Installation Guide
Table Of Contents
- Brocade NetIron MLXe Series Hardware Installation Guide
- Preface
- About This Document
- Product Overview
- Brocade router overview
- Router applications
- Hardware features
- Router modules
- Management modules
- Interface modules
- 2x100GbE CFP2 optics based high density module
- PBIF Recovery
- 2x100GbE CFP2 P2010 specifications
- 2x100GbE CFP2 DDR3 SDRAM memory specifications
- BR-MLX-10GX20-X2 and BR-MLX-100GX2-CFP2-X2 Router Software
- BR-MLX-10GX20-X2 and BR-MLX-100GX2-CFP2-X2 scalability for IPv4 and IPv6 routes
- 2x100G XPP ILKN monitoring
- CPU threshold monitoring
- MLXe BR-MLX-10Gx4-M IPsec and IKEv2
- Encryption and Decryption of IPv4 Unicast Data and Control Packets
- IKEv2 Authentication
- IPsec and IKEv2 configuration
- Configuring Global IKEv2 Options
- Configuring the IKEv2 Proposal
- Configuring the IKEv2 Policy
- Configuring the IKEv2 Profile
- Configuring the IKEv2 authentication proposal
- Configuring the IPsec Proposal
- Configuring the IPsec Profile
- IKEv2 Show Commands
- IKEv2 Clear Commands
- MLX-10GX4-IPSEC-M Forwarding
- 2x100G XPP ILKN monitoring
- 10Gx24-port interface module
- MLX 24-port 10Gbps (BR-MLX-10Gx24-DM) Interface Modules
- 8x10GE-X interface modules
- Gen-1 10Gx2 and 10Gx4 Ethernet interface modules
- BR-MLX-10GX4-X and BR-MLX-10Gx4-X-ML interface module LEDs
- Gen-1.1 4-port 10 Gbps Ethernet interface modules
- 8-port 10 Gbps M and D interface modules
- 24-port 1 Gbps Ethernet copper RJ-45 interface module
- 24-port 1 Gbps fiber interface module
- 20-port 100/1000 Ethernet interface module
- 20-port 10/100/1000 Ethernet interface module
- NI-MLX-1Gx48-T-A interface module
- BR-MLX-40Gx4-M 4-port 40GbE module
- Auto-tuning links
- Forward Error Correction mode
- Switch fabric modules
- High-speed switch fabric modules
- CFP2 to QSFP28 conversion module
- Power supplies
- Rack mounting brackets
- Cooling system for Brocade MLXe Series routers
- NIBI-16-FAN-EXH-A high-speed fan assemblies
- Rack mount kit
- Supported software features
- Installing a Brocade MLXe Router
- Pre-Installation notice for the Brocade MLXe chassis bundles
- Installation precautions
- Installing 2x100GbE CFP2 interface modules in Brocade MLXe Series routers
- Installing BR-MLX-10Gx24-DM interface modules in Brocade MLXe Series routers
- Installing a Brocade MLXe Series-4 router
- Installing a Brocade MLXe Series-8 router
- Installing a Brocade MLXe Series-16 router
- Mounting Brocade MLXe Series-4, -8, or -16 routers in a 4-post EIA rack
- Installing a Brocade MLXe Series-32 router
- Preparing the installation site
- Brocade MLXe Series-32 router shipping carton contents
- Unpacking your Brocade MLXe Series-32 router
- Installing a Brocade MLXe Series-32 router in an EIA rack
- Installing modules in the Brocade MLXe Series-32 router
- Brocade MLXe Series-32 cable management
- Accessing modules for service
- Installing power supplies in a Brocade MLXe Series-32 router
- Connecting AC power
- Connecting DC power
- Removing Brocade MLXe Series-32 router DC power supplies
- Final steps
- Attaching a management station
- Activating the power source
- Verifying proper operation
- Using Brocade Structured Cabling Components
- Cable cinch overview
- mRJ21 procedures
- RJ-45 procedures
- Cable cinch with one group of RJ-45 cables
- Cable cinch with two groups of RJ-45 cables
- Cable cinch with three groups of RJ-45 cables
- Cable cinch with four groups of RJ-45 cables
- Cable cinch with five groups of RJ-45 cables
- Cable cinch with six groups of RJ-45 cables
- Cable cinch with seven groups of RJ-45 cables
- Cable cinch with eight groups of RJ-45 cables
- Connecting a Router to a Network Device
- Managing Routers and Modules
- Managing the device
- Disabling and re-enabling power to interface modules
- Monitoring I2C failures on management modules
- Displaying device status and temperature readings
- Displaying the Syslog configuration and static and dynamic buffers
- Router Headless State by MP Presence from LP
- Rolling Reboot
- Line Module Configuration Deletion in Interactive Boot Mode
- Managing switch fabric modules
- Managing the cooling system
- Managing interface modules
- Configuring interface module boot parameters
- Synchronizing the software image between management modules and interface modules
- Changing the boot source
- Specifying an immediate boot
- Specifying an immediate boot from the auxiliary flash slots on the management module
- Specifying an immediate boot from management module flash memory
- Specifying an immediate boot from flash memory on the interface module
- Specifying an immediate boot from a TFTP server
- Specifying an immediate interactive boot
- Configuring an automatic boot
- Configuring an automatic boot from the auxiliary flash slot on the management module
- Configuring an automatic boot from flash memory on the management module
- Configuring an automatic boot from flash memory on the interface module
- Configuring an automatic boot from a TFTP server
- Configuring an automatic interactive boot
- Changing priority of slots for interface modules
- Disabling and re-enabling power to interface modules
- Configuring interface module boot parameters
- Monitoring Link Status
- Traffic Manager XPP link monitoring
- Using alarms to collect and monitor device status
- Displaying MR2 management module memory usage
- Enabling and disabling management module CPU usage calculations
- Displaying management module CPU usage
- Removing MAC address entries
- IPv6 ND Proxy
- DRBG Health Test on IPsec LP
- Managing the device
- Maintenance and Field Replacement
- Maintenance and field replacement overview
- Hardware maintenance schedule
- Replacing a management module
- Replacing an interface module
- Replacing a switch fabric module
- Replacing a fiber-optic transceiver
- Replacing a power supply
- Replacing fan assemblies
- Hardware Specifications
- Brocade MLXe Chassis Bundles
- Regulatory Statements
- Caution and Danger Notices
b) Set the mode of the tunnel to IPsec IPv4 by entering the tunnel mode ipsec ipv4command.
2. Configure the following values, if the default values are not acceptable.
∙ IKE Proposal
∙ IKE Policy
∙ IKE Profile
∙ IKE Authentication
∙ IPSEC Proposal
∙ IPSEC Profile
3. Bind the IPsec Profile to the VTI interface using the tunnel protection ipsec profile
profilename
command.
Configuring Global IKEv2 Options
Configure global IKEv2 options that are independent of peers. All the global IKE commands start with prefix ikev2.
IKEv2 Option Description
ikev2 retry-count
<number>
Maximum number of attempts to retransmit a message. Default 5.
NOTE
Range is 1 to 10.
ikev2 exchange-max-time
<seconds>
Maximum setup time for an exchange, in seconds. Default 30 seconds.
NOTE
Range is 0 to 300 seconds.
ikev2 retransmit-interval
<time>
IKEv2 message resend delay, in seconds. This is the time that the IKEv2 task is to wait before attempting the first
resend of a packet. Default is 5 seconds. Retransmit interval will increase exponentially.
NOTE
Range is 1 to 60 seconds.
ikev2 http-url-cert Enables the HTTP CERT support. HTTP CERT is disabled by default. If enabled then
HTTP_CERT_LOOKUP_SUPPORTED should be send along with the CERT_REQ payload. Default is disabled.
ikev2 cookie-challenge
<number
>
Enabled an IKEv2 cookie challenge only when the number of half-open IKE SAs crosses the configured number.
Default is disabled.
NOTE
Range is 1 to 2000 (max number of SA supported).
ikev2 limit { max-in-negotiation-
sa limit | max - sa limit }
max-in-negotiation-sa limit — Limits the total number of in negotiation IKEv2 SAs on the node. Default is 256.
max-sa limit — Limits the total number of IKEv2 SAs on the LP. Default is 256.
NOTE
For both limits the range is 1 to 256 (max SAs supported).
ikev2 Allow duplicate ike-sa For a given source/destination and IKE Profile, if multiple IKE SA can be created. This will be applicable only for
incoming IKE session. Default is disabled. This will be used for inter-op with other vendors.
NOTE
Not supported for NI R05.8.00 release.
ikev2 fragmentation [ mtu-size ] (Optional) To support fragmentation of IKEv2 message into small parts to avoid UDP level fragmentation. Default
it is disabled. It is at the global level because the routing can change, and we should be able to estimate what will
be the maximum size for the router. Range should be between 68 to 1500.
Product Overview
Brocade NetIron MLXe Series Hardware Installation Guide
53-1004203-03 47