Alcatel-Lucent 1200 User manual

Brand: Alcatel-Lucent

Model: 1200

Type: User manual

Alcatel-Lucent

VPN Firewall Brick

Model 1200 Security Appliance

User’sGuide

032360-00 REV A

Issue1

June2008

Alcatel-Lucent - Proprietary

This document contains proprietary information of Alcatel-Lucent and

is not to be disclosed or used except in accordance with applicable agreements.

Unpublished and Not for Publication

See notice on first age

Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks

are the property of their respective owners.

The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for

inaccuracies contained herein.

Notice

Every effort was made to ensure that this information product was complete and accurate at the time of printing.

However, information is subject to change.

Conformance statements

Federal Communications Commission (FCC) Notification and Repair Information This equipment has been tested and

found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are

designed to provide reasonable protection against harmful interference when the equipment is operated in a

commercial environment. This equipment generates, uses, and can radiate radio frequency energy. If the equipment is

not installed and used in accordance with the guidelines in this document, the equipment may cause harmful

interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful

interference, in which case the user will be required to correct the interference at the expense of the user.

Alteration or modifications carried out without appropriate authorization may invalidate the user’s right to operate

the equipment.

Security statement

In rare instances, unauthorized individuals make connections to the telecommunications network through the use of

remote access features. In such an event, applicable tariffs require the customer to pay all network charges for

traffic. Lucent Technologies cannot be responsible for such charges and will not make any allowance or give any

credit for charges that result from unauthorized access.

Trademarks

VPN Firewall Brick is a registered trademark of Alcatel-Lucent.

Limited warranty

For terms and conditions of sale, contact your Alcatel-Lucent Account Team.

Ordering Information

The ordering number for this information product is 260-100-041

Thepartnumberforthisinformationproductis032360-00REVA

Technical Support

Alcatel-Lucent Customer Technical Support provides a technical assistance telephone number that is monitored 24

hours. For technical support (continental U.S.) call 1-866-582-3688 and select appropriate prompt. For international

support, please call +1 630-224-4672.

See notice on first age

Contents

Overview ................................................................................................................................................................... 11

Structure of hazard statements

......................................................................................................................... 22

Introduction

.............................................................................................................................................................. 44

To Install a Model 1200 Brick Device

......................................................................................................... 99

To Change the SFP Module for a Model 1200 Brick Device Gigabit Only Port

................... 1212

Illustrations

............................................................................................................................................................. 1515

Specifications

........................................................................................................................................................ 1818

Safety Instructions

............................................................................................................................................... 2121

Laser Safety Guidelines

.................................................................................................................................... 2424

Maintenance

........................................................................................................................................................... 2828

Air Filter

................................................................................................................................................................. 2929

To Perform a Hot Swap of a Power Module

.......................................................................................... 3030

To Replace the Chassis Fan Filter

............................................................................................................... 3232

To Perform a Hot Swap of a Fan Unit

...................................................................................................... 3434

Index

...................................................................

iii

List of figures

Rack Mounting Brackets 10

SFP Module (Top, Bottom, Side, and Front Views) 13

Front View of 1200 Brick and 1200 HS Brick Devices 15

Rear View of 1200 Brick Device (AC version) 15

Rear View of 1200 HS Brick Device (AC version) 15

Rear View of 1200 HS Brick Device (DC version) 16

Rear Port View of 1200 Brick Device (AC version) 16

Rear Port View of 1200 HS Brick Device (AC and DC versions) 17

Hot Swap Power Module 31

Fan Filter Replacement 33

Brick Fan Units (Front View) 34

Brick Fan Units (Rear View) 35

Using Fan Filter Cover Hooks to Remove Fan Unit 37

Inserting the Replacement Fan Unit 38

...................................................................

Overview

.........................................................................................................................................................................................

Purpose

This document provides a detailed description of the Alcatel-Lucent VPN Firewall Brick

Model 1200 Security Appliance, including:

• General information about the Brick device hardware and features

• Instructions on how to install the Brick device

• Illustrations of the Brick device hardware components and interfaces

• Detailed specifications

• Safety instructions

• Maintenance procedures

Contents

Structure of hazard statements 2

Introduction 4

To Install a Model 1200 Brick Device 9

To Change the SFP Module for a Model 1200 Brick Device

Gigabit Only Port

Illustrations 15

Specifications 18

Safety Instructions 21

Laser Safety Guidelines 24

Maintenance 28

Air Filter 29

To Perform a Hot Swap of a Power Module 30

To Replace the Chassis Fan Filter 32

To Perform a Hot Swap of a Fan Unit 34

...................................................................

Structure of hazard statements

.........................................................................................................................................................................................

Overview

Hazard statements describe the safety risks relevant while performing tasks on

Alcatel-Lucent products during deployment and/or use. Failure to avoid the hazards may

have serious consequences.

General structure

Hazard statements include the following structural elements:

Item Structure element Purpose

1 Personal-injury symbol Indicates the potential for personal injury

(optional)

2 Hazard-type symbol Indicates hazard type (optional)

3 Signal word Indicates the severity of the hazard

4 Hazard type Describes the source of the risk of damage or

injury

5 Damage statement Consequences if protective measures fail

6 Avoidance message Protective measures to take to avoid the hazard

7 Identifier The reference ID of the hazard statement

(optional)

...................................................................

Signal words

The signal words identify the hazard severity levels as follows:

Signal word Meaning

DANGER Indicates an imminently hazardous situation (high risk) which, if not

avoided, will result in death or serious injury.

WARNING Indicates a potentially hazardous situation (medium risk) which, if

not avoided, could result in death or serious injury.

CAUTION When used with the personal injury symbol:

Indicates a potentially hazardous situation (low risk) which, if not

avoided, may result in personal injury.

When used without the personal injury symbol:

Indicates a potentially hazardous situation (low risk) which, if not

avoided, may result in property damage, such as service interruption

or damage to equipment or other materials.

Structure of hazard statements

...................................................................

Introduction

.........................................................................................................................................................................................

General

A Model 1200 Brick device measures approximately 17″ (W)x19″ (D) x 3.5″(H) and is

intended to be installed on a standard 19-inch rack. It comes with two optional

rack-mounting brackets that can be attached to the sides to secure it to the rack.

There are two basic Brick 1200 models:

• The 1200 Brick (AC version only)

• The 1200 HS Brick (AC and DC versions)

Ports

The following table summarizes the number and type of ports that are supported on each

Brick 1200 model:

Port Type 1200 Brick Device 1200 HS Brick Device

10/100/1000BaseTX 8 14

Gigabit only interfaces

Notes:

1. The Gigabit only ports operate solely at the 1 Gigabit rate and are not 10/100/1000baseTX

auto-switchable. These ports are activated when the user inserts a Small Form-factor Pluggable

(SFP) module, which is ordered separately.

Power supply

The Model 1200 Brick device utilizes hot swappable mini-redundant power supplies for

both AC and DC versions.

Gigabit only interfaces

The Gigabit only ports on the Model 1200 Brick are configurable for copper/fiber

connections via Small Form-factor Pluggable (SFP) modules, which are sometimes referred

to as “mini-GBICs”.

The SFP module design is based on the GBIC interface, which is a standard for

transceivers that commonly use Gigabit copper Ethernet and fiber channels. The SFP is a

standard, hot swappable electrical interface that supports the full range of physical media,

from copper to optical fiber (multi mode or single mode) through the use of the appropriate

SFP module. These SFP modules can be easily interchanged, which allow networks to have

ports added or changed as the administrator wishes.

...................................................................

Hardware encryption

A hardware-based Encryption Accelerator (AES) Card is standard on the DC version and

AC version of the Model 1200 Brick.

Front view

The front of the Model 1200 Brick device has a chassis fan filter replacement panel on the

left side, with light-emitting diode (LED) activity lights, Power, Audible Cut-Off (ACO),

and Unit ID LEDs/buttons, and two USB ports on the right side.

The following table describes the function, label, color and operation of each LED activity

light/button on the front panel.

Function LED/Button Label Color Operation

Power LED/button

(front)

Pwr GRN Steady ON=unit is

powered

Power Module Status PS1 GRN Steady ON=module 1 is

operating

PS2 GRN Steady ON=module 2 is

operating

Hard Disk Activity FD Act GRN Flashing=HDD activity

Encrypt Active EA Act GRN Steady ON=encryption

card active.

Flashing=data passing

through encryption card

Failover active FO Act GRN Steady ON=unit is in

failover mode and active

Flashing=unit in standby

Fan Bank Failure Fan1 GRN Steady ON=fan in

bank1 has failed

Fan2 GRN Steady ON=fan in

bank2 has failed

Fault

Fault YEL Steady ON=unit is in

the alarm state

ACO Active LED/button

ACO Act GRN Steady ON=the ACO

switch has been pressed

during an alarm state.

Steady OFF=no alarm

state is present or the

ACO button has not

been pressed during an

alarm state. The ACO

LED self-clears when

the offending alarm is

removed.

Introduction

...................................................................

Function LED/Button Label Color Operation

Unit Indicator

LED/button

Unit ID BLU Steady ON=highlights a

particular unit in a rack

of equipment. LED

Indicator is on front

(button) and rear of

unit.

Notes:

1. The Power LED/button works like a momentary switch. To power up the Brick device, press the

button in and a steady green LED light indicates that the Brick is powered up. To power down

the Brick device, press and hold the button in again for at least 3 seconds.

2. If lit, there is an alarm fault in either the power supplies or fans. Observe the Fan1 and Fan2

LEDs to determine if it is a Fan alarm, or the PS1 and PS2 LEDs to determine if it is a power

supply alarm.

3. The Audible Cut Out (ACO) LED/button works like a momentary switch. Press the button in to

turn off an audible alarm and the ACO LED.

4. The Unit ID LED/button works like a momentary switch. Press and hold the button in to activate

the front and rear Unit ID LEDs. When pressed in for about 6 seconds, the Unit ID button starts

on-demand diagnostics (refer to the section “Hardware diagnostics” (p. 6)).

In addition to the activity lights described above, the DC version of the Model 1200 Brick

also has a Fault light, which is amber when power is lost to the A or B power connector.

Hardware diagnostics

When the Model 1200 Brick is powered on and boots up, it performs a Power On Self Test

(POST) diagnostics check of the motherboard, during which its memory, circuitry, and

peripherals are tested and configured. If the boot up of the motherboard is successful, the

motherboard LEDs, which are visible through four holes located in the rear of the chassis

near the bottom center of the Brick, flash green or red and then go out. If the boot up of

the motherboard is unsuccessful, each LED on the motherboard displays a steady green or

red. Should this occur, contact Alcatel-Lucent Customer Technical Support and indicate the

locked color status of each LED on the motherboard, from left to right, which can be used

to help determine the problem encountered during the POST diagnostics check.

The Model 1200 Brick also allows you to perform an on-demand diagnostics check of the

front panel alarms hardware (controlled by the Brick Alarm card installed in the front

chassis of the Brick), or to confirm a fault that might have occurred during normal

operations.

To perform an on-demand diagnostics check, do the following:

1. Confirm that the Brick is connected to an active power source.

2. Press and hold the Unit ID LED/button for five seconds.

...................................................................

The Brick’s front alarm card initially performs a program self-check. If this fails, all front

panel LEDs and the audible alarm buzzer cycle together through three blinks/audible alarms

and the on-demand diagnostics is terminated.

If the diagnostics program self-check passes, the Brick turns off all LEDs or audible alarms

that are active, then cycles through each alarm indicator on and off 3 times, one cycle per

second, sequentially.

The alarm indicators are activated in the following sequence:

1. PS1 LED

2. PS2 LED

3. FD Act

4. FO Act LED

5. Fan1 LED

6. Fan2 LED

7. Fault LED

8. ACO LED

9. Unit ID LED

10. Audible alarm (buzzer)

11. Remote Visual Alarm relay

12. Remove Audible Alarm relay

After the on-demand diagnostics run is completed, the front panel alarm indicators return to

their original state.

Rear view

The rear of the Model 1200 Brick device provides access to two hot swappable redundant

power supplies. There is an alarm interface terminal block with dry contact closures for

Visual and Audible alarms that can be connected to a local alarm system. There are two

10/100/1000baseTX interfaces on the motherboard. In addition, there are six

10/100/1000BaseTX interfaces on both versions of the Model 1200 Brick, with 1Gigabit

only ports (two on the Standard version and six on the HS version) where SFP modules

can be inserted. The rear also contains a keyboard port, a monitor port, the console port,

two USB ports, and the Unit ID LED light.

Important! For installation into networks that are subject to surges, a shielded Ethernet

cable and/or serial port cable may be needed for regulatory compliance.

Alcatel-Lucent Security Management Server (SMS) software

The Model 1200 Brick device is supported by a patch release of SMS Release 9.0 (and

later SMS releases). To upgrade SMS R9.0 with a software patch that incorporates the

Model 1200 Brick software, or to obtain the latest software patches for R9.0 in the future,

download the software patches from the VPN Firewall Product Registration and Support

website: (https://www.lucent-ipsec.com). On the VPN Firewall Product Registration and

Introduction

...................................................................

Support web page, enter your User Name and Password (which are established during the

product registration process).

If you are a registered customer, the VPN Firewall Registration web page is displayed.

Click on the link on the left side of the page labeled

Downloads to access the Downloads

page. The Downloads page has a series of buttons which allow you to select and download

the required software release/patch. For additional instructions on how to download and

install the required SMS software release/patch, refer to the SMS product Release Notes.

CAUTION:

CAUTION

Electric shock hazard

Risk of shock

Before connecting power on the DC version of the Model 1200 Brick device, the Brick

device chassis must be properly grounded. Two 10-32 threaded studs, spaced 0.625 inches

apart, are provided at the rear of the chassis for grounding purposes.

Alarm outputs

Visual and Audible Alarm outputs are available from the rear of the Model 1200 Brick

device. Each Form C relay provides NO (Normally Open), C (Common), and NC

(Normally Closed) contacts. The designations NO, C, and NC represent the powered

″good″ state of the Brick device.

All contacts are limited to ±60V and 0.75A.

Visual Alarm Output - indicates the Alarm state of the Brick device and remains until the

alarm is gone.

Audible Alarm Output - indicates the Alarm state of the Brick device but can be disabled

with the ACO (Audible Cut Out) and will not reactivate until the existing alarm has been

cleared and a new alarm has been generated.

Handling Brick device components

To prevent damage to components from electrostatic discharge, always follow the proper

guidelines for equipment handling and storage. Adapter cards and semiconductor devices in

general can be easily and permanently damaged due to electrostatic discharge during

installation and removal.

In order to reduce the static potential, the user should be properly grounded through the use

of an approved antistatic wrist strap when installing, removing or handling Brick devices.

...................................................................

To Install a Model 1200 Brick Device

.........................................................................................................................................................................................

When to use

Use this procedure to install a 1200 Brick device. It includes special handling instructions

for the AC and DC versions of the Model 1200 Brick device.

Task: installing a Model 1200 Brick device

Complete the following steps to install a Model 1200 Brick device.

.........................................................................................................................................................................

Remove the Brick device from the carton in which it was shipped.

.........................................................................................................................................................................

If additional support is needed (other than the two front brackets), use the additional side

mounted brackets. Slide the two adjustable rear mounting brackets into the mounting guide.

Depending on the rack mounting requirements, the rear brackets can be inserted in the

guide in either position shown in Figure 1, “ Rack Mounting Brackets” (p. 10).

The General Devices slide rails (part number C300-S-122) can be used for cabinet

mounting applications.

.........................................................................................................................................................................

Position the Brick device in the rack and fasten the Brick device to the rack using the front

brackets on either side of the device with two #2 Phillips head screws per bracket. If the

...................................................................

rear brackets are used, slide the bracket to the frame and fasten with two screws per

bracket.

.........................................................................................................................................................................

For AC models, take the two power cords that come with the unit and connect them to the

two power supply connectors on the back. See Figure 4, “Rear View of 1200 Brick Device

(AC version)” (p. 15)and Figure 5, “Rear View of 1200 HS Brick Device (AC version)”

(p. 15)for the location of the connectors.

.........................................................................................................................................................................

For DC models, make the following power connections (see Figure 6, “Rear View of 1200

HS Brick Device (DC version)” (p. 16) for the location of the connections):

-48VDC Power

Figure 1 Rack Mounting Brackets

...................................................................

Two 12 foot power cables are provided. These cables consist of a pair of 12 AWG wires

and Faston connectors, which fasten directly into a field wiring terminal block on the

power supply. The other end of the cable is pre-stripped (3/8″) for connection to a fuse

panel or other source of -48VDC power. Observe proper polarity when connecting to a fuse

panel. The BLACK wire is ground and the RED wire is -48VDC.

The battery return conductor is an Isolated DC Return (DC-1).

Primary Ground

The product has been designed to be installed in a Common Bonding Network (CBN). The

Brick device has a primary ground connection on the rear of the unit. The connection point

is identified with the earth connection point symbol. This connection utilizes two 10-32

studs on 0.625″ centers. Lock washers and nuts for fastening a terminal lug are provided.

The primary ground must be utilized and the wire and lug must be selected in accordance

with NEC, state, local and customer guidelines.

.........................................................................................................................................................................

Connect the SMS to one of the Ethernet interfaces on the back (refer to Figure 4, “Rear

View of 1200 Brick Device (AC version)” (p. 15) through Figure 8, “Rear Port View of

1200 HS Brick Device (AC and DC versions)” (p. 17)). The following explains the type of

Ethernet cable to use:

Direct connection

If you are connecting the SMS directly to the Brick device, use a crossover Ethernet cable.

Hub/Switch

If you are connecting the Brick device to the SMS by means of a hub or switch, use

regular Ethernet cables from the SMS to the hub/switch, and from the hub/switch to the

interface on the back.

.........................................................................................................................................................................

Connect the LANs to the Brick device. Insert the Ethernet cable from the LANs into the

remaining Ethernet interfaces (see Figures 4 through 9).

Keep a record of the interfaces to which the SMS and the various LANs are connected.

You will need this information later when you create security zones and assign them to

interfaces.

.........................................................................................................................................................................

Power up the Brick device. It is now ready to be configured using the SMS (refer to the

Configuring and Activating an Alcatel-Lucent VPN Firewall Brick® Security Appliance

chapter in the SMS Administration Guide for instructions).

E ND OF STEPS

.............................................................................................................................................................................................

To Install a Model 1200 Brick Device

...................................................................

To Change the SFP Module for a Model 1200 Brick Device

Gigabit Only Port

.........................................................................................................................................................................................

When to use

Use the following tasks to install an SFP module or to remove an SFP module for a

Gigabit only port on a Model 1200 Brick device.

Important! There are a variety of SFP modules that are commercially available.

However, Alcatel-Lucent only qualifies that the SFP modules that can be ordered from

Alcatel-Lucent will work properly. The user assumes all liability when using SFP

modules other than those available from Alcatel-Lucent. Contact your sales

representative for additional information.

Task: installing an SFP module

Complete the following steps to install an SFP module:

.........................................................................................................................................................................

Remove the SFP module from its protective packaging, and verify that the SFP module is

the correct model for your network configuration.

Note: you can identify SFP modules by the SFP module label, which also lists the SFP

model number and wavelength (if fiber).

Refer to Figure 2, “SFP Module (Top, Bottom, Side, and Front Views)” (p. 13) to

locate the SFP module label.

...................................................................

.........................................................................................................................................................................

Verify that the bale clasp on the front of the SFP module is closed before inserting the SFP

module (refer to Figure 2, “SFP Module (Top, Bottom, Side, and Front Views)” (p. 13)).

.........................................................................................................................................................................

CAUTION

Possible Equipment Damage

Do not remove the dust plugs from the optical bore of the SFP module or the dust caps

from the fiber-optic cable until you are ready to connect the cable. The plugs and caps

protect the SFP module optical ports and cable connectors from contamination.

Align the SFP module in front of the slot opening with its connection pins in the upward

position (the SFP module label will face in a downward position), and slide the SFP

Figure 2 SFP Module (Top, Bottom, Side, and Front Views)

To Change the SFP Module for a Model 1200 Brick Device Gigabit Only Port

...................................................................

module into the slot until you feel the connector on the module snap into place in the rear

of the slot.

Task: removing an SFP module

Complete the following steps to remove an SFP module from a Model 1200 Brick device:

.........................................................................................................................................................................

Disconnect the Ethernet or fiber-optic connector cable from the SFP module.

.........................................................................................................................................................................

Pivot the bale up to release the SFP module latching mechanism.

If the bale-clasp latch is obstructed and you cannot use your index finger to open it, use a

small, flat-blade screwdriver or other long, narrow instrument to open the bale-clasp latch.

.........................................................................................................................................................................

Grasp the SFP module between your thumb and index finger and carefully slide the module

out of the receptacle.

.........................................................................................................................................................................

Close the SFP bale clasp and insert the dust plug into the optical bores (if fiber).

.........................................................................................................................................................................

Place the SFP module in an antistatic bag or other protective environment.

E ND OF STEPS

.............................................................................................................................................................................................

...................................................................

ND OF STEPS

.........................................................................................................................................................................

Page is loading ...

Alcatel-Lucent 1200 User manual

Alcatel-Lucent 1200 User manual

Alcatel-Lucent 1200 User manual

Related papers

Other documents