8.
Electrical Hazard: Only qualified personnel should perform installation procedures. Riesgo Electrico: Solamente personal calificado debe realizar procedimientos de instalacion. Elektrischer Gefahrenhinweis: Installationen sollten nur durch ausgebildetes und qualifiziertes Personal vorgenommen werden. Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice.
Regulatory Compliance Information Federal Communications Commission (FCC) Notice This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. NOTE: This equipment has been tested and found to comply with the limits for a class A digital device, pursuant to Part 15 of the FCC rules.
Electromagnetic Compatibility (EMC) This product complies with the following: 47 CFR Parts 2 and 15, CSA C108.8, 2004/108/EC, EN 55022, EN 61000‐3‐2, EN 61000‐3‐3, EN 55024, AS/NZS CISPR 22, VCCI V‐3. Compatibilidad Electromágnetica (EMC) Este producto de Enterasys cumple con lo siguiente: 47 CFR Partes 2 y 15, CSA C108.8, 2004/108/EC, EN 55022, EN 55024, EN 61000‐3‐2, EN 61000‐3‐3, AS/NZS CISPR 22, VCCI V‐3.
ѻક䇈ᯢк䰘ӊ Supplement to Product Instructions 䚼ӊৡ⿄ (Parts) 䞥ሲ䚼ӊ (Metal Parts) ⬉䏃ഫ (Circuit Modules) ⬉㓚ঞ⬉㓚㒘ӊ (Cables & Cable Assemblies) ล᭭㘮ড়⠽䚼ӊ (Plastic and Polymeric parts) ⬉䏃ᓔ݇ (Circuit Breakers) ƻ˖ 䪙 3E ᳝↦᳝ᆇ⠽䋼ܗ㋴ (Hazardous Substance) ⒈㘨㣃 ∲ 䬝 ݁Ӌ䫀 3%% +J &G &U h ƻ ƻ h ƻ ƻ h ƻ ƻ h ƻ ƻ h ƻ ƻ h ƻ ƻ ƻ ƻ ƻ ƻ ƻ h ƻ ƻ h h ƻ ƻ ⒈Ѡ㣃䝮 3%'( 㸼⼎䆹᳝↦᳝ᆇ⠽䋼䆹䚼ӊ᠔᳝ഛ䋼ᴤ᭭Ёⱘ䞣ഛ SJ/T 11363-2006 ᷛޚ㾘ᅮⱘ䰤䞣㽕∖ҹϟDŽ Indicates that the concentration of the hazardous substance
VCCI Notice This is a class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. BSMI EMC Statement — Taiwan This is a class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures.
Declaration of Conformity Application of Council Directive(s): Manufacturer’s Name: Manufacturer’s Address: European Representative Address: Conformance to Directive(s)/Product Standards: Equipment Type/Environment: 2004/108/EC 2006/95/EC Enterasys Networks, Inc. 50 Minuteman Road Andover, MA 01810 USA Enterasys Networks, Ltd.
2. RESTRICTIONS. Except as otherwise authorized in writing by Enterasys, You may not, nor may You permit any third party to: (a) Reverse engineer, decompile, disassemble or modify the Program, in whole or in part, including for reasons of error correction or interoperability, except to the extent expressly permitted by applicable law and to the extent the parties shall not be permitted by that applicable law, such rights are expressly excluded.
8. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical value to Enterasys, and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Program.
Contents Who Should Use This Guide ............................................................................................................................xv How to Use This Guide .....................................................................................................................................xv Related Documents ......................................................................................................................................... xvi Typographical Conventions ......
Installing the Rubber Feet ........................................................................................................................ 3-3 Installing the Chassis into a Rack ................................................................................................................... 3-3 Installing the Chassis on the Rack Shelf .................................................................................................. 3-3 Installing the Chassis Directly to the Rack .................
Regulatory Requirements ........................................................................................................................A-2 NAC Controller Engine Interface Specifications .......................................................................................A-3 NAC Controller Engine COM Port Pinout Assignments ...........................................................................A-4 NAC Controller PEP 2S4082-25 Module Specifications ..............................................
5-1 5-1 5-2 5-2 6-3 6-4 6-5 6-6 6-7 6-8 6-9 6-10 6-11 6-12 6-13 6-14 6-15 6-16 6-17 6-18 6-19 6-20 6-21 6-22 6-23 6-24 6-25 6-26 6-27 6-28 6-29 B-1 B-2 B-3 B-4 B-5 B-6 LANVIEW LEDs for the 2S4082-25 .................................................................................................... 5-2 LANVIEW LEDs for the 7S4280-19 .................................................................................................... 5-2 OFFLINE/RESET Switch for the 2S4082-25 ................................
A-10 A-11 A-12 A-13 A-14 A-15 A-16 A-17 A-18 A-19 A-20 A-21 Mini-GBIC Input/Output Port Specifications .......................................................................................A-7 COM Port Pin Assignments ................................................................................................................A-7 MGBIC-LC01 / MGBIC-MT01 Optical Specifications .........................................................................A-8 MGBIC-LC01 / MGBIC-MT01 Operating Range ............
xiv
About This Guide This guide provides an overview, installation and troubleshooting instructions, and specifications for the 2S4082‐25‐SYS and 7S4280‐19‐SYS Enterasys NAC Controller. For information about the CLI (Command Line Interface) set of commands used to configure and manage the NAC Controllers, refer to the Enterasys Networks™ DFE‐Platinum and Diamond Series Configuration Guide.
Related Documents For... Refer to...
Typographical Conventions Typographical Conventions The following typographical conventions and icons are used in this document. blue type Indicates a hypertext link. When reading this document online, click the text in blue to go to the referenced figure, table, or section. Lowercase x Indicates the general use of an alphanumeric character (for example, 6x1xx, the x’s indicate a combination of numbers or letters).
Getting Help Getting Help For additional support related to the NAC Controller or this document, contact Enterasys Networks using one of the following methods: World Wide Web www.enterasys.com/services/support/ Phone 1-800-872-8440 (toll-free in U.S. and Canada) or 1-978-684-1000 For the Enterasys Networks Support toll-free number in your country: www.enterasys.com/services/support/ Internet mail support@enterasys.com To expedite your message, please type [N-Series] in the subject line.
1 Introduction This chapter provides a functional overview of the Enterasys NAC Controller and its features. For information about... Refer to page...
Overview The N1-7C111 Chassis The Enterasys Matrix N1 chassis design provides a single slot for the NAC Controller PEP. The 2S4082‐25 NAC Controller PEP is installed in the 2S4082‐25‐SYS NAC Controller. The 7S4280‐19 NAC Controller PEP is installed in the 7S4280‐19‐SYS NAC Controller. The NAC Controller PEP installed in the Enterasys Matrix N1 chassis interfaces to the chassis backplane utilizing the FTM2 connector.
Overview The NAC Controller PEP receives power and backplane connectivity when it is inserted into a chassis. Management of the module can be either In‐Band or Out‐Of‐Band. In‐Band remote management is possible using Telnet, Enterasys Networks’ NetSight® management application, or WebView™ application. Out‐of‐band management is provided through the RJ45 COM (Communication) port on the front panel using a VT100 terminal or a VT100 terminal emulator.
Overview The 2S4082-25 NAC Controller PEP The 2S4082‐25 NAC Controller PEP has 24, 10BASE‐T/100BASE‐TX/1000BASE‐T compliant ports by means of 24 fixed front‐panel RJ45 connectors on the PEP and 2, Mini‐GBIC Gigabit ports. The 2S4082‐25 is installed in the Enterasys Matrix N1 chassis.
Overview The 7S4280-19 NAC Controller PEP The 7S4280‐19 NAC Controller PEP has 20, 1000BASE‐X compliant front‐panel ports that support a variety of optional Small Form Factor Pluggable (SFP) Gigabit connections using optional Mini‐Gigabit Interface Cards (Mini‐GBICs). The 7S4280‐19 is installed in the Enterasys Matrix N1 chassis.
Overview Redundant Power Supplies The Enterasys NAC Controller supports two fixed, auto‐ranging redundant AC power supply modules. For power supply specifications, refer to “Power Supply” on page A‐2. Power Supply LANVIEW LEDs Power supply status is indicated by LANVIEW® LEDs located on the front panel of the chassis. Each power supply utilizes a single LED to monitor and detect power supply failure and redundancy status.
Secure Networks Policy Support Standalone or Rack Mountable Chassis The Enterasys NAC Controller can be installed as a freestanding unit on a shelf or table. It can also be mounted into a standard 48.26‐centimeter (19‐inch) equipment rack. Refer to “Site Guidelines” on page 2‐1 for requirements on ventilation and cooling. Secure Networks Policy Support A fundamental concept that is key to the implementation of the Enterasys Secure Networks methodology is policy‐enabled networking.
LANVIEW Diagnostic LEDs 1-8 Introduction
2 Installation Requirements and Guidelines This chapter describes site guidelines that must be met before installing an Enterasys NAC Controller into a rack or cabinet, Enterasys NAC Controller configuration guidelines, and operating specifications for the Enterasys NAC Controller. Electrical Hazard: Only qualified personnel should perform installation procedures. Riesgo Electrico: Solamente personal calificado debe realizar procedimientos de instalacion.
Configuration Guidelines Configuration Guidelines The NAC Controller PEPs for the Enterasys NAC Controller are equipped with a firmware‐based management tool, which provides the capability to configure the NAC Controller PEP and access chassis, power supply, and fan information.
NAC Controller PEP Network Requirements Fan LED See Figure 2‐2 for the location of the fan LED. Table 2‐2 describes the different states of the fan LED. Figure 2-2 Fan LED 1 FAN STATUS PS1 STATUS PS2 STATUS 7C111 N1 GROUND STRAP 1 Fan LED Table 2-2 Fan LED States and Definitions LED Color Status Green All fans are operating normally. Amber One fan failure has occurred. Red More than one fan failure has occurred.
NAC Controller PEP Network Requirements Link Aggregation Link Aggregation is a method of grouping multiple physical ports on a network device into one logical link according to the IEEE 802.3ad‐2002 standard. Because Link Aggregation is standards based, it allows for automatic configuration with manual overrides (if applicable), and can operate on 10 Mbps, 100 Mbps, or 1000 Mbps Ethernet full duplex ports.
NAC Controller PEP Network Requirements 1000BASE-SX/LX/ELX Network The optional Mini‐GBICs on the 2S4082‐25 provide a Gigabit Ethernet connection to the NAC Controller Engine to provide fiber‐optic connections operating at 1000 Mbps (1 Gbps). Other Mini‐GBICs may support different types of cabling connections. The device at the other end of the fiber‐optic connection must meet IEEE 802.3‐2002 Gigabit Ethernet requirements for the devices to operate at Gigabit speed.
NAC Controller PEP Network Requirements 2-6 Installation Requirements and Guidelines
3 Enterasys Matrix N1 Chassis Setup This chapter contains instructions on setting up the Enterasys Matrix N1 Chassis. Equipment needed: • Phillips screwdriver • Flat blade screwdriver Electrical Hazard: Only qualified personnel should install or service this unit. Riesgo Eléctrico: Nada mas personal capacitado debe de instalar o darle servicio a esta unida. Elektrischer Gefahrenhinweis: Installationen oder Servicearbeiten sollten nur durch ausgebildetes und qualifiziertes Personal vorgenommen werden.
Setting Up the Enterasys Matrix N1 Chassis Table 3-1 Contents of the 2S4082-25-SYS and 7S4280-19-SYS 7C111 Carton Item Quantity 2S4082-25-SYS or 7S4280-19-SYS Standalone Series 7C111 1 2S4082-25 or 7S4280-19 NAC Controller PEP 1 Rubber Feet 4 (self-adhesive) Power Cords 2 ESD Wrist Strap 1 Manual URL Location Card 1 Patents Sheet 1 Hardware Installation Guide (this manual) 1 4. Inspect the Enterasys Matrix N1 Chassis for any signs of physical damage.
Installing the Chassis into a Rack When installing the switch on a flat surface, the installation of the rubber feet is recommended to prevent the switch from sliding on a flat surface. Installing the rubber feet is optional if you are installing the switch in a rack. To install the rubber feet, proceed to “Installing the Rubber Feet” instructions below. For instructions to rack mount the switch, proceed to “Installing the Chassis into a Rack” on page 3.
Installing the Chassis into a Rack Installing the Chassis Directly to the Rack Caution: Read Chapter 2 before completing the following procedure to ensure that all installation guidelines are met. Precaución: Antes de llevar a cabo el siguiente procedimiento, lea Chapter 2 para y asegúrese de cumplir con todos los requisitos de instalación.
Powering Up a Enterasys Matrix N1 Chassis Figure 3-2 ESD Grounding Receptacle 1 N1 FAN STATUS PS1 STATUS PS2 STATUS 7C111 GROUND STRAP N1 N1 7C111 GROUND STRAP d 1 ESD grounding receptacle Note: To install the NAC Controller PEP, refer to the Chapter 4, NAC Controller PEP Installation section for the installation instructions. Before you power up the Enterasys Matrix N1 Chassis, it is recommended that you complete the installation of the NAC Controller PEP in the chassis.
Cooling Fans Figure 3-3 Connecting the 15-Amp AC Power Cords 2 AC INLET 2 100 - 125V ~ 3.6A 200 - 240V ~ 1.6A 50/60 Hz 7C111 VCCI-A THIS DEVICE COMPLIES WITH PART 15 OF THE FCC RULES. OPERATION IS SUBJECT TO THE FOLLOWING TWO CONDITIONS: (1) THIS DEVICE MAY NOT CAUSE HARMFUL INTERFERENCE, AND (2) THIS DEVICE MUST ACCEPT ANY INTERFERENCE RECIEVED, INCLUDING INTERFERENCE THAT MAY CAUSE UNDESIRED OPERATION. THIS CLASS A DIGITAL APPARATUS COMPLIES WITH CANADIAN ICES-003.
4 NAC Controller PEP Installation Electrical Hazard: Only qualified personnel should perform installation procedures. Riesgo Electrico: Solamente personal calificado debe realizar procedimientos de instalacion. Elektrischer Gefahrenhinweis: Installationen sollten nur durch ausgebildetes und qualifiziertes Personal vorgenommen werden. Important Notice Read the Release Notes shipped with the NAC Controller PEP to check for any exceptions to the supported features and operation documented in this guide.
Installing Optional Mini-GBICs 2. Verify the contents of the carton as listed in Table 4‐1. Table 4-1 Contents of Module Carton Item Quantity NAC Controller PEP (2S4082-25 or 7S4280-19) 1 Customer Release Notes 1 3. Remove the tape seal on the non‐conductive bag to remove the module. 4. Perform a visual inspection of the module for any signs of physical damage. Contact Enterasys Networks if there are any signs of damage. Refer to “Getting Help” on page xviii for details.
Installing Optional Mini-GBICs 3. If there is a protective dust cover (see in Figure 4‐1 or Figure 4‐2) on the Mini‐GBIC port, do not remove it at this time. Installation To install a Mini‐GBIC with an MT‐RJ connection, refer to Figure 4‐1, for an LC connection, refer to Figure 4‐2, or for an RJ45 connection, refer to Figure 4‐3, and proceed as follows: 1. Hold the Mini‐GBIC with its top side facing up and its 7‐pin edge connector facing the port slot. 2.
Installing Optional Mini-GBICs Figure 4-2 Mini-GBIC with LC Connector Ä Á Ã Â À Å 1 Mini-GBIC (MGBIC-LC01 or MGBIC-LC09) 2 Mini-GBIC, top sid 3 7-Pin edge connector (insertion side) Figure 4-3 4 Port slot 5 Mini-GBIC, protective dust cover 6 Release tab Mini-GBIC with RJ45 Connector Á Ä Â Ã À 1 Mini-GBIC (MGBIC-02) 2 Mini-GBIC, top side 3 7-Pin edge connector (insertion side) 4-4 NAC Controller PEP Installation 4 Port slot 5 Wire-handle release
Installing NAC Controller PEP into the Matrix N1 Chassis Removing the Mini-GBIC To remove a Mini‐GBIC from a port slot, proceed as follows: Caution: Do NOT remove a Mini-GBIC from a slot without releasing the locking tab located under the front bottom end of the Mini-GBIC. This can damage the Mini-GBIC. The Mini-GBIC and its host device are sensitive to static discharges. Use an antistatic wrist strap and observe all static precautions during this procedure.
Installing NAC Controller PEP into the Matrix N1 Chassis Preparation 1. Remove the blank panel covering the slot in which the module will be installed. (Save the blank plate in the event you need to remove the module.) 2. Remove the module from the shipping box. (Save the box and packing materials in the event the module needs to be reshipped.) 3. Locate the antistatic wrist strap shipped with the chassis.
Connecting to the Network Figure 4-4 1 2 3 4 Installing the NAC Controller PEP into the Matrix N1 Chassis N1 Chassis slot FTM2 backplane connectors NAC Controller PEP card Card guides 5 6 7 Metal back panel Upper locking tab (shown in closed position) Lower locking tab (shown in closed position) Connecting to the Network This section provides the procedures for connecting unshielded twisted pair (UTP) segments from the network or other devices to the 2S4082‐25 (“Connecting UTP Cables to the 2S4082‐25
Connecting to the Network Figure 4‐5 shows connecting a twisted pair segment to the 2S4082‐25 module. It is assumed that the chassis power is turned on to provide power to the module. Refer to Figure 4‐5 and proceed as follows: 1. Ensure that the device connected to the other end of the segment is powered ON. 2. Connect the twisted pair segment to the module by inserting the RJ45 connector on the twisted pair segment into the appropriate RJ45 port connector.
Connecting to the Network Figure 4-6 Four-Wire Crossover Cable RJ45 Pinouts, Connections Between Hub Devices À Á RX+ 1 1 RX+ RX 2 2 RX TX+ 3 3 TX+ TX 6 6 TX Ã Â 1 RJ45 device port 2 Other device port 3 RJ45-to-RJ45 crossover cable 4 RX+/RX- and TX+/TX- connections. These connections must share a common color pair.
Connecting to the Network Figure 4-8 Eight-Wire Crossover Cable RJ45 Pinouts, Connections Between Hub Devices À Á TX1+ 1 1 TX2+ RX1- 2 2 RX2- TX2+ 3 3 TX1+ TX3+ 4 4 TX4+ RX3- 5 5 RX4- RX2- 6 6 RX1- TX4+ 7 7 TX3+ RX4- 8 8 RX3- Â 1 RJ45 device port 2 Other device port 3 RJ45-to-RJ45 crossover cable Figure 4-9 Eight-Wire Straight-Through Cable RJ45 Pinouts, Connections Between Switches and End-User Devices À Á TX1+ 1 1 TX2+ RX1- 2 2 RX2- TX2+ 3 3 TX1+ TX3+
Connecting to the Network Connecting Fiber-Optic Cables to Mini-GBICs This section provides the procedure for connecting 1‐Gigabit Ethernet fiber‐optic segments from the network or other devices to Mini‐GBIC MT‐RJ or LC port connectors installed in the 2S4082‐25 and 7S4280‐19 NAC Controller PEPs.
Connecting to the Network Figure 4-10 Cable Connection to MT-RJ Fiber-Optic Connectors 1 Installed Mini-GBIC MT-RJ connector 2 MT-RJ cable connector 3 Release tab 4-12 NAC Controller PEP Installation 4 Receive LED (RX) 5 Transmit LED (TX)
Connecting to the Network Figure 4-11 Cable Connection to LC Fiber-Optic Connectors 1 Installed Mini-GBIC LC connector 2 LC cable connector 3 Release tab 3. 4 Receive LED (RX) 5 Transmit LED (TX) Verify that a link exists by checking that the port RX LED is on (flashing amber, blinking green, or solid green). If the RX LED is off, perform the following steps until it is on: a. Verify that the device at the other end of the segment is ON and connected to the segment. b.
Connecting to COM Port for Local Management 5. Plug the other end of the cable into the appropriate port on the other device. Some cables may be terminated at the other end with two separate connectors, one for each fiber‐optic strand. In this case, ensure that the transmit fiber‐optic strand is connected to the receive port and the receive fiber‐optic strand to the transmit port.
Connecting to COM Port for Local Management 5. When these parameters are set, the Local Management password screen will display. Refer to the appropriate Enterasys Matrix DFE‐Diamond/Platinum Series Configuration Guide for further information.
Connecting to COM Port for Local Management Figure 4-13 Connecting a VT Series Terminal 1 UTP straight-through cable with RJ45 connectors 2 RJ45 COM port 3 RJ45-to-DB25 VT adapter 4 VT series terminal Connecting to a Modem To connect a modem to an Enterasys Networks chassis COM port (Figure 4‐14), use a UTP straight‐through cable with RJ45 connectors and an RJ45‐to‐DB25 male adapter, and proceed as follows: 1.
Connecting to COM Port for Local Management Figure 4-14 Connecting to a Modem 1 UTP straight-through cable with RJ45 connectors 2 RJ45 COM port 3 RJ45-to-DB25 modem adapter 4 Local modem 5 Remote modem 6 PC Adapter Wiring and Signal Assignments COM Port Adapter Wiring and Signal Diagram RJ45 DB9 Pin Conductor Pin Signal 1 Blue 2 Receive (RX) 4 Red 3 Transmit (TX) 5 Green 5 Ground (GRD) 2 Orange 7 Request to Send (RTS) 6 Yellow 8 Clear to Send (CTS) 1 Pins 8 RJ45 Connector
Completing the Installation VT Series Port Adapter Wiring and Signal Diagram RJ45 DB25 Pin Conductor Pin Signal 4 Red 2 Transmit (TX) 1 Blue 3 Receive (RX) 6 Yellow 5 Clear to Send (CTS) 5 Green 7 Ground (GRD) 2 Orange 20 Data Terminal Ready 1 Pins 8 Pins 13 25 RJ45 Connector (Female) 1 14 DB25 Connector (Female) Modem Port Adapter Wiring and Signal Diagram RJ45 DB25 Pin Conductor Pin Signal 1 Blue 2 Transmit (TX) 2 Orange 8 Data Carrier Detect (DCD) 4 Re
Completing the Installation First-Time Log-In Using a Console Port Connection Note: This procedure applies only to initial log-in, and to logging in to a device not yet configured with administratively-supplied user and password settings. By default, the Matrix NAC Controller PEP Series device is configured with three user login accounts: ro for Read-Only access; rw for Read-Write access; and admin for super-user access to all modifiable parameters. The default password is set to blank (carriage return).
Completing the Installation Figure 4-15 Matrix DFE Startup Screen Example (N7 Chassis) login: admin Password: M A T R I X N7 Command Line Interface Enterasys Networks, Inc. 50 Minuteman Rd. Andover, MA 01810-1008 U.S.A. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2003 Chassis Serial Number: xxxxxxxxxxxx Chassis Firmware Revision: xx.xx.
5 Troubleshooting This chapter provides information concerning the following: For information about... Refer to page... Using LANVIEW 5-1 Troubleshooting Checklist 5-4 Overview of the NAC Controller PEP Shutdown Procedure 5-6 Unless otherwise noted, the following information applies to all NAC Controller PEPs. Using LANVIEW The NAC Controller PEPs use a built‐in visual diagnostic and status monitoring system called LANVIEW.
Using LANVIEW Figure 5-1 LANVIEW LEDs for the 2S4082-25 1 MGMT LED Figure 5-1 2 Group 1, Port 1 LEDs LANVIEW LEDs for the 7S4280-19 1 MGMT LED 2 Group 1, Port 1 LEDs Table 5‐1 describes the LED indications and provides recommended actions as appropriate for both the 2S4082‐25 and 7S4280‐19 modules. The terms used in Table 5-1 indicate the following: • Flashing indicates an LED is flashing randomly. • Blinking indicates an LED is flashing at a steady rate (approximately 50% on, 50% off).
Using LANVIEW Table 5-1 LANVIEW LEDs LED Color State Recommended Action MGMT None Off. This module is NOT the Management Module. None. Green Solid. This module is the designated Management Module. None. Amber Flashing. This is a temporary indication that the module is saving data. None. None Power off. Ensure chassis has adequate power. Amber Blinking. Module in process of booting. None. Solid. Testing.
Troubleshooting Checklist Table 5-1 LANVIEW LEDs (continued) LED Color State Recommended Action TX (Transmit) None Port enabled, but no activity. If it is known that the port should be active and is not, contact Enterasys Networks for technical support. Green Flashing. Indicates data transmission activity. Rate of flashing indicates the data rate. None. Red Flashing. Fault or Error (collision). None, unless there is a high rate of activity.
Troubleshooting Checklist Table 5-2 Troubleshooting Checklist (continued) Problem Possible Cause Recommended Action Cannot contact the module through in-band management. IP address not assigned. Refer to the Enterasys Matrix DFE-Diamond/Platinum Series Configuration Guide for the IP address assignment procedure. Port is disabled. Enable port. Refer to the Enterasys Matrix DFE-Diamond/Platinum Series Configuration Guide for instructions to enable/disable ports.
Overview of the NAC Controller PEP Shutdown Procedure Overview of the NAC Controller PEP Shutdown Procedure Caution: Do not remove a NAC Controller PEP from an operating chassis system before reading the following information and instructions. Precaución: Antes de retirar los módulos DFE del chasis en funcionamiento, lea las siguientes instrucciones y la información suministrada.
Overview of the NAC Controller PEP Shutdown Procedure Recommended Shutdown Procedure Caution: Do not remove a NAC Controller PEP from an operating chassis system before reading the following information and instructions. Precaución: Antes de retirar los módulos DFE del chasis en funcionamiento, lea las siguientes instrucciones y la información suministrada. Before pulling a NAC Controller PEP out of a chassis, press or tap on its OFFLINE/RESET switch for less than 1 second.
Overview of the NAC Controller PEP Shutdown Procedure 5-8 Troubleshooting
6 Initializing the NAC Controller This chapter provides a detailed discussion of the NAC Controller software initialzation. For information about... Refer to page... Overview 6-1 General Management Considerations 6-3 Preparation for NAC Controller Initialization 6-6 The NAC Controller Initialization Procedure 6-7 The NAC Controller Policy Configuration 6-16 Overview The NAC Controller is composed of two subcompents, the Policy Enforcement Point (PEP) and the Engine.
Overview The ports located in the lower rows of the NAC Controller are referred to as ʺdownstream ports,ʺ and connect downlink to infrastructure devices such as access layer switches in the network. The two gigabit Ethernet ports located at the top of the NAC Controller are referred to as ʺupstream ports,ʺ and connect uplink to upstream devices such as core routers.
General Management Considerations General Management Considerations The following are general NAC Controller management configuration considerations: • Figure 6-2 The Layer 3 NAC Controller is positioned inbetween two routers on the network. Only one VLAN/subnet spans between these routers as shown in Figure 6‐2. For Layer 3 NAC Controller configuration, all data traffic (non‐management traffic) traversing the NAC Controller between the upstream router and the downstream router must be untagged.
General Management Considerations – The NAC Controller Engine management IP address is used for management traffic generated from the NAC Controller Engine, and the NAC Controller Engine remediation IP address used to run the remediation web server. – The NAC Controller Engine remediation IP address, mask, and default gateway must belong to the subnet that spans the downstream and upstream routers.
General Management Considerations Figure 6-4 Layer 2 Out-Of-Band Management Topology Figure 6-5 Layer 3 In-Band Management Topology Enterasys NAC Controller Hardware Installation Guide 6-5
Preparation for NAC Controller Initialization Figure 6-6 Layer 3 Out-Of-Band Management Preparation for NAC Controller Initialization Before starting the NAC Controller initialization: • Setup a PC capable of SSH. PuTTY, an SSH client, can be used on a machine running Microsoft Windows for SSH. PuTTY can be downloaded from the following link: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. • Connect the PC to the NAC Controller Engine 10/100 port with the supplied cross‐over capable.
The NAC Controller Initialization Procedure The NAC Controller Initialization Procedure With an SSH session open, a login prompt will display. Complete the initialization of the NAC Controller as follows: 1. Upon powering up the NAC Controller and opening the SSH session, you are presented with a login prompt. Welcome to the Enterasys Networks Network Access Controller Please log in as 'root' to begin the configuration process. enterasystag login: a.
The NAC Controller Initialization Procedure 4. If the management type for this installation is Out‐Of‐Band, a screen appears as displayed in Figure 6‐8 asking you to enter the VLAN ID for Out‐Of‐Band management. Out‐Of‐Band management requires a management VLAN separate from the VLAN spanning the two routers on which data traffic traverses the NAC Controller.
The NAC Controller Initialization Procedure Figure 6-10 Setup NAC Controller Engine Networking for In-Band Installation Types For Out‐Of‐Band management, as displayed in Figure 6‐11, enter the host name, management IP address/netmask (10/100 Ethernet interface), and remediation IP address/netmask, and click on Accept to proceed. The NAC Controller Engine management IP address must be on the same subnet as the NAC Controller PEP IP address.
The NAC Controller Initialization Procedure Figure 6-11 7. A screen appears asking you to setup the NAC Controller PEP networking. Enter the IP address/netmask, gateway, SNMP V3 User, SNMP Authentication, and SNMP Privacy as displayed in Figure 6‐12 and click on Accept to proceed.
The NAC Controller Initialization Procedure 8. A screen appears asking you to enter the NetSight server IP address. Enter the IP address of the NetSight server as displayed in Figure 6‐13 and click on OK to proceed. Figure 6-13 9. Enter NetSight Server IP Address A setup review screen appears allowing you to confirm your configuration. Confirm the setup configuration as displayed in Figure 6‐14 for In‐Band management type and Figure 6‐15 for Out‐Of‐Band management type and click on Yes to proceed.
The NAC Controller Initialization Procedure Figure 6-15 Out-Of-Band Management Type Configuration Setup Confirmation 10. A screen displays the current configured date and time and asks you whether you would like to update the date and time as displayed in Figure 6‐16. If you select No, skip the following two steps and proceed to Step 14 to configure the UTC/Local Time Hardware Clock setting. If you select Yes, proceed to Step 11. Figure 6-16 Configure System Date and Time 11.
The NAC Controller Initialization Procedure Figure 6-17 Set the System Date 12. A screen displays for setting the system time in an hour/minute/second format as displayed in Figure 6‐18. Click on the desired box to make any changes and click on OK to proceed. Figure 6-18 Set the System Time 13. A screen displays for setting whether the hardware clock is set to the Coordinated Universal Time (UTC/GMT) or to local time as displayed in Figure 6‐19. Select your hardware clock setting.
The NAC Controller Initialization Procedure Figure 6-19 Select the UTC/Local Hardware Clock Setting If your system hardware clock is set to local time, go to Step 14. If your system hardware clock is set to UTC, go to Step 15. 14. If your system hardware clock is set to local, the timezone configuration screen displays as displayed in Figure 6‐20. Select the desired timezone and click OK to proceed. Figure 6-20 Timezone Configuraiton 15. A screen appears allowing you to enable an SNMP daemon.
The NAC Controller Initialization Procedure Figure 6-21 Enable an SNMP Daemon 16. If you selected No to enable an SNMP Daemon, the initialization of the NAC Controller is complete. If you selected Yes to enable an SNMP Daemon an SNMP system information screen displays as shown in Figure 6‐22. Enter the SNMP trap community string, the SNMP V3 user, SNMP authentication, and SNMP privacy. Optionally enter in a system contact and system location.
The NAC Controller Policy Configuration The NAC Controller Policy Configuration Review the following considerations prior to configuring policy on NAC Controller PEP devices: Setup the VLAN Configurations NAC Controller PEP VLAN configuration must conform with the requirements of your network topology. During NAC Controller Engine management initialization for Out‐Of‐Band management configurations, you entered a management VLAN for this NAC Controller.
The NAC Controller Policy Configuration See Figure 6‐24 to help visualize how you would determine the NAC Controller mode of operation. Starting at the end‐user and moving up stream, the position of the first NAC Controller is downstream of the first router in its path. This NAC Controller functions in L2 operations mode. Continuing to move upstream past the router, the next NAC Controller is upstream of the first router in its path. This NAC Controller functions in L3 operations mode.
The NAC Controller Policy Configuration Modifying NAC Controllers Preconfigured Policy NAC Controllers are shipped with a default policy configuration already configured on the device. To modify this default policy configuration, you must create a domain for the NAC Controller as discussed in section “NAC Controllers Require Separate Domains” on page 6‐16, assign the NAC Controller to the domain, then import the policy configuration from the device into Policy Manager.
The NAC Controller Policy Configuration Figure 6-26 Import From Device Wizard 4. The Organize and Update window will display. Click the Next button to procced. 5. The Merge Rules window will display. Click the Next button to procced. 6. The Roles screen displays as shown in Figure 6‐27. You need to assure that the Assessing and Quarantine services are properly configured. Click on the Services tab to access the Services screen. Figure 6-27 7.
The NAC Controller Policy Configuration Manual Services for the rules associated with that role to display in the Details View on the right hand side of the screen. Verify and modify rules as appropriate for your network.
The NAC Controller Policy Configuration Modifying the Downstream Default Policy Depending on the network configuration or circumstances, itʹs possible that traffic from the upstream side could be rerouted to the NAC Controller, where it would be authenticated using the upstream source IP address.
The NAC Controller Policy Configuration 6-22 Initializing the NAC Controller
A Specifications and Regulatory Compliance This appendix provides operating specifications for the NAC Controller. Enterasys Networks reserves the right to change the specifications at any time without notice. For information about... Refer to page...
7C111 Chassis Specifications and Regulatory Compliance Power Supply Table A-2 7C111 Power Supply Specifications Item Specification Electrical Accepts up to (2) IEC320 C13 power cord plugs Input Frequency: 50 to 60 Hz Input (Voltage/Amps): 2 x 100 to 125 Vac ~ 3.6 A 2 x 200 to 240 Vac ~ 1.6 A Input Power: 400 W Output Voltages: 5 V @ 40 amps 12 V @ 5.5 amps 3.
7C111 Chassis Specifications and Regulatory Compliance NAC Controller Engine Interface Specifications Table A‐5 provides the Input/Output ports, processor and memory, physical, and environmental specifications for the NAC Controller Engine (same on both ‐SYS models).
7C111 Chassis Specifications and Regulatory Compliance Table A-5 NAC Controller Engine Specifications (continued) Item Specification DC Output Voltage 12v DC Output Amps 5A Physical Dimensions • Width: 10.65 in. (27.05 cm) • Length: 7.3 in. (18.54 cm) • Depth: 1.8 in (4.57 cm) Predicted hours for Mean Time Between Failures (MTBF) For the MTBF hours for this module, refer to the MTBF web site at URL http://www.enterasys.
NAC Controller PEP 2S4082-25 Module Specifications NAC Controller PEP 2S4082-25 Module Specifications Table A‐7 provides the I/O ports, processors and memory, physical, and environmental module specifications for the 2S4082‐25. Table A-7 Specifications for 2S4082-25 Item Specification Ports Ports 1 through 24 Twenty-four 10BASE-T/100BASE-TX/1000BASE-T compliant ports through twenty-four RJ45 connectors. Network Expansion Module slot The NAC Controller Engine is pre-installed.
2S4082-25 COM Port Pinout Assignments 2S4082-25 COM Port Pinout Assignments The COM port is a serial communications port for local access to Local Management. Refer to Table A‐6 for the COM port pin assignments.
NAC Controller PEP 7S4280-19 Specifications Table A-9 Specifications (continued) Item Specification Environmental Operating Temperature 5°C to 40°C (41°F to 104°F) Storage Temperature -30°C to 73°C (-22°F to 164°F) Operating Relative Humidity 5% to 90% (non-condensing) Mini-GBIC Input/Output Specifications The Mini‐Gigabit Ethernet Card (Mini‐GBIC) port interface slots can accept 1000BASE‐SX short wavelength or 1000BASE‐LX long wavelength fiber‐optic Mini‐GBICs (see Table A‐10).
NAC Controller PEP 7S4280-19 Specifications Gigabit Ethernet Specifications The following specifications for the Mini‐GBICs (shown in Table A‐12 through Table A‐20) meet or exceed the IEEE 802.3z‐1998 standard. MGBIC-LC01/MGBIC-MT01 Specifications (1000BASE-SX) Table A-12 MGBIC-LC01 / MGBIC-MT01 Optical Specifications Item 62.5 µm MMF 50 µm MMF Transmit Power (minimum) -9.5 dBm -9.5 dBm Receive Sensitivity -17 dBm -17 dBm Link Power Budget 7.5 dBm 7.
NAC Controller PEP 7S4280-19 Specifications MGBIC-LC09 Specifications (1000BASE-LX) Table A-16 MGBIC-LC09 Optical Specifications Item 62.5 µm MMF 50 µm MMF 10 µm MMF Transmit Power (minimum) -11.5 dBm -11.5 dBm -9.5 dBm Receive Sensitivity -20 dBm -20 dBm -20 dBm Link Power Budget 8.5 dBm 8.5 dBm 10.5 dBm Table A-17 MGBIC-LC09 Operating Range Item Modal Bandwidth @ 1300 nm Range 62.
NAC Controller PEP 7S4280-19 Specifications MGBIC-02 Specifications (1000BASE-T) Table A-20 MGBIC-02 / Specifications Item Specification Supported Cable Type: Copper, Category 5 UTP Maximum Length Up to 100 meters Connector RJ45 Data Rate 1 Gbps, IEEE 802.
B Mode Switch Bank Settings and Optional Installations This appendix covers the following items: For information about... Refer to page...
Memory Locations and Replacement Procedures module names, are reset to the factory default settings. Once the module resets, you can either use the factory default settings or reenter your own parameters. • Switch 8 – Clear Admin Password. Changing the position of this switch clears the admin password, and restores the factory default password on the next power‐up of the module. Once the module resets, you can either use the factory default settings or reenter your own password.
Memory Locations and Replacement Procedures Figure B-2 shown) DIMM and DRAM SIMM Locations for the NAC Controller PEP (2S4082-25 1 Flash DIMM 2 DRAM SIMM Flash DIMM Replacement Procedure Caution: Observe all Electrostatic Discharge (ESD) precautions when handling sensitive electronic equipment. Precaución: Al trabajar con equipos electrónicos sensibles, tome todas las precauciones de seguridad para evitar descargas de electricidad estática. 1. Refer to Figure B‐3.
Memory Locations and Replacement Procedures Installing the DIMM Caution: Observe all Electrostatic Discharge (ESD) precautions when handling sensitive electronic equipment. Precaución: Al trabajar con equipos electrónicos sensibles, tome todas las precauciones de seguridad para evitar descargas de electricidad estática. To install a DIMM, refer to Figure B‐4 and proceed as follows: 1. Insert the DIMM down between the connector fingers. 2.
Memory Locations and Replacement Procedures DRAM SIMM Replacement Procedure Caution: Observe all Electrostatic Discharge (ESD) precautions when handling sensitive electronic equipment. Precaución: Al trabajar con equipos electrónicos sensibles, tome todas las precauciones de seguridad para evitar descargas de electricidad estática. Removing the DRAM SIMM To remove the existing DRAM SIMM, proceed as follows: 1. Locate the DRAM SIMM connector on the main PC board. Refer back to Figure B‐5. 2.
Memory Locations and Replacement Procedures Figure B-6 Installing the DRAM SIMM Ã Á À Ã Â 1 DRAM SIMM Connector arms 2 DRAM SIMM B-6 Mode Switch Bank Settings and Optional Installations À 3 Connector contacts 4 DRAM SIMM alignment notches (2)
Index Numerics 1000BASE-SX/LX/ELX network connections requirements for 2-5 1000BASE-T network connections requirements for 2-4 100BASE-TX requirements 2-4 10BASE-T connection 4-7 requirements 2-4 2S4082-25-SYS picture 1-1 7S4280-19-SYS picture 1-1 802.1D-1998 1-7 802.1Q-1998 1-7 802.
T Transmit LEDs viewing of 5-1 Troubleshooting 1-7, 5-1 checklist for 5-4 U Unpacking the module 4-1 V Viewing Receive and Transmit Activity instructions for 5-1 Index-2
