
flash
DIMM
CPU
Option card
slots
Slot 3
Slot 2
10678FA
Warning: Risk of injury
Beware of danger if you incorrectly replace the battery. Replace the
battery with the same type or an equivalent battery only, as
recommended by the manufacturer’s instructions. In spite of this
warning, which is mandated for regulatory approval, you must not
change the battery. If you suspect a dead battery, contact Nortel
Customer Support.
38 Chapter 2 Installing option cards in the Nortel VPN Router 1100
10 Attach an antistatic wrist strap (not included with the VPN Router 1100
shipment).
Caution: Risk of equipment damage
Electrostatic discharge can damage VPN Router 1100 components.
11 Remove the blank card bracket (or the option card that you are replacing)
from the slot.
Caution: Risk of equipment damage
If you must remove an ADSL option card from slot 3 (Figure 14 on
page 37), lift the free end of the card so that the card is at a slight angle,
and then carefully pull it up and out of the slot so that the card clears the
connector of the adjacent slot 2. If you damage components on the
underside of the ADSL interface card, the card does not work.
12 Install the new option card.
Caution: Risk of equipment damage
To prevent stress damage to components on the underside of the ADSL
option card when you install that card in slot 3 (Figure 14 on page 37),
hold the card at a slight angle and insert it into the connector so that the
card clears the connector of the adjacent slot 2. If you damage
components on the underside of the ADSL interface card, the card does
not work.
13 Carefully slide the chassis cover onto the base, and secure it with the four
14 Attach the bracket of the new option card to the front panel with two screws.
15 Connect the cables to the system ports and to the option card ports.
16 Plug the power cord into the AC power outlet.
17 Plug the external power supply into the port labeled DC Input on the back of
NN46110-313 02.01
Press the card all the way into the PCI connector on the motherboard.
screws.
the VPN Router 1100.
Chapter 2 Installing option cards in the Nortel VPN Router 1100 39
18 Press the power switch to the on position and wait for the gateway to boot.
Caution: The boot process can take as long as 3 minutes. Do not turn
the power off and on again; recycling the power quickly can cause
problems. Always wait at least 5 seconds, after you turn off the power,
before you turn it on again.
The VPN Router 1010/1050/1100 system board provides the following interfaces:
•10/100BASE-TX Ethernet LAN ports
•Serial port
This section provides information about the 10/100BASE-TX Ethernet LAN ports
and the serial port on the system board.
10/100BASE-TX Ethernet LAN ports
The VPN Router 1010, 1050, and 1100 have two internal LANs built in:
•LAN 0 is the private LAN and also the LAN to use for Web management.
— The LAN 0 connector on the front of the VPN Router 1010 is an Ethernet
MDI configuration and requires a crossover cable (included with your
shipment).
— The LAN 0 connectors on the front of the VPN Router 1050 and 1100 are
an Ethernet medium dependent interface crossover (MDI-X)
configuration. These ports support the Auto-MDI-X feature, so either
straight-through or crossover cables can be used.
•LAN 1 defaults to a public LAN. The software refers to the LAN 1 port as slot
1, interface 1.
The LAN 1 connector on the front of the VPN Router 1010, 1050, and 1100 is an
Ethernet MDI configuration and requires an RJ-45 straight-through cable.
Depending on whether you use the interface for 10BASE-T or 100BASE-TX
operation, select cables for the interfaces as follows:
•100BASE-TX connections require Category 5 twisted-pair wire. The
NN46110-313 02.01
100BASE-TX specification supports 100 Mb/s transmission over two pairs of
Category 5 twisted-pair Ethernet wiring: one pair each for transmit and
receive operations.
Nortel recommends a maximum length of 100 meters for the cable segment
between a 100BASE-TX repeater and a workstation (due to signal timing
requirements). This wiring scheme complies with the EIA 568 wiring
standard.
•10BASE-T connections can use Category 3, 4, or 5 twisted-pair wiring.
TX+ TX-RX-RX+
Tabl e 14 provides the 10/100BASE-TX Ethernet port pinouts for the system ports
on the VPN Router 1100.
Table 14 10/100BASE-TX Ethernet port pinouts
Serial port
The system board provides a serial port on the front of the VPN Router 1010,
1050, and 1100 to enable out-of-band management of the gateway. The serial
cable provided with the VPN Router 1010, 1050, and 1100 is an RJ-45-to-DB9
cable (Figure 15 on page 44). The RJ-45 connector goes into the VPN Router
1010, 1050, or 1100, and the DB9 connector goes into your workstation.
12345678
Appendix A Technical specifications 43
PinDescription
1TX +
2TX -
3RX +
6RX -
CS260010A
Caution: Use this cable to connect a PC or modem to the VPN Router
1010/1050/1100. Do not use this cable to attach a PC or modem to any
other VPN Router device.
Tabl e 15 provides the RJ-45-to-DB9 serial interface cable pinouts.
Table 15 RJ-45 to DB9 pinouts
RJ-45 terminationDB-9 termination
SignalPin #DirectionPin #
Request to Send1--->8
Data Terminal Ready2--->6
Receive Data3<---3
Not Connected4
Send Data5---> 2
Gnd6<--->5
Data Set Ready7
Clear to Send8<---7
N/AN/C9
<--->1
<---4
Pin 1Pin 5
Pin 6Pin 9
CAB0110
NN46110-313 02.01
External modem adapter
If you need to connect a VPN Router 1010, 1050, or 1100 to a modem, you can
order a null modem adapter from Nortel. With this adapter, you can connect the
VPN Router 1010/1050/1100 console cable (shipped with the gateway) to an
RS-232-C modem port.
Caution: Risk of EMI
Use only the serial cable shipped with the VPN Router 1010, 1050, or
1100 and this modem adapter to connect a modem to the VPN Router
1010, 1050, or 1100. Other cables and adapters cannot provide adequate
shielding for EMI regulatory compliance.
To ensure correct dial-in and dial-out operation, configure the modem with the
settings verbal result codes and display result codes. For more information, see
the modem documentation.
The cable adapter has a DB9 connector that connects to the serial cable and a
DB-25 connector that connects to the modem (Figure 16).
Appendix A Technical specifications 45
Figure 16 Serial cable adapter for connection to modem (DB9-to-DB25)
Pin 1Pin 5
Pin 6Pin 9Pin 14Pin 25
Pin 1Pin 13
CAB0113A
Tabl e 16 provides the null modem adapter cable pinouts.
The VPN Router 1100 has two expansion slots that support a combination of the
following network interface cards:
•10/100BASE-TX Ethernet
•10/100/1000BASE-X Ethernet
•56/64K CSU/DSU WAN
•ADSL WAN
•ISDN BRI
•T1/E1 CSU/DSU WAN (half-height card)
•T1 CSU/DSU WAN (full-height card)
•V.90 modem
•Single V.35/X.21 WAN
This section provides information about the connectors and cable pinouts for each
supported interface card. For instructions about installing an option card, see
Chapter 2, “Installing option cards in the Nortel VPN Router 600 1100,” on page
35.
NN46110-313 02.01
Appendix A Technical specifications 47
10/100BASE-TX Ethernet interface card
The 10/100BASE-TX Ethernet interface card has a single RJ-45 connector that
provides the signals needed to interface to 10BASE-T and 100BASE-TX Ethernet
equipment. Figure 17 shows the 10/100BASE-TX Ethernet interface card.
Figure 17 10/100BASE-TX Ethernet interface card
DATA
ACT/LINK
100TX
CS260009B
For information about the cables that you can connect to this interface and the
cable pinouts, see “10/100BASE-TX Ethernet LAN ports” on page 42.
1000BASE-T (1000 GT) Ethernet interface card
The 1000BASE-T (1000 GT) Ethernet card replaces the 10/100BASE-TX
Ethernet card (see the previous section). This card provides 10/100/1000 Mbit/s
Ethernet services and supports autonegotiation. The card supports the IEEE
802.3ab standard and provides RJ-45/CAT 5 interconnection. It can operate in
either full or half duplex mode at 10/100 Mbit/s, and in full duplex mode at 1
Gbit/s. At 1 Gbit/s, autonegotiation must be used.
Note: The 1000BASE-T (1000 GT) Ethernet interface card can only
operate at 10/100 Mbit/s on the VPN Router 1100.
The VPN Router 1100 only supports 10/100 Mbit/s operation for the
1000BASE-T (1000 GT) Ethernet card. To ensure reliable speed/duplex operation
on these platforms, Nortel recommends that both the interface and the attached
devices are hard-coded to the appropriate matching 10/100 speed and duplex
settings.
For the 1000BASE-T (1000 GT) Ethernet interface card to be recognized by the
system, the minimum required VPN Router operating software is:
Select cables for this card as follows. Keep in mind that this card is
auto-negotiating and uses the highest possible data rate:
•For 100BASE-TX operation, use Category 5 twisted-pair wiring: one pair
•For 10BASE-T operation, use Category 3, 4, or 5 twisted-pair wiring.
NN46110-313 02.01
each for transmit and receive operations. The cable must comply with the
EIA 568 wiring specification. Nortel recommends a maximum length of 100
meters for the cable segment.
Appendix A Technical specifications 49
The following table provides the pinouts for the 1000BASE-T (1000 GT) Ethernet
interface card..
Table 17 1000BASE-T (1000 GT) Ethernet pinouts
PinDescription
12345678
CS260010A
1TP0+
2TP0-
3TP1+
4TP2+
5TP2-
6TP1-
7TP3+
8TP3-
56/64K CSU/DSU WAN interface card
The 56/64K CSU/DSU WAN interface card has a single RJ-48 connector that
provides the signals needed to interface to network equipment. Figure 20 shows
the 56/64K CSU/DSU WAN interface card.
Figure 20 56/64K CSU/DSU WAN interface card
56/64K
DDS
10972EA
The connector on the 56/64K CSU/DSU WAN interface card accommodates an
8-pin RJ-48 modular patch cord. These cables are sold as Category 5, or Ethernet,
cables.
Note: Nortel does not supply an interface cable with the
56/64K CSU/DSU WAN interface card.
Use cable that is wired in accordance with EIA-568-A wiring style. This wiring
style ensures that a twisted pair inside the patch cord carries the transmit signal
(pins 1 and 2) and the receive signal (pins 7 and 8). Nortel strongly recommends
that you use factory-made patch cords.
You connect the 56/64K CSU/DSU WAN interface card to the service provider
network using a straight-through cable or a crossover cable, depending on how the
service provider wired its jack.
•For a straight-through connection, you can use a standard Category 5
(Ethernet) straight-through cable.
•For a crossover connection, you cannot use a standard Category 5 crossover
cable. Do not interchange the 56/64K CSU/DSU crossover cable and the
Ethernet crossover cable.
Tabl e 18 provides the 56/64K CSU/DSU cable pinouts for a crossover
connection.
Table 18 56/64K CSU/DSU cable pinouts for crossover connection
Nortel terminationRemote termination
SignalPin # to Pin #Signal
Transmit tip17Receive tip
Transmit ring28Receive ring
not used33not used
not used44not used
not used55not used
not used66not used
Receive tip71Transmit tip
Receive ring82Transmit ring
The cable operates properly if you do not connect pins 3, 4, 5, and 6.
NN46110-313 02.01
Caution: For crossover connections, do not use Ethernet cable. If you
use Ethernet cable, the link cannot be established.
Tabl e 19 provides the 56/64K CSU/DSU cable pinouts for a straight-through
connection.
Table 19 56/64K CSU/DSU cable pinouts for straight-through connection
Nortel terminationRemote termination
SignalPin # to Pin #Signal
Transmit tip11Transmit tip
Transmit ring22Transmit ring
not used33not used
not used44not used
not used55not used
not used66not used
Receive tip77Receive tip
Receive ring88Receive ring
ADSL WAN interface card
Appendix A Technical specifications 51
The ADSL Annex A and Annex B WAN interface cards have a single RJ-11
connector that provides the signals needed to interface to the digital subscriber
line access multiplexer (DSLAM) and to telephone equipment.
Figure 21 shows the ADSL WAN interface card.
Note: The ADSL Annex A and Annex B cards look identical.
Figure 21 ADSL WAN interface card
ADSL
Tx/Rx
CONN
10972EA
Included in the accessory box is a 7-foot RJ-11 cable to attach to the DSLAM.
The ISDN BRI S/T and ISDN BRI U interface cards have a single RJ-45
connector that provides the signals needed to interface to ISDN equipment. (To
connect the ISDN BRI S/T interface to the ISDN network, you must attach an
external NT-1 device to the RJ-45 connector.)
Figure 22 shows the ISDN BRI S/T interface card.
Figure 22 ISDN BRI S/T interface card
Figure 23 shows the ISDN BRI U interface card.
Figure 23 ISDN BRI U interface card
NN46110-313 02.01
ISDN-ST
10972EA
ISDN-U
10972EB
Appendix A Technical specifications 53
The connector on the ISDN BRI S/T and ISDN BRI U interface cards
accommodates an 8-pin RJ-45 modular patch cord. These cables are sold as
Category 5, or Ethernet, cables.
Note: Nortel does not supply a cable with the ISDN BRI interface cards.
Tabl e 21 provides the ISDN BRI S/T cable pinouts.
The T1/E1 CSU/DSU WAN interface card has a single connector that provides
the signals needed to interface to T1 or E1 equipment. Figure 24 shows the T1/E1
CSU/DSU WAN interface card. This interface card ships as a half-height card and
as a full-height card.
Figure 24 T1/E1 CSU/DSU WAN interface card
Note: The brackets of the half-height and full-height cards are almost
identical. For E1 service, you must install the half-height version of the
T1/E1 CSU/DSU WAN interface card.
CS160012A
The connector on the T1/E1 CSU/DSU WAN interface card accommodates an
8-pin RJ-48 modular patch cord. These cables are sold as Category 5, or Ethernet,
cables. Nortel does not supply an interface cable with the T1/E1 CSU/DSU WAN
interface card.
Use cable that is wired in accordance with EIA-568-A wiring style. This wiring
style ensures that a twisted pair inside the patch cord carries the transmit signal
(pins 4 and 5) and the receive signal (pins 1 and 2). Nortel strongly recommends
that you use factory-made patch cords.
You connect the T1/E1 CSU/DSU WAN interface card to the service provider
network using a straight-through cable or a crossover cable, depending on how the
service provider wired its jack.
•For a straight-through connection, you can use a standard Category 5
•For a crossover connection, you cannot use a standard Category 5 crossover
NN46110-313 02.01
(Ethernet) straight-through cable.
cable. Do not interchange the T1/E1 CSU/DSU crossover cable and the
Ethernet crossover cable.
Appendix A Technical specifications 55
Tabl e 23 provides the T1/E1 CSU/DSU cable pinouts for a crossover connection.
Table 23 T1/E1 CSU/DSU cable pinouts for crossover connection
Standard-wired
end 8-pin maleSignal name
1RXDA<-TXDAwht/org pair 2A5
2RXDB<-TXDBorange pair 2B4
3not usedwht/grn pair 3A3
4TXDB->RXDBblue pair 1B2
5TXDA->RXDAwht/blu pair 1A1
6not usedgreen pair 3B6
7not usedwht/brn pair 4A7
8not usedbrown pair 4B8
Pair number
and conductor
Special-wired
end 8-pin male
The cable operates properly if you do not connect pins 3, 6, 7, and 8.
Caution: For crossover connections, do not use Ethernet cable. If you
use Ethernet cable the T1/E1 CSU/DSU does not work to specifications.
This condition can corrupt the data.
Tabl e 24 provides the T1/E1 CSU/DSU cable pinouts for a straight-through
connection.
Table 24 T1/E1 CSU/DSU cable pinouts for straight-through connection
Table 24 T1/E1 CSU/DSU cable pinouts for straight-through connection
Nortel terminationRemote termination
not used77not used
not used88not used
V.90 modem interface card
The V.90 modem interface card has two RJ-11 connectors that provide the signals
needed to interface to an incoming telephone line and to telephone equipment.
Figure 25 shows the V.90 modem interface card.
Figure 25 V.90 modem interface card
PHONE
LINE
10973EA
Included in the accessory box is a 7-foot RJ-11 cable to attach to a telephone jack.
Tabl e 25 provides the V.90 modem port cable pinouts.
Table 25 V.90 modem cable pinouts
PinFunction
1N/C
2Tip
3Ring
4N/C
NN46110-313 02.01
Appendix A Technical specifications 57
Single V.35/X.21 WAN interface card
The single V.35/X.21 WAN interface card has a single DB28S connector that
provides the signals needed to interface to V.35 and X.21 equipment. Figure 26
shows the single V.35/X.21 WAN interface card.
Figure 26 Single V.35/X.21 WAN interface card
You need a DSU/CSU (digital service unit/channel service unit) between the
WAN connection and the gateway. You can order a V.35 or X.21 cable from
Nortel to attach to the connector. This cable enables the WAN adapter to function
as DTE (data terminal equipment).
Tabl e 26 provides the V.35 cable pinouts. Table 27 on page 59 provides the X.21
cable pinouts. (The pair suffix A or B refers to an individual wire within a twisted
pair.)
The following notes apply to the single V.35 DTE cable:
1. The term “no conn” means the wire is not connected to a pin in the 34-pin connector.
2. Wires 12B, 13A, and 14B connect to pin B in the 34-pin connector.
3. At each end, the cable shield and connector shell must connect respectively to pin A of the 34-pin connector and
pin 1 of the standard 28-pin connector.
4. Do not connect Shield to Signal Ground because these are separate signals.
NN46110-313 02.01
Tabl e 27 provides the X.21 cable pinouts. (The pair suffix A or B refers to an
30
56/64K CSU/DSU WAN interface card 31
ADSL WAN interface card 31
front panel 27
Power 25
single V.35/X.21 WAN interface card 33
system LAN port 28
T1/E1 CSU/DSU WAN interface card 32