Installation Guide
Table Of Contents
- Brocade NetIron MLXe Series Hardware Installation Guide
- Preface
- About This Document
- Product Overview
- Brocade router overview
- Router applications
- Hardware features
- Router modules
- Management modules
- Interface modules
- 2x100GbE CFP2 optics based high density module
- PBIF Recovery
- 2x100GbE CFP2 P2010 specifications
- 2x100GbE CFP2 DDR3 SDRAM memory specifications
- BR-MLX-10GX20-X2 and BR-MLX-100GX2-CFP2-X2 Router Software
- BR-MLX-10GX20-X2 and BR-MLX-100GX2-CFP2-X2 scalability for IPv4 and IPv6 routes
- 2x100G XPP ILKN monitoring
- CPU threshold monitoring
- MLXe BR-MLX-10Gx4-M IPsec and IKEv2
- Encryption and Decryption of IPv4 Unicast Data and Control Packets
- IKEv2 Authentication
- IPsec and IKEv2 configuration
- Configuring Global IKEv2 Options
- Configuring the IKEv2 Proposal
- Configuring the IKEv2 Policy
- Configuring the IKEv2 Profile
- Configuring the IKEv2 authentication proposal
- Configuring the IPsec Proposal
- Configuring the IPsec Profile
- IKEv2 Show Commands
- IKEv2 Clear Commands
- MLX-10GX4-IPSEC-M Forwarding
- 2x100G XPP ILKN monitoring
- 10Gx24-port interface module
- MLX 24-port 10Gbps (BR-MLX-10Gx24-DM) Interface Modules
- 8x10GE-X interface modules
- Gen-1 10Gx2 and 10Gx4 Ethernet interface modules
- BR-MLX-10GX4-X and BR-MLX-10Gx4-X-ML interface module LEDs
- Gen-1.1 4-port 10 Gbps Ethernet interface modules
- 8-port 10 Gbps M and D interface modules
- 24-port 1 Gbps Ethernet copper RJ-45 interface module
- 24-port 1 Gbps fiber interface module
- 20-port 100/1000 Ethernet interface module
- 20-port 10/100/1000 Ethernet interface module
- NI-MLX-1Gx48-T-A interface module
- BR-MLX-40Gx4-M 4-port 40GbE module
- Auto-tuning links
- Forward Error Correction mode
- Switch fabric modules
- High-speed switch fabric modules
- CFP2 to QSFP28 conversion module
- Power supplies
- Rack mounting brackets
- Cooling system for Brocade MLXe Series routers
- NIBI-16-FAN-EXH-A high-speed fan assemblies
- Rack mount kit
- Supported software features
- Installing a Brocade MLXe Router
- Pre-Installation notice for the Brocade MLXe chassis bundles
- Installation precautions
- Installing 2x100GbE CFP2 interface modules in Brocade MLXe Series routers
- Installing BR-MLX-10Gx24-DM interface modules in Brocade MLXe Series routers
- Installing a Brocade MLXe Series-4 router
- Installing a Brocade MLXe Series-8 router
- Installing a Brocade MLXe Series-16 router
- Mounting Brocade MLXe Series-4, -8, or -16 routers in a 4-post EIA rack
- Installing a Brocade MLXe Series-32 router
- Preparing the installation site
- Brocade MLXe Series-32 router shipping carton contents
- Unpacking your Brocade MLXe Series-32 router
- Installing a Brocade MLXe Series-32 router in an EIA rack
- Installing modules in the Brocade MLXe Series-32 router
- Brocade MLXe Series-32 cable management
- Accessing modules for service
- Installing power supplies in a Brocade MLXe Series-32 router
- Connecting AC power
- Connecting DC power
- Removing Brocade MLXe Series-32 router DC power supplies
- Final steps
- Attaching a management station
- Activating the power source
- Verifying proper operation
- Using Brocade Structured Cabling Components
- Cable cinch overview
- mRJ21 procedures
- RJ-45 procedures
- Cable cinch with one group of RJ-45 cables
- Cable cinch with two groups of RJ-45 cables
- Cable cinch with three groups of RJ-45 cables
- Cable cinch with four groups of RJ-45 cables
- Cable cinch with five groups of RJ-45 cables
- Cable cinch with six groups of RJ-45 cables
- Cable cinch with seven groups of RJ-45 cables
- Cable cinch with eight groups of RJ-45 cables
- Connecting a Router to a Network Device
- Managing Routers and Modules
- Managing the device
- Disabling and re-enabling power to interface modules
- Monitoring I2C failures on management modules
- Displaying device status and temperature readings
- Displaying the Syslog configuration and static and dynamic buffers
- Router Headless State by MP Presence from LP
- Rolling Reboot
- Line Module Configuration Deletion in Interactive Boot Mode
- Managing switch fabric modules
- Managing the cooling system
- Managing interface modules
- Configuring interface module boot parameters
- Synchronizing the software image between management modules and interface modules
- Changing the boot source
- Specifying an immediate boot
- Specifying an immediate boot from the auxiliary flash slots on the management module
- Specifying an immediate boot from management module flash memory
- Specifying an immediate boot from flash memory on the interface module
- Specifying an immediate boot from a TFTP server
- Specifying an immediate interactive boot
- Configuring an automatic boot
- Configuring an automatic boot from the auxiliary flash slot on the management module
- Configuring an automatic boot from flash memory on the management module
- Configuring an automatic boot from flash memory on the interface module
- Configuring an automatic boot from a TFTP server
- Configuring an automatic interactive boot
- Changing priority of slots for interface modules
- Disabling and re-enabling power to interface modules
- Configuring interface module boot parameters
- Monitoring Link Status
- Traffic Manager XPP link monitoring
- Using alarms to collect and monitor device status
- Displaying MR2 management module memory usage
- Enabling and disabling management module CPU usage calculations
- Displaying management module CPU usage
- Removing MAC address entries
- IPv6 ND Proxy
- DRBG Health Test on IPsec LP
- Managing the device
- Maintenance and Field Replacement
- Maintenance and field replacement overview
- Hardware maintenance schedule
- Replacing a management module
- Replacing an interface module
- Replacing a switch fabric module
- Replacing a fiber-optic transceiver
- Replacing a power supply
- Replacing fan assemblies
- Hardware Specifications
- Brocade MLXe Chassis Bundles
- Regulatory Statements
- Caution and Danger Notices
For an outgoing connection, the IKE profile is chosen based on the IPsec-Profile used by VTI. The IKE policy will be selected based on
the local IP-address.
The following rules apply to match statements:
∙ An IKEv2 profile must contain an identity to match; otherwise, the profile is considered incomplete and is not used. An IKEv2
profile can have more than one match identity.
∙ An IKEv2 VRF will match with the VTI Base VRF.
∙ When a profile is selected, multiple match statements of the same type are logically ORed, and multiple match statements of
different types are logically ANDed.
∙ Configuration of overlapping profiles is considered a misconfiguration. In the case of multiple profile matches, the first profile
will be selected.
IKEv2 Option Description
Ikev2 profile
<name>
Defines an IKEv2 profile name and enters IKEv2 profile configuration mode.
description
<description>
(Optional) Description text for this profile.
authentication
<authentication-
proposal -name>
Authentication Proposal to be used with this IKE profile.
local_identifier { address
<ipv4-
address>
dn | dn
<dn-string>
| fqdn
<fqdn-string>
| key-id
<key-id
String>
| email
<email-string>
}
(Optional) Local system ID to be sent with ID payload during negotiation. Allowed formats of this entry are as
follows:
∙ address is IPv4.
∙ dn is Distinguished name.
∙ FQDN is Fully Qualified Domain Name. For example, router1.example.com.
∙ email is E-mail ID. For example,test@test.com.
∙ key-id is Key ID.
remote-identifier { address
<ipv4-
address>
dn | dn
<dn-string>
| fqdn
<fqdn-string>
| key-id
<key-id
String>
| email
<email-string>
}
(Optional) Remote system ID that we want to communicate with. Allowed formats of this entry are as follows:
∙ address is IPv4.
∙ dn is Distinguished name.
∙ FQDN is Fully Qualified Domain Name. For example, router1.example.com.
∙ email is E-mail ID. For example,test@test.com.
∙ key-id is Key ID.
keepalive
<seconds>
(Optional) Interval, in seconds, between the IKE Notify messages sent to query peer liveness and thus detect a
dead peer. Default is enabled and the default value is 30 sec. Range should be between 0-3600 seconds. 0
means that keep-alive is not enabled.
lifetime
<minutes>
(Optional) IKE SA lifetime in minutes. Default is 24 Hours, 1440 minutes. Range should be between 10-1440
minutes.
responder-only (Optional) In responder-only mode, this host acts as the responder and does not initiate negotiation and rekeying.
Otherwise, this host acts as initiator; negotiation starts when the IKE Peer is reachable. By default the router
behave as both initiator and responder.
[no] initial-contact-payload (Optional) This host may have rebooted and peers may have SAs that are no longer valid. Use the value on to
send an initial contact message to a peer, so that it will delete old SAs. Use the value off to disable this feature.
Default is disabled.
match identity { local { address
{
<ipv4-address>
} } | dn
<dn-
string>
| email
<email-string>
|
fqdn
<fdqn-string>
| key-id
<key-
id string>
| } remote { address
{
<ipv4-address>
[mask] } | dn
<dn-string>
| email
<email-string>
|
fqdn
<fdqn-string>
| key-id
<key-
id string>
}
To Select IKE profile (PAD) for a peer based on local or remote received Identity parameters such as the IP
address, email or FDQN.
Product Overview
Brocade NetIron MLXe Series Hardware Installation Guide
50 53-1004203-03