®
Enterasys
NAC Controller
Hardware Installation Guide
2S4082-25-SYS
7S4280-19-SYS
P/N 9034376
Electrical Hazard: Only qualified personnel should perform installation procedures.
Riesgo Electrico: Solamente personal calificado debe realizar procedimientos de instalacion.
Elektrischer Gefahrenhinweis: Installationen sollten nur durch ausgebildetes und qualifiziertes Personal
vorgenommen werden.
Notice
Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and
its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such
changes have been made.
The hardware, firmware, or software described in this document is subject to change without notice.
IN NO EVENT SHALL ENTERASYS NETWORKS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR
CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF
OR RELATED TO THIS DOCUMENT, WEB SITE, OR THE INFORMATION CONTAINED IN THEM, EVEN IF
ENTERASYS NETWORKS HAS BEEN ADVISED OF, KNEW OF, OR SHOULD HAVE KNOWN OF, THE POSSIBILITY OF
SUCH DAMAGES.
Enterasys Networks, Inc.
50 Minuteman Road
Andover, MA 01810
© 2008 Enterasys Networks, Inc. All rights reserved.
Part Number: 9034376 March 2008
ENTERASYS, ENTERASYS NETWORKS, ENTERASYS MATRIX, ENTERASYS NETSIGHT, LANVIEW, WEBVIEW, and any
logos associated therewith, are trademarks or registered trademarks of Enterasys Networks, Inc., in the United States and other
countries.
All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies.
Documentation URL: http://www.enterasys.com/support/manuals
i
Regulatory Compliance Information
Federal Communications Commission (FCC) Notice
This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not
cause harmful interference, and (2) this device must accept any interference received, including interference that may cause
undesired operation.
NOTE: This equipment has been tested and found to comply with the limits for a class A digital device, pursuant to Part 15 of
the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is
operated in a commercial environment. This equipment uses, generates, and can radiate radio frequency energy and if not
installed in accordance with the operator’s manual, may cause harmful interference to radio communications. Operation of this
equipment in a residential area is likely to cause interference in which case the user will be required to correct the interference
at his own expense.
WARNING: Changes or modifications made to this device which are not expressly approved by the party responsible for
compliance could void the user’s authority to operate the equipment.
Industry Canada Notice
This digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatus set out in the Radio
Interference Regulations of the Canadian Department of Communications.
Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils
numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des
Communications du Canada.
Class A ITE Notice
WARNING: This is a Class A product. In a domestic environment this product may cause radio interference in which case the
user may be required to take adequate measures.
Clase A. Aviso de ITE
ADVERTENCIA: Este es un producto de Clase A. En un ambiente doméstico este producto puede causar interferencia de radio
en cuyo caso puede ser requerido tomar medidas adecuadas.
Klasse A ITE Anmerkung
WARNHINWEIS: Dieses Produkt zählt zur Klasse A ( Industriebereich ). In Wohnbereichen kann es hierdurch zu
Funkstörungen kommen, daher sollten angemessene Vorkehrungen zum Schutz getroffen werden.
Product Safety
This product complies with the following: UL 60950, CSA C22.2 No. 60950, 2006/95/EC, EN 60950, IEC 60950, EN 60825,
21 CFR 1040.10.
Seguridad del Producto
El producto de Enterasys cumple con lo siguiente: UL 60950, CSA C22.2 No. 60950, 2006/95/EC, EN 60950, IEC 60950, EN 60825,
21 CFR 1040.10.
Produktsicherheit
Dieses Produkt entspricht den folgenden Richtlinien: UL 60950, CSA C22.2 No. 60950, 2006/95/EC, EN 60950, IEC 60950,
EN 60825, 21 CFR 1040.10.
ii
Electromagnetic Compatibility (EMC)
This product complies with the following: 47 CFR Parts 2 and 15, CSA C108.8, 2004/108/EC, EN 55022, EN 61000‐3‐2,
EN 61000‐3‐3, EN 55024, AS/NZS CISPR 22, VCCI V‐3.
Compatibilidad Electromágnetica (EMC)
Este producto de Enterasys cumple con lo siguiente: 47 CFR Partes 2 y 15, CSA C108.8, 2004/108/EC, EN 55022, EN 55024,
EN 61000‐3‐2, EN 61000‐3‐3, AS/NZS CISPR 22, VCCI V‐3.
Elektro- magnetische Kompatibilität ( EMC )
Dieses Produkt entspricht den folgenden Richtlinien: 47 CFR Parts 2 and 15, CSA C108.8, 2004/108/EC, EN 55022, EN 61000‐3‐2,
EN 61000‐3‐3, EN 55024, AS/NZS CISPR 22, VCCI V‐3.
Hazardous Substances
This product complies with the requirements of European Directive, 2002/95/EC, Restriction of Hazardous Substances (RoHS)
in Electrical and Electronic Equipment.
European Waste Electrical and Electronic Equipment (WEEE) Notice
In accordance with Directive 2002/96/EC of the European Parliament on waste electrical and electronic equipment (WEEE):
1. The symbol above indicates that separate collection of electrical and electronic equipment is required and that this product
was placed on the European market after August 13, 2005, the date of enforcement for Directive 2002/96/EC.
2. When this product has reached the end of its serviceable life, it cannot be disposed of as unsorted municipal waste. It must
be collected and treated separately.
3. It has been determined by the European Parliament that there are potential negative effects on the environment and human
health as a result of the presence of hazardous substances in electrical and electronic equipment.
4. It is the users’ responsibility to utilize the available collection system to ensure WEEE is properly treated.
For information about the available collection system, please go to www.enterasys.com/support/ or contact Enterasys
Customer Support at 353 61 705586 (Ireland).
iii
ѻક䇈ᯢк䰘ӊ
Supplement to Product Instructions
᳝↦᳝ᆇ⠽䋼
ܗ ㋴ꢀ(Hazardous Substance) 䚼ӊৡ⿄ꢀ
(Parts)
䪙ꢀ
ꢁ3Eꢂ
∲ꢀ
ꢁ+Jꢂ
䬝ꢀ
ꢁ&Gꢂ
݁Ӌ䫀ꢀ
ꢁ&Uꢃꢄꢂ
⒈㘨㣃ꢀ
ꢁ3%%ꢂ
⒈Ѡ㣃䝮ꢀ
ꢁ3%'(ꢂ
䞥ሲ䚼ӊꢀ
h
ƻ
ƻ
h
h
ƻ
ƻ
ƻ
(Metal Parts)
⬉䏃ഫꢀ
h
ƻ
ƻ
ƻ
(Circuit Modules)
⬉㓚ঞ⬉㓚㒘ӊꢀ
h
ƻ
ƻ
ƻ
ƻ
ƻ
ƻ
ƻ
h
h
ƻ
h
ƻ
ƻ
ƻ
ƻ
h
ƻ
(Cables & Cable Assemblies)
ล᭭㘮ড়⠽䚼ӊꢀ
(Plastic and Polymeric parts)
⬉䏃ᓔ݇ꢀ
(Circuit Breakers)
ꢀ
ƻ˖ 㸼⼎䆹᳝↦᳝ᆇ⠽䋼䆹䚼ӊ᠔᳝ഛ䋼ᴤ᭭Ёⱘ䞣ഛ SJ/T 11363-2006 ᷛ
ޚ 㾘ᅮⱘ䰤䞣㽕∖ҹϟDŽꢀꢀꢀ Indicates that the concentration of the hazardous substance in all homogeneous materials in the parts is
below the relevant threshold of the SJ/T 11363-2006 standard.
h˖ 㸼⼎䆹᳝↦᳝ᆇ⠽䋼㟇ᇥ䆹䚼ӊⱘᶤϔഛ䋼ᴤ᭭Ёⱘ䞣䍙
ߎ SJ/T 11363-2006 ᷛޚ 㾘ᅮⱘ䰤䞣㽕∖DŽꢀ Indicates that the concentration of the hazardous substance of at least one of all homogeneous
materials in the parts is above the relevant threshold of the SJ/T 11363-2006 standard.
ꢀ
ᇍ䫔ଂП᮹ⱘ᠔ଂѻકꢅᴀ㸼ᰒ⼎ꢅꢀꢀ
߃ ߯կᑨ䫒ⱘ⬉ᄤֵᙃѻકৃ㛑ࣙ 䖭ѯ⠽䋼DŽ⊼ᛣꢆ᠔ଂѻકЁৃ㛑Ӯгৃ㛑ϡӮ᳝᠔᳝᠔߫ⱘ䚼ӊDŽꢀ This table shows where these substances may be found in the supply chain of Enterasys’ electronic
information products, as of the date of sale of the enclosed product. Note that some of the component types
listed above may or may not be a part of the enclosed product.
ꢀ
䰸䴲⡍
߿ ⱘᷛ⊼ꢅℸᷛᖫЎ䩜ᇍ᠔⍝ঞѻકⱘ⦃ֱՓ⫼ᳳᷛᖫꢇꢀᶤѯ䳊䚼ӊӮ ᳝ϔϾϡৠⱘ⦃ֱՓ⫼ᳳꢁ՟བꢅ⬉∴ऩ
ܗ ഫꢂ䌈݊ѻકϞꢇꢀ 50
ℸ⦃ֱՓ⫼ᳳ䰤া䗖⫼Ѣѻકᰃѻક
ݠ Ё᠔㾘ᅮⱘᴵӊϟᎹꢇꢀ The Environmentally Friendly Use Period (EFUP) for all enclosed products and their parts
are per the symbol shown here, unless otherwise marked. Certain parts may have a
different EFUP (for example, battery modules) and so are marked to reflect such. The
Environmentally Friendly Use Period is valid only when the product is operated under the
conditions defined in the product manual.
iv
VCCI Notice
This is a class A product based on the standard of the Voluntary Control Council for Interference by Information Technology
Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble
occurs, the user may be required to take corrective actions.
BSMI EMC Statement — Taiwan
This is a class A product. In a domestic environment this product may cause radio interference in which case the user may be
required to take adequate measures.
Safety Information
Class 1 Laser Transceivers
The single mode interface modules use Class 1 laser transceivers.
Read the following safety information before installing or operating these modules.
The Class 1 laser transceivers use an optical feedback loop to maintain Class 1 operation limits. This control loop eliminates the
need for maintenance checks or adjustments. The output is factory set, and does not allow any user adjustment. Class 1 Laser
transceivers comply with the following safety standards:
• 21 CFR 1040.10 and 1040.11 U.S. Department of Health and Human Services (FDA).
• IEC Publication 825 (International Electrotechnical Commission).
• CENELEC EN 60825 (European Committee for Electrotechnical Standardization).
When operating within their performance limitations, laser transceiver output meets the Class 1 accessible emission limit of all
three standards. Class 1 levels of laser radiation are not considered hazardous.
When the connector is in place, all laser radiation remains within the fiber. The maximum amount of radiant power exiting the
‐6
fiber (under normal conditions) is ‐12.6 dBm or 55 x 10 watts.
Removing the optical connector from the transceiver allows laser radiation to emit directly from the optical port. The maximum
‐2
3
2
radiance from the optical port (under worst case conditions) is 0.8 W cm or 8 x 10 W m sr‐1.
Do not use optical instruments to view the laser output. The use of optical instruments to view laser output increases eye
hazard. When viewing the output optical port, power must be removed from the network adapter.
v
Declaration of Conformity
Application of Council Directive(s): 2004/108/EC
2006/95/EC
Manufacturer’s Name: Enterasys Networks, Inc.
Manufacturer’s Address: 50 Minuteman Road
Andover, MA 01810
USA
European Representative Address: Enterasys Networks, Ltd.
Nexus House, Newbury Business Park
London Road, Newbury
Berkshire RG14 2PZ, England
Conformance to Directive(s)/Product Standards: EC Directive 2004/108/EC
EN 55022
EN 61000‐3‐2
EN 61000‐3‐3
EN 55024
EC Directive 2006/95/EC
EN 60950
EN 60825
Equipment Type/Environment: Networking Equipment, for use in a Commercial
or Light Industrial Environment.
Enterasys Networks, Inc. declares that the equipment packaged with this notice conforms to the above directives.
ENTERASYS NETWORKS, INC. FIRMWARE LICENSE AGREEMENT
BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT,
CAREFULLY READ THIS LICENSE AGREEMENT.
This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc., on behalf of itself
and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys
software program/firmware (including any accompanying documentation, hardware or media) (“Program”) in the package
and prevails over any additional, conflicting or inconsistent terms and conditions appearing on any purchase order or other
document submitted by You. “Affiliate” means any person, partnership, corporation, limited liability company, other form of
enterprise that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common
control with the party specified. This Agreement constitutes the entire understanding between the parties, with respect to the
subject matter of this Agreement. The Program may be contained in firmware, chips or other media.
BY INSTALLING OR OTHERWISE USING THE PROGRAM, YOU REPRESENT THAT YOU ARE AUTHORIZED TO ACCEPT
THESE TERMS ON BEHALF OF THE END USER (IF THE END USER IS AN ENTITY ON WHOSE BEHALF YOU ARE
AUTHORIZED TO ACT, “YOU” AND “YOUR” SHALL BE DEEMED TO REFER TO SUCH ENTITY) AND THAT YOU
AGREE THAT YOU ARE BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES, AMONG OTHER
PROVISIONS, THE LICENSE, THE DISCLAIMER OF WARRANTY AND THE LIMITATION OF LIABILITY. IF YOU DO NOT
AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT,
ENTERASYS IS UNWILLING TO LICENSE THE PROGRAM TO YOU AND YOU AGREE TO RETURN THE UNOPENED
PRODUCT TO ENTERASYS OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT
FOR A FULL REFUND.
IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT ENTERASYS NETWORKS, LEGAL
DEPARTMENT AT (978) 684‐1000.
You and Enterasys agree as follows:
1. LICENSE. You have the non‐exclusive and non‐transferable right to use only the one (1) copy of the Program provided in
this package subject to the terms and conditions of this Agreement.
vi
2. RESTRICTIONS. Except as otherwise authorized in writing by Enterasys, You may not, nor may You permit any third
party to:
(a) Reverse engineer, decompile, disassemble or modify the Program, in whole or in part, including for reasons of error
correction or interoperability, except to the extent expressly permitted by applicable law and to the extent the parties
shall not be permitted by that applicable law, such rights are expressly excluded. Information necessary to achieve
interoperability or correct errors is available from Enterasys upon request and upon payment of Enterasys’ applicable
fee.
(b) Incorporate the Program in whole or in part, in any other product or create derivative works based on the Program, in
whole or in part.
(c) Publish, disclose, copy reproduce or transmit the Program, in whole or in part.
(d) Assign, sell, license, sublicense, rent, lease, encumber by way of security interest, pledge or otherwise transfer the
Program, in whole or in part.
(e) Remove any copyright, trademark, proprietary rights, disclaimer or warning notice included on or embedded in any
part of the Program.
3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts
of the Commonwealth of Massachusetts without regard to its conflicts of laws provisions. You accept the personal jurisdiction
and venue of the Commonwealth of Massachusetts courts. None of the 1980 United Nations Convention on the Limitation Period
in the International Sale of Goods, and the Uniform Computer Information Transactions Act shall apply to this Agreement.
4. EXPORT RESTRICTIONS. You understand that Enterasys and its Affiliates are subject to regulation by agencies of the
U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products
to certain countries, unless a license to export the product is obtained from the U.S. Government or an exception from obtaining
such license may be relied upon by the exporting party.
If the Program is exported from the United States pursuant to the License Exception CIV under the U.S. Export
Administration Regulations, You agree that You are a civil end user of the Program and agree that You will use the Program for
civil end uses only and not for military purposes.
If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export
Administration Regulations, in addition to the restriction on transfer set forth in Section 1 or 2 of this Agreement, You agree not
to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country
Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Cambodia, Cuba, Georgia, Iraq, Kazakhstan, Laos, Libya, Macau,
Moldova, Mongolia, North Korea, the People’s Republic of China, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan,
Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or
E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to
national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a
complete plant or any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a
major component thereof, if such foreign produced direct product is subject to national security controls as identified on the
U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.
5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program (i) was developed solely at private
expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 (a)
through (d) of the Commercial Computer Software‐Restricted Rights Clause and its successors, and (iii) in all respects is
proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered
commercial computer software in accordance with DFARS section 227.7202‐3 and its successors, and use, duplication, or
disclosure by the U.S. Government is subject to restrictions set forth herein.
6. DISCLAIMER OF WARRANTY. EXCEPT FOR THOSE WARRANTIES EXPRESSLY PROVIDED TO YOU IN WRITING
BY ENTERASYS, ENTERASYS DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR
PURPOSE, TITLE AND NON‐INFRINGEMENT WITH RESPECT TO THE PROGRAM. IF IMPLIED WARRANTIES MAY NOT
BE DISCLAIMED BY APPLICABLE LAW, THEN ANY IMPLIED WARRANTIES ARE LIMITED IN DURATION TO THIRTY
(30) DAYS AFTER DELIVERY OF THE PROGRAM TO YOU.
7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS,
BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR
RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM, EVEN IF
ENTERASYS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS FOREGOING LIMITATION SHALL
APPLY REGARDLESS OF THE CAUSE OF ACTION UNDER WHICH DAMAGES ARE SOUGHT.
THE CUMULATIVE LIABILITY OF ENTERASYS TO YOU FOR ALL CLAIMS RELATING TO THE PROGRAM, IN
CONTRACT, TORT OR OTHERWISE, SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES PAID TO ENTERASYS BY
YOU FOR THE RIGHTS GRANTED HEREIN.
vii
8. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical
value to Enterasys, and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license
fees due and paid, and (ii) the use, copying and deployment of the Program. You also grant to Enterasys and its authorized
representatives, upon reasonable notice, the right to audit and examine during Your normal business hours, Your books, records,
accounts and hardware devices upon which the Program may be deployed to verify compliance with this Agreement, including
the verification of the license fees due and paid Enterasys and the use, copying and deployment of the Program. Enterasys’ right
of examination shall be exercised reasonably, in good faith and in a manner calculated to not unreasonably interfere with Your
business. In the event such audit discovers non‐compliance with this Agreement, including copies of the Program made, used
or deployed in breach of this Agreement, You shall promptly pay to Enterasys the appropriate license fees. Enterasys reserves
the right, to be exercised in its sole discretion and without prior notice, to terminate this license, effective immediately, for failure
to comply with this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return
to Enterasys the Program and all copies of the Program.
9. OWNERSHIP. This is a license agreement and not an agreement for sale. You acknowledge and agree that the Program
constitutes trade secrets and/or copyrighted material of Enterasys and/or its suppliers. You agree to implement reasonable
security measures to protect such trade secrets and copyrighted material. All right, title and interest in and to the Program shall
remain with Enterasys and/or its suppliers. All rights not specifically granted to You shall be reserved to Enterasys.
10. ENFORCEMENT. You acknowledge and agree that any breach of Sections 2, 4, or 9 of this Agreement by You may cause
Enterasys irreparable damage for which recovery of money damages would be inadequate, and that Enterasys may be entitled
to seek timely injunctive relief to protect Enterasys’ rights under this Agreement in addition to any and all remedies available at
law.
11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this
Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock
assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit
of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any
attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this
Agreement.
12. WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and
will not be construed as a waiver of any subsequent breach of such term or condition. Enterasys’ failure to enforce a term upon
Your breach of such term shall not be construed as a waiver of Your breach or prevent enforcement on any other occasion.
13. SEVERABILITY. In the event any provision of this Agreement is found to be invalid, illegal or unenforceable, the validity,
legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired thereby, and that
provision shall be reformed, construed and enforced to the maximum extent permissible. Any such invalidity, illegality, or
unenforceability in any jurisdiction shall not invalidate or render illegal or unenforceable such provision in any other
jurisdiction.
14. TERMINATION. Enterasys may terminate this Agreement immediately upon Your breach of any of the terms and
conditions of this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return
to Enterasys the Program and all copies of the Program.
viii
Contents
Who Should Use This Guide ............................................................................................................................xv
Related Documents .........................................................................................................................................xvi
Typographical Conventions ............................................................................................................................ xvii
The 2S4082-25 NAC Controller PEP .................................................................................................1-4
The 7S4280-19 NAC Controller PEP .................................................................................................1-5
Power Supply Status Through System Management .............................................................................. 1-6
Auto-Ranging Power Supplies ................................................................................................................. 1-6
Chassis Cooling System .......................................................................................................................... 1-6
Secure Networks Policy Support .................................................................................................................... 1-7
Site Guidelines ............................................................................................................................................... 2-1
Configuration Guidelines ................................................................................................................................ 2-2
Power Supply LEDs ................................................................................................................................. 2-2
Fan LED ................................................................................................................................................... 2-3
Link Aggregation ...................................................................................................................................... 2-4
10BASE-T Network .................................................................................................................................. 2-4
100BASE-TX Network .............................................................................................................................. 2-4
1000BASE-T Network .............................................................................................................................. 2-4
1000BASE-SX/LX/ELX Network .............................................................................................................. 2-5
Unpacking the Enterasys Matrix N1 Chassis ................................................................................................. 3-1
Setting Up the Enterasys Matrix N1 Chassis .................................................................................................. 3-2
Order of Installation .................................................................................................................................. 3-2
Installing the Chassis on a Flat Surface ......................................................................................................... 3-2
ix
Attaching the Electrostatic Discharge Wrist Strap..............................................................................3-4
Cooling Fans .................................................................................................................................................. 3-6
Required Tools ............................................................................................................................................... 4-1
Unpacking the NAC Controller PEP ............................................................................................................... 4-1
Installation ................................................................................................................................................ 4-6
Connecting to the Network ............................................................................................................................. 4-7
What Is Needed ..................................................................................................................................... 4-14
Connecting to an IBM PC or Compatible Device ................................................................................... 4-14
Connecting to a VT Series Terminal ...................................................................................................... 4-15
Connecting to a Modem ......................................................................................................................... 4-16
Completing the Installation ........................................................................................................................... 4-18
Using LANVIEW ............................................................................................................................................. 5-1
About the Management (MGMT) LED................................................................................................5-1
Viewing the Receive and Transmit Activity.........................................................................................5-1
Troubleshooting Checklist .............................................................................................................................. 5-4
Overview of the NAC Controller PEP Shutdown Procedure ........................................................................... 5-6
Recommended Shutdown Procedure ...................................................................................................... 5-7
Last Resort Shutdown Procedure ............................................................................................................ 5-7
The NAC Controller Policy Configuration ..................................................................................................... 6-16
Setup the VLAN Configurations ............................................................................................................. 6-16
Modifying NAC Controllers Preconfigured Policy ................................................................................... 6-18
7C111 Chassis .................................................................................................................................. A-1
Power Supply .................................................................................................................................... A-2
Environmental Requirements ...................................................................................................................A-2
x
Regulatory Requirements ........................................................................................................................A-2
2S4082-25 COM Port Pinout Assignments ....................................................................................................A-6
NAC Controller PEP 7S4280-19 Specifications .............................................................................................A-6
MGBIC-LC03 Specifications (1000BASE-SX)................................................................................... A-8
MGBIC-08 Specifications (1000BASE-ELX) ..................................................................................... A-9
MGBIC-02 Specifications (1000BASE-T)........................................................................................ A-10
Required Tools ...............................................................................................................................................B-1
Installing the DIMM............................................................................................................................ B-4
DRAM SIMM Replacement Procedure ....................................................................................................B-5
Installing the DRAM SIMM ................................................................................................................ B-5
Index
1-1
1-2
1-1
2-1
2-2
3-1
3-2
3-3
4-1
4-2
4-3
4-4
4-5
4-6
4-7
Connecting the 15-Amp AC Power Cords.......................................................................................... 3-6
Installing the NAC Controller PEP into the Matrix N1 Chassis........................................................... 4-7
Connecting a Twisted Pair Segment to the NAC Controller PEP....................................................... 4-8
Four-Wire Straight-Through Cable RJ45 Pinouts, Connections Between
4-8
4-9
Cable Connection to MT-RJ Fiber-Optic Connectors....................................................................... 4-12
Connecting a VT Series Terminal..................................................................................................... 4-16
Connecting to a Modem ................................................................................................................... 4-17
Matrix DFE Startup Screen Example (N7 Chassis).......................................................................... 4-20
4-12
4-13
4-14
4-15
xi
5-1
5-1
5-2
5-2
6-3
6-4
6-5
6-6
LANVIEW LEDs for the 2S4082-25.................................................................................................... 5-2
LANVIEW LEDs for the 7S4280-19.................................................................................................... 5-2
OFFLINE/RESET Switch for the 2S4082-25...................................................................................... 5-6
OFFLINE/RESET Switch for the 7S4280-19...................................................................................... 5-6
Choose NAC Controller Installation Type........................................................................................... 6-7
Enter the Management VLAN ID........................................................................................................ 6-8
Setup NAC Controller Engine Networking for In-Band Installation Types.......................................... 6-9
Setup NAC Controller PEP Networking............................................................................................ 6-10
Enter NetSight Server IP Address.................................................................................................... 6-11
In-Band Management Type Configuration Setup Confirmation........................................................ 6-11
Out-Of-Band Management Type Configuration Setup Confirmation................................................ 6-12
Select the UTC/Local Hardware Clock Setting................................................................................. 6-14
Import From Device Wizard.............................................................................................................. 6-18
Import From Device Wizard.............................................................................................................. 6-19
Roles Screen.................................................................................................................................... 6-19
DIMM and DRAM SIMM Locations for the NAC Controller PEP (2S4082-25 shown)........................B-3
Installing the DIMM.............................................................................................................................B-4
Removing Existing DRAM SIMM........................................................................................................B-5
Installing the DRAM SIMM .................................................................................................................B-6
6-7
6-8
6-9
B-1
B-2
B-3
B-4
B-5
B-6
2-1
Contents of the 2S4082-25-SYS and 7S4280-19-SYS 7C111 Carton............................................... 3-2
Regulatory Compliance Standards.....................................................................................................A-2
NAC Controller Engine Specifications................................................................................................A-3
COM Port Pin Assignments................................................................................................................A-4
Specifications for 2S4082-25..............................................................................................................A-5
COM Port Pin Assignments................................................................................................................A-6
Specifications .....................................................................................................................................A-6
2-2
3-1
4-1
5-1
5-2
A-1
A-2
A-3
A-4
A-5
A-6
A-7
A-8
A-9
xii
A-10 Mini-GBIC Input/Output Port Specifications .......................................................................................A-7
A-11 COM Port Pin Assignments................................................................................................................A-7
A-12 MGBIC-LC01 / MGBIC-MT01 Optical Specifications .........................................................................A-8
A-13 MGBIC-LC01 / MGBIC-MT01 Operating Range ................................................................................A-8
A-14 MGBIC-LC03 Optical Specifications...................................................................................................A-8
A-15 MGBIC-LC03 Operating Range..........................................................................................................A-8
A-16 MGBIC-LC09 Optical Specifications...................................................................................................A-9
A-17 MGBIC-LC09 Operating Range..........................................................................................................A-9
A-18 MGBIC-08 Optical Specifications .......................................................................................................A-9
A-19 MGBIC-08 Operating Range ..............................................................................................................A-9
A-20 MGBIC-02 / Specifications ...............................................................................................................A-10
A-21 Compliance Standards .....................................................................................................................A-10
xiii
xiv
About This Guide
This guide provides an overview, installation and troubleshooting instructions, and specifications
for the 2S4082‐25‐SYS and 7S4280‐19‐SYS Enterasys NAC Controller.
For information about the CLI (Command Line Interface) set of commands used to configure and
manage the NAC Controllers, refer to the Enterasys Networks™ DFE‐Platinum and Diamond Series
Configuration Guide.
For information about the technical considerations for the planning and design of the Enterasys
Network Access Control (NAC) solution, see the NAC Design Guide.
Note: In this guide, the following terms are used:
•
Enterasys NAC Controller and NAC Controller refer to the system
NAC refers to the Network Access Control function in your network
PEP refers to Policy Enforcement Point
•
•
•
NAC Controller PEP refers to the module installed in the N1 chassis which together
make up the Enterasys NAC Controller
•
NAC Controller Engine refers to a daughter card unit installed in the NAC Controller
that provides the access control connectivity and software.
Who Should Use This Guide
Electrical Hazard: Only qualified personnel should install or service this unit.
Riesgo Electrico: Nada mas personal capacitado debe de instalar o darle servicio a esta unida.
Elektrischer Gefahrenhinweis: Installationen oder Servicearbeiten sollten nur durch
ausgebildetes und qualifiziertes Personal vorgenommen werden.
This guide is intended for a network administrator who is responsible for installing and setting up
the Enterasys Network Access Controller.
How to Use This Guide
Read through this guide completely to familiarize yourself with its contents and to gain an
understanding of the features and capabilities of the Enterasys NAC Controllers. A general
working knowledge of data communications networks is helpful when setting up these systems.
This preface provides an overview of this guide and the Enterasys NAC Controller manual set,
and a brief summary of each chapter; defines the conventions used in this document; and instructs
how to obtain technical support from Enterasys Networks. To locate information about various
subjects in this guide, refer to the table on the following page.
Enterasys NAC Controller Hardware Installation Guide xv
Related Documents
For...
Refer to...
An overview of the Enterasys NAC Controllers
Pre-installation site guidelines for the NAC Controller
Chapter 1, Introduction
Guidelines
Instructions on setting up the Enterasys Matrix N1 Chassis
Setup
Instructions for installing the DFE-Platinum module
2S4082-25 and DFE-Diamond module 7S4280-19 and the
Mini-GBICs interface modules
Chapter 4, NAC Controller PEP
Installation
Instructions for Troubleshooting the NAC Controller
Initialization of the NAC Controller
Chapter 6, Initializing the NAC Controller
Specifications, environmental requirements, and physical
properties of the NAC Controller PEPs
Regulatory Compliance
Instructions to set the mode switches when necessary and
remove/replace DRAM SIMM and DIMM memory
Appendix B, Mode Switch Bank Settings
and Optional Installations
Related Documents
The manuals listed below can be obtained from the World Wide Web in Adobe Acrobat Portable
Document Format (PDF) at the following site:
•
•
Enterasys Matrix DFE‐Platinum and Diamond Series Configuration Guide provides information on
how to use the Command Line Interface to set up and manage the NAC Controller.
Cabling Guide provides information on dB loss and cable specifications.
Unlike the Enterasys Matrix DFE‐Diamond/Platinum Series Configuration Guide, the Cabling
Guide is not listed alphabetically on the web site. Instead, it is listed under the Overview Guides
link.
The following sample “Conventions” sections show standard text conventions and icons used in
this document.
xvi About This Guide
Typographical Conventions
Typographical Conventions
The following typographical conventions and icons are used in this document.
blue type
Indicates a hypertext link. When reading this document online, click the text in blue to go to
the referenced figure, table, or section.
Lowercase x
Indicates the general use of an alphanumeric character (for example, 6x1xx, the x’s
indicate a combination of numbers or letters).
Note: Calls the reader’s attention to any item of information that may be of special
importance.
Caution: Contains information essential to avoid damage to the equipment.
Precaución: Contiene información esencial para prevenir dañar el equipo.
Achtung: Verweißt auf wichtige Informationen zum Schutz gegen Beschädigungen.
Warning: Warns against an action that could result in personal injury or death.
Advertencia: Advierte contra una acción que pudiera resultar en lesión corporal o la
muerte.
Warnhinweis: Warnung vor Handlungen, die zu Verletzung von Personen oder gar
Todesfällen führen können!
Electrical Hazard: Warns against an action that could result in personal injury or death.
Riesgo Electrico: Advierte contra una acción que pudiera resultar en lesión corporal o la
muerte debido a un riesgo eléctrico.
Elektrischer Gefahrenhinweis: Warnung vor sämtlichen Handlungen, die zu Verletzung
von Personen oder Todesfällen – hervorgerufen durch elektrische Spannung – führen
können!
Commonly Used Acronyms
The following acronyms are used extensively throughout this guide:
LED – Light Emitting Diode
SFP – 1‐Gigabit Small Form Factor Pluggable fiber‐optic transceiver
•
•
•
•
•
•
SMF – Single Mode Fiber
MMF – Multimode Fiber
USB – Universal Serial Bus
ESD – Electrostatic Discharge
Enterasys NAC Controller Hardware Installation Guide xvii
Getting Help
Getting Help
For additional support related to the NAC Controller or this document, contact
Enterasys Networks using one of the following methods:
World Wide Web
Phone
1-800-872-8440 (toll-free in U.S. and Canada)
or 1-978-684-1000
For the Enterasys Networks Support toll-free number in your country:
Internet mail
To expedite your message, please type [N-Series] in the subject line.
To send comments or suggestions concerning this document to the Technical Publications Department:
techpubs@enterasys.com
To expedite your message, include the document Part Number in the Email message.
Before contacting Enterasys Networks for technical support, have the following data ready:
•
•
•
Your Enterasys Networks service contract number
A description of the failure
A description of any action(s) already taken to resolve the problem (for example, changing
mode switches or rebooting the unit)
•
•
The serial and revision numbers of all involved Enterasys Networks products in the network
A description of your network environment (such as layout, cable type, other relevant
environmental information)
•
•
Network load and frame size at the time of trouble (if known)
The device history (for example, if you have returned the device before, or if this is a recurring
problem)
•
Any previous Return Material Authorization (RMA) numbers
xviii About This Guide
1
Introduction
This chapter provides a functional overview of the Enterasys NAC Controller and its features.
Overview
Refer to page...
1-1
1-7
1-7
1-7
Standards Compatibility
LANVIEW Diagnostic LEDs
Overview
The 2S4082‐25‐SYS and 7S4280‐19‐SYS Enterasys NAC Controllers are In‐Band/Out‐Of‐Band
solution network access card devices designed for the non‐intelligent edge to support the
detection of the introduction of new end‐stations on a network in VPN, wireless, or third party
designs provide a single slot N1‐7C111 chassis with an installed module, referred to as a
NAC Controller Policy Enforcement Point (PEP). Figure 1‐1 displays the 2S4082‐25‐SYS
Enterasys NAC Controller. Figure 1‐2 displays the 7S4280‐19‐SYS Enterasys NAC Controller.
Figure 1-1 The 2S4082-25-SYS Enterasys NAC Controller
Figure 1-2 The 7S4280-19-SYS Enterasys NAC Controller
Enterasys NAC Controller Hardware Installation Guide 1-1
Overview
The N1-7C111 Chassis
The Enterasys Matrix N1 chassis design provides a single slot for the NAC Controller PEP. The
2S4082‐25 NAC Controller PEP is installed in the 2S4082‐25‐SYS NAC Controller. The 7S4280‐19
NAC Controller PEP is installed in the 7S4280‐19‐SYS NAC Controller.
The NAC Controller PEP installed in the Enterasys Matrix N1 chassis interfaces to the chassis
backplane utilizing the FTM2 connector.
The Enterasys Matrix N1 chassis:
•
•
•
Allows hot swapping of the NAC Controller PEP,
Supports two redundant, load‐sharing power supplies, and
Can be installed as a freestanding unit or installed into a standard 48.26‐centimeter (19‐inch)
rack.
All active components for the N1 chassis are located on the back side of the chassis for increased
safety. All LED indicators are observable from the front of the chassis to aid in monitoring network
operational status and performing maintenance.
The NAC Controller PEP
The NAC Controller PEP is Enterasys’ next generation of enterprise module that deliver high
performance and flexibility to ensure access control along with comprehensive switching, routing,
Quality of Service, security, and traffic containment. The NAC Controller PEP installed in your
Enterasys NAC Controller will be either a 2S4082‐25 or a 7S4280‐19 depending upon the NAC
system. Key NAC Controller PEP features include:
•
•
•
Proactive security for users, guests and other end systems
Enforces automated policy based authorization controlling both access and Quality of Service
Provides a single integrated NAC Controller solution that works in any network regardless of
technology or vendor
•
Superior performance and capacity to support more high‐bandwidth and latency sensitive
applications
•
•
10/100/1000 Base‐TX and 10 Gigabit Ethernet connectivity
Port‐ and User‐Based Policy and Multilayer Packet Classification that provides granular
control and security for business‐critical applications
•
•
High‐availability with failover for services and management
Self‐learning configuration modules with increased reliability and fault tolerance that reduces
configuration time and maximizes uptime
•
Network‐wide configuration, change, and inventory management that is easier to install,
troubleshoot, and maintain
•
•
Reduced support and maintenance costs, and decreased configuration time
A two‐port Mini‐GBIC Gigabit Ethernet Uplink Module
Each of the NAC Controller PEP front panel ports can operate in either half‐duplex or full‐duplex
mode of operation. The duplex mode can be determined by either auto‐negotiation or manual
configuration.
The NAC Controller PEP ports can be configured to control traffic by limiting the rate of traffic
accepted into the module and prioritizing traffic to expedite the flow of higher priority traffic
through the module.
1-2 Introduction
Overview
The NAC Controller PEP receives power and backplane connectivity when it is inserted into a
chassis.
Management of the module can be either In‐Band or Out‐Of‐Band. In‐Band remote management
®
is possible using Telnet, Enterasys Networks’ NetSight management application, or WebView™
application. Out‐of‐band management is provided through the RJ45 COM (Communication) port
on the front panel using a VT100 terminal or a VT100 terminal emulator.
Enterasys Networks’ HTTP‐based Web management application (WebView) is an intuitive web
tool for simple management tasks.
The CLI commands enable you to perform more complete switch configuration management
tasks.
For CLI command set information and how to configure the module, refer to the Enterasys Matrix
DFE‐Diamond/Platinum Series Configuration Guide.
There are 24 10/100/1000 ports and 2 SFP ports that support MGBICs for a total of 26 ports on the
2S4082‐25. There are 20 SFP ports on the 7S4280‐19 NAC Controller PEP. For additional
information on these ports, refer to Appendix A.
Enterasys NAC Controller Hardware Installation Guide 1-3
Overview
The 2S4082-25 NAC Controller PEP
The 2S4082‐25 NAC Controller PEP has 24, 10BASE‐T/100BASE‐TX/1000BASE‐T compliant ports
by means of 24 fixed front‐panel RJ45 connectors on the PEP and 2, Mini‐GBIC Gigabit ports.
The 2S4082‐25 is installed in the Enterasys Matrix N1 chassis.
Figure 1-1 2S4082-25 NAC Controller PEP
1
2
3
4
5
6
OFFLINE/RESET switch
RJ45 COM (Console port)
CPU LED
MGMT LED
GROUP SELECT button
GROUP STATUS LEDs
7
8
9
GROUP SELECT LEDs
Mini-GBIC Gigabit port slots (2)
Gigabit port link/activity LEDs
13 VGA port
14 RS232 serial COM port
15 CPU power LED
16 CPU reset button
17 Hard drive activity LED
10 USB port
11 10/100 Ethernet port link LED
12 10/100 Ethernet port (see Note below) 18 10/100 Ethernet port activity LED
19 Ports (1-24), 10/100/1000 Mbps, via 24
RJ45s
Note: The 10/100 Ethernet port is for management purposes only. If you want network
connectivity, you need to connect to one of the ports with 10/100/1000 Mbps ports as
shown in Figure 1-1.
1-4 Introduction
Overview
The 7S4280-19 NAC Controller PEP
The 7S4280‐19 NAC Controller PEP has 20, 1000BASE‐X compliant front‐panel ports that support
a variety of optional Small Form Factor Pluggable (SFP) Gigabit connections using optional
Mini‐Gigabit Interface Cards (Mini‐GBICs).
The 7S4280‐19 is installed in the Enterasys Matrix N1 chassis.
Figure 1-2 7S4280-19 NAC Controller PEP
1
2
3
4
5
6
OFFLINE/RESET switch
RJ45 COM port
CPU LED
MGMT LED
GROUP SELECT button
GROUP STATUS LEDs
7
8
9
GROUP SELECT LEDs
Mini-GBIC Gigabit port slots (2)
Gigabit port link/activity LEDs
13 VGA port
14 RS232 serial COM port
15 CPU power LED
16 CPU reset button
17 Hard drive activity LED
10 USB port
11 10/100 Ethernet port link LED
12 10/100 Ethernet port (see Note below) 18 10/100 Ethernet port activity LED
19 Ports (1-18), 1000 Mbps, through
optional MGBICs
Note: The 10/100 Ethernet port is for management purposes only. If you want network
connectivity, you need to connect to one of the 1000 Mbps ports as shown in Figure 1-2.
Enterasys NAC Controller Hardware Installation Guide 1-5
Overview
Redundant Power Supplies
The Enterasys NAC Controller supports two fixed, auto‐ranging redundant AC power supply
modules. For power supply specifications, refer to “Power Supply” on page A‐2.
Power Supply LANVIEW LEDs
Each power supply utilizes a single LED to monitor and detect power supply failure and
redundancy status. Refer to Chapter 2, Installation Requirements and Guidelines, for a full
explanation of the power supply LEDs and their definitions.
Power Supply Status Through System Management
The Enterasys NAC Controller power supplies report information to the NAC Controller PEP
installed in the chassis regarding their present operating status. This information includes the
following:
•
•
•
Power Supply ID (PS1, PS2)
Power Supply Status (normal/fault)
Power Supply Redundancy indication
Refer to the Enterasys Matrix DFE‐Diamond/Platinum Series Configuration Guide for instructions on
how to access power supply status information via Local Management.
Auto-Ranging Power Supplies
The Enterasys NAC Controller power supplies automatically adjust to the input voltage and
60 Hz. Refer to the operating specifications in Appendix A. No additional adjustments are
necessary. For installations in North America, two 15 A power cords are required. Refer to
“Powering Up a Enterasys Matrix N1 Chassis” on page 3‐5 for more details.
Power Supply Replacement
Power supplies in the Enterasys Matrix N1 chassis are fixed and, as such, are not considered
If a power supply must be replaced, contact Technical Support for information (refer to “Getting
Help” on page xviii).
Chassis Cooling System
The Enterasys Matrix N1 chassis backplane supports six 2‐wire 12v fans. General fan failure is
detected at the chassis backplane and the status is relayed to the module using the FTM2
connector.
the fans, either normal or fault condition. Since the fans are built into the chassis, there is no
support for a ‘Fan Present’ indicator. Refer to Chapter 2, Installation Requirements and
Guidelines, for a full description of fan LED states.
1-6 Introduction
Secure Networks Policy Support
Standalone or Rack Mountable Chassis
The Enterasys NAC Controller can be installed as a freestanding unit on a shelf or table. It can also
be mounted into a standard 48.26‐centimeter (19‐inch) equipment rack. Refer to “Site Guidelines”
on page 2‐1 for requirements on ventilation and cooling.
Secure Networks Policy Support
A fundamental concept that is key to the implementation of the Enterasys Secure Networks
methodology is policy‐enabled networking. This approach provides users of the network with the
resources they need ‐ in a secure fashion – while at the same time denying access to applications or
protocols that are deemed inappropriate based on the user’s function within the organization. By
adopting such a “user‐personalized” model, it is possible for business policies to be the guidelines
in establishing the technology architecture of the enterprise. Two major objectives are achieved in
this way: IT services are matched appropriately with individual users; and the network itself
becomes an active participant in the organization’s security strategy. The Secure Networks
architecture consists of three tiers:
•
Classification rules make up the first or bottom tier. The rules apply to devices in the Secure
Networks environment, such as switches and routers. The rules are designed to be
implemented at or near the user’s point of entry to the network. Rules may be written based
on criteria defined in the Layer 2, Layer 3 or Layer 4 information of the data frame.
•
•
The middle tier is Services, which are collections of individual classification rules, grouped
logically to either permit or deny access to protocols or applications based on the user’s role
within the organization. Priority and bandwidth rate limiting may also be defined in services.
Roles, or behavioral profiles, make up the top tier. The roles assign services to various
business functions or departments, such as executive, sales, and engineering.
To enhance security and deliver a true policy‐based infrastructure, the Enterasys Secure Networks
methodology can take advantage of authentication methods, such as 802.1X, using EAP‐TLS,
EAP‐TTLS, or PEAP, as well as other types of authentication. Authorization information, attached
to the authentication response, determines the application of policy. Authorization information is
communicated via the policy name in a RADIUS Filter‐ID attribute. An administrator can also
define a role to be implemented in the absence of an authentication framework. Refer to the
release notes shipped with the module for details.
Standards Compatibility
The NAC Controller PEPs are fully compliant with the IEEE 802.3‐2002, 802.3ae‐2002,
802.1D‐1998, and 802.1Q‐1998 standards. The NAC Controller PEP provides IEEE 802.1D‐1998
Spanning Tree Algorithm (STA) support to enhance the overall reliability of the network and
protect against “loop” conditions.
LANVIEW Diagnostic LEDs
The NAC Controller PEP uses a built‐in visual diagnostic and status monitoring system called
LANVIEW. The LANVIEW LEDs allow quick observation of the network status to aid in
diagnosing network problems. “LANVIEW LEDs” on page 2‐2 for information about using the
LEDs for troubleshooting.
Enterasys NAC Controller Hardware Installation Guide 1-7
LANVIEW Diagnostic LEDs
1-8 Introduction
2
Installation Requirements and Guidelines
This chapter describes site guidelines that must be met before installing an
Enterasys NAC Controller into a rack or cabinet, Enterasys NAC Controller configuration
guidelines, and operating specifications for the Enterasys NAC Controller.
Electrical Hazard: Only qualified personnel should perform installation procedures.
Riesgo Electrico: Solamente personal calificado debe realizar procedimientos de instalacion.
Elektrischer Gefahrenhinweis: Installationen sollten nur durch ausgebildetes und qualifiziertes
Personal vorgenommen werden.
Site Guidelines
Refer to page...
2-1
2-2
2-2
2-3
Configuration Guidelines
LANVIEW LEDs
NAC Controller PEP Network Requirements
Site Guidelines
The following guidelines must be observed when a site is selected for the
Enterasys NAC Controller. If the guidelines are not followed, unsatisfactory network performance
may result.
•
To ensure proper ventilation and prevent overheating of the chassis in either the rackmounted
or standalone configuration, there must be 5.1 centimeters (2 inches) of clearance on either
side and in the rear of the unit.
•
•
•
To install the Enterasys NAC Controller as a freestanding unit on a shelf, the shelf must be
able to support 13.6 kilograms (30 pounds) of static weight.
To install the Enterasys NAC Controller as a rackmounted unit, care must be taken to ensure
that the rack used will support the unit and that the rack remains stable.
The power supplies for the Enterasys NAC Controller require two three‐pronged power
receptacles capable of delivering the current and voltage specified in “Power Supply” on
page A‐2. Two ac outlets on independently fused circuits are required for each power supply,
and must be located less than 2 meters (6 feet) from the site. The power cord used and type of
outlet is dependent on the country. In the United States, two power cords with NEMA 5‐15P
plugs are provided with each power supply.
•
Ambient temperature at the installation site must be maintained between 5° and 40°C
(41° to 104°F). Temperature changes must be maintained within 10°C (18°F) per hour.
Enterasys NAC Controller Hardware Installation Guide 2-1
Configuration Guidelines
Configuration Guidelines
The NAC Controller PEPs for the Enterasys NAC Controller are equipped with a firmware‐based
management tool, which provides the capability to configure the NAC Controller PEP and access
chassis, power supply, and fan information.
LANVIEW LEDs
The following sections describe the LANVIEW LED indications for the following:
•
•
Enterasys NAC Controller power supplies
Enterasys NAC Controller fans
There are two power supply LEDs on the front panel of the chassis, one for each power supply.
Refer to Figure 2‐1 for the location of the power supply LEDs. Table 2‐1 describes the different
states of the power supply LEDs under different conditions.
Figure 2-1 Power Supply LEDs
1
2
GROUND
STRAP
FAN
PS1
PS2
STATUS
STATUS
STATUS
7C111
N1
1
PS1 LED
2
PS2 LED
Table 2-1 Power Supply (PS) LED Status Definitions
Condition
PS1
ON
PS2
ON
PS1 LED
Green
Green
Red
PS2 LED
Green
Red
1
2
3
ON
OFF
ON
OFF
Green
2-2 Installation Requirements and Guidelines
NAC Controller PEP Network Requirements
Fan LED
See Figure 2‐2 for the location of the fan LED. Table 2‐2 describes the different states of the fan
LED.
Figure 2-2 Fan LED
1
GROUND
STRAP
FAN
PS1
PS2
STATUS
STATUS
STATUS
7C111
N1
1
Fan LED
Table 2-2 Fan LED States and Definitions
LED Color
Green
Status
All fans are operating normally.
One fan failure has occurred.
More than one fan failure has occurred.
Amber
Red
Note: The fan LED status functionality requires that the NAC Controller PEP be operational. Fan
status will not be reported by the fan LED when a NAC Controller PEP is not functioning.
NAC Controller PEP Network Requirements
This section provides information concerning the network requirements that must be met to
ensure a satisfactory performance from the NAC Controller PEP. The information consists of the
following:
Refer to page...
2-4
2-4
2-4
2-4
2-5
1000BASE-T Network
1000BASE-SX/LX/ELX Network
Note: The Enterasys Matrix DFE-Diamond/Platinum Series Configuration Guide and the Cabling
Web site:
http://www.enterasys.com/support/manuals
Refer to “Related Documents” on page xvi.
Enterasys NAC Controller Hardware Installation Guide 2-3
NAC Controller PEP Network Requirements
Link Aggregation
Link Aggregation is a method of grouping multiple physical ports on a network device into one
logical link according to the IEEE 802.3ad‐2002 standard. Because Link Aggregation is standards
based, it allows for automatic configuration with manual overrides (if applicable), and can operate
on 10 Mbps, 100 Mbps, or 1000 Mbps Ethernet full duplex ports. Thus the network administrator
can combine a group of five 100 Mbps ports into a logical link (trunk) that functions as a single 500
Mbps port. As long as the NAC Controller PEPs agree on which ports are in the trunk, there are no
problems with looping, and the Spanning Tree can treat this trunk as a single port.
In normal usage (and typical implementations) there is no need to enable/disable ports for Link
Aggregation. The default values will result in the maximum number of aggregations possible. If
the switch is placed in a configuration with its peers not running the protocol, no aggregations
will be formed and the NAC Controller PEPs will function normally (that is, Spanning Tree will
block redundant paths).
For details about the commands involved with configuring the Link Aggregation function, refer to
the Enterasys Matrix DFE‐Diamond/Platinum Series Configuration Guide.
10BASE-T Network
When connecting a 10BASE‐T segment to any of the fixed front panel ports of the 2S4082‐25,
ensure that the network meets the Ethernet network requirements of the IEEE 802.3‐2002 standard
for 10BASE‐T. Refer to the Cabling Guide for details.
Note: If a port is to operate at 100 Mbps, Category 5 cabling must be used. Category 3 cabling
does not meet 100 Mbps specifications. For 10 Mbps operation only, Category 3 or Category 5
cabling can be used. Refer to “100BASE-TX Network” on page 2-4 for information about
100BASE-TX networks and cabling.
100BASE-TX Network
The fixed front panel ports of the 2S4082‐25 provide a connection that supports Category 5 UTP
cabling. The device at the other end of the twisted pair segment must meet IEEE 802.3‐2002
100BASE‐TX Fast Ethernet network requirements for the devices to operate at 100 Mbps. Refer to
the Cabling Guide for details.
Note: The fixed ports of the NAC Controller PEP support Category 5 UTP cabling with an
impedance between 85 and 111 ohms for 100 Mbps operation. The NAC Controller PEP is capable
of operating at 10, 100, or 1000 Mbps and can automatically sense the port speed of the other
device and adjust its speed accordingly.
1000BASE-T Network
The 2S4082‐25 supports 10/100/1000 Mbps by means of fixed RJ45 front panel connectors. These
connections support copper wire connections that can operate up to 1000 Mbps. The device at the
other end of the twisted pair segment must meet IEEE 802.3‐2002 network requirements for the
devices to operate at Gigabit speed.
Note: The fixed ports of each NAC Controller PEP support Category 5 UTP cabling with an
impedance between 85 and 111 ohms for 100 and 1000 Mbps operation and can automatically
sense the port speed of the other device and adjusts its speed accordingly.
2-4 Installation Requirements and Guidelines
NAC Controller PEP Network Requirements
1000BASE-SX/LX/ELX Network
The optional Mini‐GBICs on the 2S4082‐25 provide a Gigabit Ethernet connection to the
Mini‐GBICs may support different types of cabling connections. The device at the other end of the
fiber‐optic connection must meet IEEE 802.3‐2002 Gigabit Ethernet requirements for the devices to
operate at Gigabit speed. Refer to Appendix A for further details on Mini‐GBIC specifications.
The optional Mini‐GBICs installed in the 7S4280‐19 front‐panel ports 1 through 18 or the 2 ports
Other Mini‐GBICs may support different types of cabling connections. The device at the other end
of the fiber‐optic connection must meet IEEE 802.3‐2002 Gigabit Ethernet requirements for the
devices to operate at Gigabit speed. Refer to Appendix A for further details on Mini‐GBIC
specifications.
Enterasys NAC Controller Hardware Installation Guide 2-5
NAC Controller PEP Network Requirements
2-6 Installation Requirements and Guidelines
3
Enterasys Matrix N1 Chassis Setup
This chapter contains instructions on setting up the Enterasys Matrix N1 Chassis.
Equipment needed:
•
•
Phillips screwdriver
Flat blade screwdriver
Electrical Hazard: Only qualified personnel should install or service this unit.
Riesgo Eléctrico: Nada mas personal capacitado debe de instalar o darle servicio a esta unida.
Elektrischer Gefahrenhinweis: Installationen oder Servicearbeiten sollten nur durch
A Phillips screwdriver is needed to install the unit in a 48.26‐centimeter (19‐inch) equipment rack
Refer to Chapter 2 for the guidelines that must be followed to install the Enterasys Matrix N1
Chassis.
Follow the order of the sections below for correct installation.
Refer to page...
Installing the Chassis on a Flat Surface
Powering Up a Enterasys Matrix N1 Chassis
Cooling Fans
3-1
3-2
3-2
3-3
3-5
3-6
Unpacking the Enterasys Matrix N1 Chassis
Note: Unpack the Matrix 2S4082-25-SYS and 7S4280-19-SYS chassis components only as
needed. Leave the components in their respective shipping cartons until you are ready to install
that component. Save all shipping materials in the event that the chassis has to be repacked.
Before unpacking the chassis, examine the outside packaging for obvious damage. To unpack the
Enterasys Matrix N1 Chassis proceed as follows:
1. Open the box and remove the packing material protecting the Enterasys Matrix N1 chassis.
2. Remove the power cords, documentation, Electrostatic Discharge (ESD) wrist strap, and
adhesive feet (for standalone placement).
3. Verify the contents of the carton as listed in the table below.
Enterasys NAC Controller Hardware Installation Guide 3-1
Setting Up the Enterasys Matrix N1 Chassis
Table 3-1 Contents of the 2S4082-25-SYS and 7S4280-19-SYS 7C111 Carton
Item
Quantity
2S4082-25-SYS or 7S4280-19-SYS Standalone Series 7C111
2S4082-25 or 7S4280-19 NAC Controller PEP
Rubber Feet
1
1
4 (self-adhesive)
Power Cords
2
1
1
1
ESD Wrist Strap
Manual URL Location Card
Patents Sheet
Hardware Installation Guide (this manual)
4. Inspect the Enterasys Matrix N1 Chassis for any signs of physical damage. Contact
Enterasys Networks if it is damaged. Refer to “Getting Help” on page xviii for details.
Setting Up the Enterasys Matrix N1 Chassis
The following sections describe the procedures that must be followed to complete the installation
of the Enterasys Matrix N1 Chassis.
Order of Installation
Once a suitable site has been chosen, the Enterasys Matrix N1 Chassis can be installed as a
freestanding or rackmounted unit.
It is recommended that the Enterasys Matrix N1 Chassis installation proceed in the following
order:
1. Install the rubber feet (for standalone installation). For details, refer to “Installing the Rubber
Feet” on page 3.
3. Attach the Electrostatic Discharge wrist strap. For details, refer to “Attaching the Electrostatic
If you are installing the Enterasys Matrix N1 Chassis as a freestanding device, start with
“Installing the Rubber Feet” on page 3. To install the chassis in a rack, rubber feet are not needed.
Note: Before installing the rubber feet, place the chassis on its back on a sturdy flat surface to have
access to the bottom of the chassis.
Caution: Read Chapter 2 before completing the following procedure to ensure that all installation
guidelines are met.
Precaución: Antes de llevar a cabo el siguiente procedimiento, lea Chapter 2 para y asegúrese de
cumplir con todos los requisitos de instalación.
3-2 Enterasys Matrix N1 Chassis Setup
Installing the Chassis into a Rack
When installing the switch on a flat surface, the installation of the rubber feet is recommended to
prevent the switch from sliding on a flat surface. Installing the rubber feet is optional if you are
installing the switch in a rack. To install the rubber feet, proceed to “Installing the Rubber Feet”
instructions below. For instructions to rack mount the switch, proceed to “Installing the Chassis
into a Rack” on page 3.
Installing the Rubber Feet
To install the rubber feet proceed as follows:
1. Place the switch on its back on a sturdy flat surface to gain access to the bottom of the chassis.
2. Remove the four rubber feet from their plastic bag in the shipping box.
3. Locate the four marked locations on the bottom four corners of the chassis.
4. Remove the protective strip from the back of one rubber foot and position it on a marked
location and press firmly into place. Repeat this procedure to install the remaining three
rubber feet in the other three locations.
5. After installing the rubber feet, return the switch to its upright position.
6. For a rackmount installation, proceed to “Installing the Chassis into a Rack” on page 3.
Caution: Read Chapter 2 before completing the following procedure to ensure that all installation
guidelines are met.
Precaución: Antes de llevar a cabo el siguiente procedimiento, lea Chapter 2 para y asegúrese de
cumplir con todos los requisitos de instalación.
Note: In order to prevent a possible interference between the rack frame front and chassis rack
ears, the tapped rails may need to be adjusted such that they are recessed approximately 2 inches
behind the rack frame front. If the rack has a front door, this distance may need to be slightly more
depending on the door thickness.
The Enterasys Matrix N1 Chassis can be mounted in a standard EIA‐310‐D compliant
48.26‐centimeter (19‐inch) equipment rack. To mount the chassis into a rack you must allow at
least 60 centimeters (24 inches) of clearance in front of the rack for chassis installation. Then decide
whether to install the chassis on a shelf in the rack, or to attach the chassis directly to the rack.
Installing the Chassis on the Rack Shelf
To install the chassis on a rack shelf:
the shelf.
2. Refer to “Installing the Rubber Feet” on page 3.
3. Align the four holes in the ears of the shelf with those in the rack, then fasten the shelf to the
4. After installing the shelf, proceed to install the Enterasys Matrix N1 Chassis as described in
“Installing the Chassis Directly to the Rack” on page 4.
Enterasys NAC Controller Hardware Installation Guide 3-3
Installing the Chassis into a Rack
Installing the Chassis Directly to the Rack
Caution: Read Chapter 2 before completing the following procedure to ensure that all installation
guidelines are met.
Precaución: Antes de llevar a cabo el siguiente procedimiento, lea Chapter 2 para y asegúrese
de cumplir con todos los requisitos de instalación.
To install the Enterasys Matrix N1 Chassis, proceed as follows:
Warning: To help prevent personal injury, at least two people are required to lift the chassis into
the rack.
Advertencia: Para ayudar a prevenir alguna lesión personal, al menos dos personas son
requeridas para levantar el chasis y meterlo al rack.
Chassis in das Rack heben.
1. Lift the chassis into the rack and slide it all the way into the rack. Refer to Figure 3‐1.
2. Use 4 screws (2 per side) provided with the equipment rack to secure the chassis to the rack,
starting with the bottom holes and working toward the top of the chassis, as shown in
Figure 3‐1.
Figure 3-1 Rack Mounting the Enterasys Matrix N1 Chassis
1
1
GROUND
STRAP
FAN
PS1
PS2
STATUS
STATUS
STATUS
7C111
N1
2
2
1
Rails of 19-inch rack
2
Mounting screws (supplied by user)
Note: The Enterasys Matrix N1 Chassis must not exceed the 2U high rackmount standard and
must comply with the requirements for mounting in a 19-inch (48.26-centimeter) rack.
Attaching the Electrostatic Discharge Wrist Strap
The Electrostatic Discharge (ESD) wrist strap must be attached before handling the modules used
in the Enterasys Matrix N1 Chassis. In addition, observe all precautions when handling these
modules to prevent damage from electrostatic discharge.
Place the ESD wrist strap on your wrist and plug the other end into the grounding receptacle, at
the top right corner of the chassis, shown in Figure 3‐2.
3-4 Enterasys Matrix N1 Chassis Setup
Powering Up a Enterasys Matrix N1 Chassis
Figure 3-2 ESD Grounding Receptacle
1
GROUND
STRAP
N1
GROUND
STRAP
FAN
PS1
PS2
STATUS
STATUS
STATUS
7C111
N1
1
ESD grounding receptacle
Note: To install the NAC Controller PEP, refer to the Chapter 4, NAC Controller PEP Installation
section for the installation instructions. Before you power up the Enterasys Matrix N1 Chassis, it is
recommended that you complete the installation of the NAC Controller PEP in the chassis.
Powering Up a Enterasys Matrix N1 Chassis
To power up a Enterasys Matrix N1 Chassis with ac power supplies, refer to Figure 3‐3 and
proceed as follows:
Note: For power redundancy, each of the power cords from the two power supplies must be
connected to dedicated 15-Ampere ac power circuits.
1. Plug one end of each power cord (supplied with the chassis) into the ac power sockets on the
back of the N1 Chassis. See Figure 3‐3 on page 3‐6 for the power connections.
2. Plug each of the power cords into separate dedicated 115 Vac, 15 A receptacles.
3. Ensure that the Power LED on each power supply is green, located on the front panel of the
N1 Chassis.
the power supply modules (fan tray LED will be green, located on the front panel of the N1
Chassis). For more information on the power supply LEDs (Power and Fan), refer to
“LANVIEW LEDs” on page 2‐2.
Enterasys NAC Controller Hardware Installation Guide 3-5
Cooling Fans
Figure 3-3 Connecting the 15-Amp AC Power Cords
AC INLET
2
100
200
-
-
125V
240V
~
~
3.6A
1.6A
2
7C111
50/60 Hz
VCCI-A
THIS DEVICE COMPLIES WITH PART 15 OF THE FCC RULES.
OPERATION IS SUBJECT TO THE FOLLOWING TWO CONDITIONS:
(1) THIS DEVICE MAY NOT CAUSE HARMFUL INTERFERENCE, AND
(2) THIS DEVICE MUST ACCEPT ANY INTERFERENCE RECIEVED,
INCLUDING INTERFERENCE THAT MAY CAUSE UNDESIRED OPERATION.
T3A167
AC INLET
1
CAUTION: THIS UNIT MAY HAVE MORE THAN ONE POWER SUPPLY CORD. DISCONNECT
TWO (2) POWER SUPPLY CORDS BEFORE SERVICING TO AVOID ELECTRIC SHOCK.
100
200
-
-
125V
240V
~
~
3.6A
1.6A
THIS CLASS
CET APPAREIL NUMÉRIQUE DE LA CLASSE
NMB-003 DU CANADA.
A
DIGITAL APPARATUS COMPLIES WITH CANADIAN ICES-003.
EST CONFORME LA NORME
A
A
50/60 Hz
VORSICHT: DIESES GERÄT HAT MEHR ALS EINEN NETZANSSCHLUß. TRENNEN SIE VOR
WARTUNGSARBEITEN DIE
ZU VERMEIDEN.
2
NETZANSCHLÜSSE VOM NETZ, UM ELEKTRISCHE SCHLÄGE
N826
ADVERTENCIA: ESTA UNIDA PUEDE TENER MAS DE UN CABLE DE FUENTE DE PODER. DESCONECTAR
DOS CABLES DE FUENTES DE PODER ANTES DE DAR SERVICIO PARA PREVENIR RIESGO ELÉCTRICO.
1
3
1
2
3
NEMA 5-15P 15 A power cords (2)
AC power socket (2 each supply)
115 Vac, 15 A power outlet
Note: Power cords shown are for North America only.
Each outlet must be on a separate circuit.
If you experience any problems with this installation, contact Enterasys Networks for assistance.
Cooling Fans
The Enterasys Matrix N1 Chassis is equipped at the factory with six (6) fixed cooling fans. These
fans are not removable. If a fan should fail, contact Enterasys Networks Technical Support for
assistance (refer “Getting Help” on page xviii).
3-6 Enterasys Matrix N1 Chassis Setup
4
NAC Controller PEP Installation
Electrical Hazard: Only qualified personnel should perform installation procedures.
Riesgo Electrico: Solamente personal calificado debe realizar procedimientos de instalacion.
Elektrischer Gefahrenhinweis: Installationen sollten nur durch ausgebildetes und qualifiziertes
Personal vorgenommen werden.
Important Notice
Read the Release Notes shipped with the NAC Controller PEP to check for any exceptions to the supported
features and operation documented in this guide.
This chapter provides the instructions to install the NAC Controller PEPs 2S4082‐25 and 7S4280‐19
and the Mini‐GBICs interface modules.
Follow the order of the sections listed below to correctly install the NAC Controller PEP into the
chassis.
Refer to page...
4-1
4-1
Installing Optional Mini-GBICs
4-2
Connecting to the Network
4-5
4-7
Connecting to COM Port for Local Management
Completing the Installation
4-14
4-18
Required Tools
Tools needed to install the NAC Controller PEP and options include:
•
•
Phillips screwdriver
Flat blade screwdriver
Unpacking the NAC Controller PEP
Unpack the NAC Controller PEP as follows:
1. Open the box and remove the packing material protecting the module.
Enterasys NAC Controller Hardware Installation Guide 4-1
Installing Optional Mini-GBICs
2. Verify the contents of the carton as listed in Table 4‐1.
Table 4-1 Contents of Module Carton
Item
Quantity
NAC Controller PEP (2S4082-25 or 7S4280-19)
Customer Release Notes
1
1
4. Perform a visual inspection of the module for any signs of physical damage. Contact
Enterasys Networks if there are any signs of damage. Refer to “Getting Help” on page xviii for
details.
Installing Optional Mini-GBICs
1‐2 on the NAC Controller Engine) and 2S4082‐25 front panel ports (1‐2 on the
NAC Controller Engine). For a list of supported Mini‐GBICs and their specifications, refer to
“Mini‐GBIC Input/Output Specifications” on page A‐7.
Warning: Fiber-optic Mini-GBICs use Class 1 lasers. Do not use optical instruments to view the
laser output. The use of optical instruments to view laser output increases eye hazard. When
viewing the output optical port, power must be removed from the network adapter.
Advertencia: Los Mini-GBICS de fibra optica usan lasers de clase 1. No se debe usar
instrumentos opticos para ver la potencia laser El uso de los instrumentos opticos para ver la
potencia laser incrementa el riesgo a los ojos. Cuando vean el puerto de la potencia optica, la
corriente debe ser removida del adaptador de la red.
Warnhinweis: Mini-GBICs mit Fiber-Optik Technologie benutzen Laser der Klasse 1. Benutzen sie
keinesfalls optische Hilfsmittel, um die Funktion des Lasers zu überprüfen. Solche Hilfsmittel
erhöhen die Gefahr von Sehschäden. Wenn sie den optischen Port überprüfen möchten stellen Sie
sicher, dass die Komponente von der Spannungsversorgung getrennt ist.
Caution: Carefully follow the instructions in this manual to avoid damaging the Mini-GBIC and NAC
Controller PEP.
The Mini-GBIC and NAC Controller PEP are sensitive to static discharges. Use an antistatic wrist
strap and observe all static precautions during this procedure. Failure to do so could result in
damage to the Mini-GBIC and NAC Controller PEP. Always leave the Mini-GBIC in the antistatic
bag or an equivalent antistatic container when not installed.
Precaución: Siga las instrucciones del manual para no dañar el Mini- GBIC, NAC Controller PEP
engine ni el módulo DFE, puesto que son muy sensible a las descargas de electricidad estática.
Utilice la pulsera antiestática y tome todas las precauciones necesarias durante este
procedimiento. Si no lo hace, podría dañar el Mini- GBIC, NAC Controller PEP engine o el módulo
DFE. Mientras no esté instalado, mantenga el Mini- GBIC en su bolsa antiestática o en cualquier
otro recipiente antiestático.
Preparation
Before installing the Mini‐GBIC, proceed as follows:
1. Attach the antistatic wrist strap (refer to the instructions in the antistatic wrist strap package)
before removing the Mini‐GBIC from the antistatic packaging.
2. Remove the Mini‐GBIC from the packaging.
4-2 NAC Controller PEP Installation
Installing Optional Mini-GBICs
3. If there is a protective dust cover (see in Figure 4‐1 or Figure 4‐2) on the Mini‐GBIC port, do
not remove it at this time.
Installation
To install a Mini‐GBIC with an MT‐RJ connection, refer to Figure 4‐1, for an LC connection, refer to
Figure 4‐2, or for an RJ45 connection, refer to Figure 4‐3, and proceed as follows:
1. Hold the Mini‐GBIC with its top side facing up and its 7‐pin edge connector facing the port
slot.
2. Carefully align the Mini‐GBIC with the port slot.
3. Push the Mini‐GBIC into the port slot until the Mini‐GBIC “clicks” and locks into place.
Figure 4-1 Mini-GBIC with MT-RJ Connector
Á
Ã
Ä
À
Å
1
2
3
Mini-GBIC (MGBIC-MT01)
Mini-GBIC, top side
7-Pin edge connector (insertion side)
4
5
6
Port slot
Mini-GBIC, protective dust cover
Release tab
Enterasys NAC Controller Hardware Installation Guide 4-3
Installing Optional Mini-GBICs
Figure 4-2 Mini-GBIC with LC Connector
Â
1
2
3
Mini-GBIC (MGBIC-LC01 or MGBIC-LC09)
Mini-GBIC, top sid
7-Pin edge connector (insertion side)
4
5
6
Port slot
Mini-GBIC, protective dust cover
Release tab
Figure 4-3 Mini-GBIC with RJ45 Connector
Á
Ä
Ã
Â
À
1 Mini-GBIC (MGBIC-02)
4 Port slot
2 Mini-GBIC, top side
5 Wire-handle release
3 7-Pin edge connector (insertion side)
4-4 NAC Controller PEP Installation
Installing NAC Controller PEP into the Matrix N1 Chassis
Removing the Mini-GBIC
To remove a Mini‐GBIC from a port slot, proceed as follows:
Caution: Do NOT remove a Mini-GBIC from a slot without releasing the locking tab located under
the front bottom end of the Mini-GBIC. This can damage the Mini-GBIC.
The Mini-GBIC and its host device are sensitive to static discharges. Use an antistatic wrist strap
and observe all static precautions during this procedure. Failure to do so could result in damaging
the Mini-GBIC or host device. Always leave the Mini-GBIC in the antistatic bag or an equivalent
antistatic container when not installed.
Precaución: NO quite el Mini- GBIC de la ranura sin antes abrir la traba ubicada en la parte
frontal del Mini- GBIC.
Si lo hace, puede dañar el Mini- GBIC, puesto que es muy sensible a las descargas de
electricidad estática, al igual que el dispositivo host. Utilice la pulsera antiestática y tome todas las
precauciones necesarias durante este procedimiento. Si no lo hace, pude dañar el Mini- GBIC o
el dispositivo host. Mientras no esté instalado, mantenga el Mini- GBIC en su bolsa antiestática o
en cualquier otro recipiente antiestático.
1. Attach the antistatic wrist strap (refer to the instructions in the antistatic wrist strap package)
before removing the Mini‐GBIC.
2. Remove the cables connected to the Mini‐GBIC.
locate the release mechanism and proceed as instructed.
–
–
–
go to release the Mini‐GBIC.
Mini‐GBIC.
For the type of Mini‐GBIC shown in Figure 4‐3, pull down on the wire handle to release
the Mini‐GBIC.
4. Grasp the sides of the Mini‐GBIC and pull it straight out of the port slot.
If storing or shipping the Mini‐GBIC, insert its dust protector to protect its fiber‐optic ports.
Installing NAC Controller PEP into the Matrix N1 Chassis
Caution: Failure to observe static safety precautions could cause damage to the NAC Controller
PEP. Follow static safety handling rules and wear the antistatic wrist strap.
Do not cut the non-conductive bag to remove the module. Sharp objects contacting the board or
components can cause damage.
Precaución: Si no toma las medidas de seguridad necesarias para evitar descargas de
electricidad estática, es posible que el módulo se dañe. Siga los consejos de seguridad para la
manipulación del producto y no olvide utilizar la pulsera antiestática.
No corte la bolsa antiestática para sacar el módulo. Tenga en cuenta que si algún objeto cortante
entra en contacto con la placa o con los componentes, éstos podrían dañarse.
A 2S4082‐25 or 7S4280‐19 NAC Controller PEP can be installed in the single horizontal slot of the
N1 chassis. To install a module into the Enterasys Matrix N1 chassis, refer to Figure 4‐4 and use
the installation procedure as defined below:
Enterasys NAC Controller Hardware Installation Guide 4-5
Installing NAC Controller PEP into the Matrix N1 Chassis
Preparation
1. Remove the blank panel covering the slot in which the module will be installed. (Save the
blank plate in the event you need to remove the module.)
2. Remove the module from the shipping box. (Save the box and packing materials in the event
the module needs to be reshipped.)
3. Locate the antistatic wrist strap shipped with the chassis. Attach the antistatic wrist strap to
your wrist and plug the cable from the antistatic wrist strap into the ESD grounding receptacle
at the upper right corner of the chassis.
4. Remove the module from the plastic bag. (Save the bag in the event the module must be
5. Examine the module for damage. If any damage exists, DO NOT install the module.
Immediately contact Enterasys Networks. Refer to “Getting Help” on page xviii.
Installation
To install the NAC Controller PEP, refer to Figure 4‐4 and proceed as follows:
module slides in straight and properly engages the backplane connectors.
Ensure that the top lever lines up with the desired slot number located on the front panel of the
chassis. Refer to Figure 4-4.
Precaución: Para evitar que se dañen los conectores del panel posterior en el siguiente paso,
intente deslizar el módulo en forma recta y verifique que se enganche correctamente en los
conectores de panel posterior.
correspondiente ubicado en el panel frontal del chasis. Consulte en Figure 4-4.
1. Locate the chassis card guides as shown in Figure 4‐4 on page 4‐7. Make sure the module
locking levers are in the open position (top and bottom).
2. Align the module card between the upper and lower card guides of the desired slot and slide
it into the chassis, taking care that the module slides in straight. See Caution below.
Caution: Due to the amount of force needed to properly seat the NAC Controller PEP connectors
into the backplane connectors, it is best to apply force to the end of the levers to insert (or eject) the
module. Otherwise, damage could result to the module and chassis.
Precaución: Para colocar los conectores del módulo en los conectores del panel posterior
correctamente es necesario hacer bastante fuerza, por ello, para insertar o quitar el módulo, se
recomienda concentrar la fuerza en el extremo de las palancas. Si no lo hace, podría dañar el
módulo y el chasis.
3. Slide the module into the slot until you can engage the top and bottom locking levers.
Caution: In step 4, do not force the locking levers to the point that they touch the face of the front
panel. Forcing the locking levers to this point could damage the module and chassis.
Precaución: En el paso 4, tenga cuidado de no llevar las palancas de cierre a un punto en donde
estén en contacto con el panel frontal. Si lo hace, podría dañar el módulo y/o el chasis.
5. If the chassis in which the module is installed was powered down for the installation, turn the
power supplies on. Check to see that the module CPU LED settles at solid green after a few
minutes. If the LED does not turn solid green, refer to Chapter 5 for troubleshooting details.
4-6 NAC Controller PEP Installation
Connecting to the Network
Figure 4-4 Installing the NAC Controller PEP into the Matrix N1 Chassis
1
2
3
4
N1 Chassis slot
5
6
7
Metal back panel
Upper locking tab (shown in closed position)
Lower locking tab (shown in closed position)
FTM2 backplane connectors
NAC Controller PEP card
Card guides
Connecting to the Network
the network or other devices to the 2S4082‐25 (“Connecting UTP Cables to the 2S4082‐25” on
page 4‐7) and connecting fiber optic cables to the Mini‐GBICs of the 7S4280‐19 and 2S4082‐25
(“Connecting Fiber‐Optic Cables to Mini‐GBICs” on page 4‐11).
Note: If the NAC Controller PEP is being installed in a network using Link Aggregation, there are
to operate properly. Before connecting the cables, refer to the Enterasys Matrix
DFE-Diamond/Platinum Series Configuration Guide for the configuration information. For details on
how to obtain manuals, refer to the “Related Documents” on page xvi.
Connecting UTP Cables to the 2S4082-25
The fixed RJ45 front panel connections of the 2S4082‐25 are 10/100/1000 Mbps ports. These ports
have internal crossovers, and also support automatic‐polarity sensing when configured for
automatic‐negotiation.
If automatic‐negotiation is not activated on a port, use a straight‐through cable when connecting a
workstation to the port. When connecting a networking device to the port, such as a bridge,
repeater, or router, use a crossover cable.
If a port is set for auto‐negotiation, automatic‐polarity sensing is also activated.
Automatic‐polarity sensing eliminates the need for a crossover cable, regardless if the connection
is to another network device or a workstation.
Note: All RJ45 front panel ports on the 2S4082-25 support Category 5 Unshielded Twisted Pair
(UTP) cabling with an impedance between 85 and 111 ohms. Category 3 cable may be used if the
connection is going to be used only for 10 Mbps.
Enterasys NAC Controller Hardware Installation Guide 4-7
Connecting to the Network
Figure 4‐5 shows connecting a twisted pair segment to the 2S4082‐25 module. It is assumed that
the chassis power is turned on to provide power to the module. Refer to Figure 4‐5 and proceed as
follows:
1. Ensure that the device connected to the other end of the segment is powered ON.
2. Connect the twisted pair segment to the module by inserting the RJ45 connector on the
twisted pair segment into the appropriate RJ45 port connector.
Figure 4-5 Connecting a Twisted Pair Segment to the NAC Controller PEP
1
RJ45 connector
2
RJ45 port connector (port 1)
3
GROUP SELECT button
3. Verify that a link exists by checking that the port RX (Receive) LED is ON (flashing amber,
blinking amber, perform the following steps until it is on:
a. To view the receive and transmit activity on a group of segments, press the GROUP
SELECT button (see Figure 4‐5) to step to the group of interest (Groups 1 and 2). Each
time the GROUP SELECT button is pressed, the GROUP LED lights up in sequence,
indicating which Group is selected. The receive and transmit activity for that group of
segments is then indicated by the RX and TX LEDs for each segment.
b. Verify that the cabling being used is Category 5 UTP with an impedance between 85 and
111 ohms. For the port to operate at 100 or 1000 Mbps, Category 5 cabling must be used
and installed properly.
c. Verify that the device at the other end of the twisted pair segment is on and properly
connected to the segment.
straight‐through cable is used to connect between switches or hub devices and an end
user (computer). Refer to Figure 4‐6 and Figure 4‐7 for four‐wire RJ45 connections. Refer
to Figure 4‐8 and Figure 4‐9 for eight‐wire RJ45 connections.
4-8 NAC Controller PEP Installation
Connecting to the Network
Figure 4-6 Four-Wire Crossover Cable RJ45 Pinouts, Connections Between Hub Devices
À
Á
RX+
RX–
1
1
RX+
RX–
2
2
Ã
TX+
TX–
3
6
3
6
TX+
TX–
Â
1 RJ45 device port
3 RJ45-to-RJ45 crossover cable
2 Other device port
4 RX+/RX- and TX+/TX- connections. These connections must
share a common color pair.
Figure 4-7 Four-Wire Straight-Through Cable RJ45 Pinouts, Connections Between
Switches and End User Devices
À
Á
RX+
RX–
1
1
RX+
RX–
2
2
Ã
TX+
TX–
3
6
3
6
TX+
TX–
Â
1 RJ45 device port
2 Other device port
3
4
RJ45-to-RJ45 straight-through cable
RX+/RX- and TX+/TX- connections. These connections must
share a common color pair.
Enterasys NAC Controller Hardware Installation Guide 4-9
Connecting to the Network
Figure 4-8 Eight-Wire Crossover Cable RJ45 Pinouts, Connections Between Hub Devices
Á
1
2
3
4
5
6
7
8
À
1
2
3
4
5
6
7
8
TX1+
RX1-
TX2+
TX3+
RX3-
RX2-
TX4+
RX4-
TX2+
RX2-
TX1+
TX4+
RX4-
RX1-
TX3+
RX3-
Â
1
2
RJ45 device port
Other device port
3
RJ45-to-RJ45 crossover cable
Figure 4-9 Eight-Wire Straight-Through Cable RJ45 Pinouts, Connections Between
Switches and End-User Devices
À
1
2
3
4
5
6
7
8
Á
1
TX1+
RX1-
TX2+
TX3+
RX3-
RX2-
TX4+
RX4-
TX2+
RX2-
TX1+
TX4+
RX4-
RX1-
TX3+
RX3-
2
3
4
5
6
7
8
Â
1
2
RJ45 device port
Other device port
3
RJ45-to-RJ45 straight-through cable
in the Cabling Guide. Refer to “Related Documents” on page xvi for information on
obtaining this document. If a link is still not established, contact Enterasys Networks.
Refer to “Getting Help” on page xviii for details.
4. Repeat steps 1 through 3 above, until all connections have been made.
4-10 NAC Controller PEP Installation
Connecting to the Network
Connecting Fiber-Optic Cables to Mini-GBICs
This section provides the procedure for connecting 1‐Gigabit Ethernet fiber‐optic segments from
the network or other devices to Mini‐GBIC MT‐RJ or LC port connectors installed in the 2S4082‐25
and 7S4280‐19 NAC Controller PEPs.
Each fiber‐optic link consists of two fiber‐optic strands within the cable: Transmit (TX) and Receive
(RX)
Ethernet device at the other end of the segment. The receive strand of the applicable MT‐RJ port on
Figure 4‐10) or LC cable connector (shown in Figure 4‐11).
The following procedure describes how to connect an MT‐RJ cable (Figure 4‐10) connector to a
Mini‐GBIC port connector. This procedure also applies to an LC cable connector shown in
(Figure 4‐11). Refer to Figure 4‐10 as an example and proceed as follows:
1. Remove the protective covers (not shown) from the MT‐RJ fiber‐optic port on the Mini‐GBIC
and from the connectors on each end of the cable.
Note: Leave the protective covers in place when the connectors are not in use to prevent
contamination.
Caution: Do not touch the ends of the fiber-optic strands, and do not let the ends come in contact
with dust, dirt, or other contaminants. Contamination of cable ends causes problems in data
transmissions. If the ends of the fiber-optic strands become contaminated, use a canned duster to
blow the surfaces clean. A cleaning swab saturated with optical-grade isopropyl alcohol may also
be used to clean the ends.
Precaución: No toque los extremos de los cables de fibra óptica y evite su contacto con el polvo,
la suciedad o con cualquier otro contaminante. Si los extremos de los cables se ensucian, es
posible que la transmisión de datos se vea afectada. Si nota que los extremos de los cables de
fibra óptica se ensucian, utilice aire comprimido para limpiarlos. También puede limpiarlos con un
estropajo embebido en alcohol isopropílico.
2. Insert the MT‐RJ cable connector into the Mini‐GBIC until it clicks into place.
.
Note: To remove the MT-RJ cable connector, press on its release tab and pull it out of the
Mini-GBIC.
Enterasys NAC Controller Hardware Installation Guide 4-11
Connecting to the Network
Figure 4-11 Cable Connection to LC Fiber-Optic Connectors
1
2
3
Installed Mini-GBIC LC connector
LC cable connector
Release tab
4
5
Receive LED (RX)
Transmit LED (TX)
3. Verify that a link exists by checking that the port RX LED is on (flashing amber, blinking
green, or solid green). If the RX LED is off, perform the following steps until it is on:
a. Verify that the device at the other end of the segment is ON and connected to the segment.
b. If there are separate fiber‐optic connections on the other device, check the crossover of the
If a link has not been established, refer to Chapter 5 for LED troubleshooting details. If a
problem persists, refer to “Getting Help” on page xviii for details on contacting
Enterasys Networks for support.
4. Repeat steps 1 through 3, above, until all connections have been made.
Enterasys NAC Controller Hardware Installation Guide 4-13
Connecting to COM Port for Local Management
5. Plug the other end of the cable into the appropriate port on the other device. Some cables may
be terminated at the other end with two separate connectors, one for each fiber‐optic strand. In
this case, ensure that the transmit fiber‐optic strand is connected to the receive port and the
receive fiber‐optic strand to the transmit port.
Connecting to COM Port for Local Management
This section describes how to install a UTP straight‐through cable with RJ45 connectors and
optional adapters to connect a PC, a VT series terminal, or a modem to an Enterasys Networks
module to access Local Management. This section also provides the pinout assignments of the
adapters.
What Is Needed
The following is a list of the user‐supplied parts that may be needed depending on the connection:
•
•
•
•
RJ45‐to‐DB9 female adapter
UTP straight‐through cable terminated at both ends with RJ45 connectors
RJ45‐to‐DB25 female adapter
RJ45‐to‐DB25 male adapter
Using a UTP straight‐through cable and an RJ45‐to‐DB9 adapter, you can connect products
equipped with an RJ45 COM port to an IBM or compatible PC running a VT series emulation
software package.
Using a UTP straight‐through cable and an RJ45‐to‐DB25 female adapter, you can connect
products equipped with an RJ45 COM port to a VT series terminal or VT type terminals running
emulation programs for the VT series.
Using a UTP straight‐through cable and an RJ45‐to‐DB25 male adapter, you can connect products
equipped with an RJ45 COM port to a Hayes compatible modem that supports 9600 baud.
Connecting to an IBM PC or Compatible Device
To connect an IBM PC or compatible device, running the VT terminal emulation, to an
Enterasys Networks module COM port (Figure 4‐12), proceed as follows:
1. Connect the RJ45 connector at one end of the UTP straight‐through cable to the
communications COM port on the Enterasys Networks module. (The COM port is also known
as a Console port.)
2. Plug the RJ45 connector at the other end of the UTP straight‐through cable into an
RJ45‐to‐DB9 adapter.
3. Connect the RJ45‐to‐DB9 adapter to the communications port on the IBM PC.
4. Turn on the PC and set the following parameters on your VT emulation package:
Parameter
Mode
Setting
7 Bit Control
Transmit=9600
8 Bits, No Parity
1 Stop Bit
Transmit
Bits Parity
Stop Bit
4-14 NAC Controller PEP Installation
Connecting to COM Port for Local Management
5. When these parameters are set, the Local Management password screen will display. Refer to
the appropriate Enterasys Matrix DFE‐Diamond/Platinum Series Configuration Guide for further
information.
Figure 4-12 Connecting an IBM PC or Compatible
1
2
UTP straight-through cable with RJ45 connectors
RJ45 COM port
3
4
RJ45-to-DB9 PC adapter
IBM PC or compatible device
Connecting to a VT Series Terminal
To connect a VT Series terminal to an Enterasys Networks chassis COM port (Figure 4‐13), use a
UTP straight‐through cable with RJ45 connectors and an RJ45‐to‐DB25 female adapter, and
proceed as follows:
1. Connect the RJ45 connector at one end of the UTP straight‐through cable to the COM port on
the Enterasys Networks module.
2. Plug the RJ45 connector at the other end of the UTP straight‐through cable into the
RJ45‐to‐DB25 female adapter.
3. Connect the RJ45‐to‐DB25 adapter to the port labeled COMM on the VT terminal.
4. Turn on the terminal to access the Setup Directory and set the following parameters:
Parameter
Mode
Setting
7 Bit Control
Transmit=9600
8 Bits, No Parity
1 Stop Bit
Transmit
Bits Parity
Stop Bit
When these parameters are set, the Local Management password screen will display. Refer to the
Enterasys Matrix DFE‐Diamond/Platinum Series Configuration Guide for further information.
Enterasys NAC Controller Hardware Installation Guide 4-15
Connecting to COM Port for Local Management
Figure 4-13 Connecting a VT Series Terminal
1
2
UTP straight-through cable with RJ45 connectors
RJ45 COM port
3
4
RJ45-to-DB25 VT adapter
VT series terminal
Connecting to a Modem
To connect a modem to an Enterasys Networks chassis COM port (Figure 4‐14), use a UTP
straight‐through cable with RJ45 connectors and an RJ45‐to‐DB25 male adapter, and proceed as
follows:
1. Connect the RJ45 connector at one end of the UTP straight‐through cable to the COM port of
the module.
2. Plug the RJ45 connector at the other end of the UTP straight‐through cable into the
RJ45‐to‐DB25 modem adapter.
3. Connect the RJ45‐to‐DB25 adapter to the communications port on the modem.
4. Turn on the modem.
5. With a PC connected to a remote modem, you can configure the switch remotely. To
accomplish this, you must configure your PC VT emulation package with the following
parameters:
Parameter
Mode
Setting
7 Bit Control
Transmit=9600
8 Bits, No Parity
1 Stop Bit
Transmit
Bits Parity
Stop Bit
6. When these parameters are set, the Local Management password screen will display. Refer to
the Enterasys Matrix DFE‐Diamond/Platinum Series Configuration Guide for further information.
4-16 NAC Controller PEP Installation
Connecting to COM Port for Local Management
Figure 4-14 Connecting to a Modem
1
2
3
UTP straight-through cable with RJ45 connectors
RJ45 COM port
RJ45-to-DB25 modem adapter
4
5
6
Local modem
Remote modem
PC
Adapter Wiring and Signal Assignments
COM Port Adapter Wiring and Signal Diagram
DB9
RJ45
Pin
1
Conductor
Blue
Pin
2
Signal
Receive (RX)
4
Red
3
Transmit (TX)
5
Green
Orange
Yellow
5
Ground (GRD)
Request to Send (RTS)
Clear to Send (CTS)
2
7
6
8
Pins
Pins
5
1
1
8
9
6
RJ45 Connector (Female)
DB9 Connector (Female)
Enterasys NAC Controller Hardware Installation Guide 4-17
Completing the Installation
VT Series Port Adapter Wiring and Signal Diagram
DB25
RJ45
Pin
4
Conductor
Red
Pin
2
Signal
Transmit (TX)
Receive (RX)
1
Blue
3
6
Yellow
Green
Orange
5
Clear to Send (CTS)
Ground (GRD)
Data Terminal Ready
5
7
2
20
Pins
Pins
1
8
13
1
25
14
RJ45 Connector (Female)
DB25 Connector (Female)
Modem Port Adapter Wiring and Signal Diagram
RJ45
DB25
Pin
1
Conductor
Blue
Pin
2
Signal
Transmit (TX)
2
Orange
Red
8
Data Carrier Detect (DCD)
Receive
4
3
5
Green
Yellow
Gray
7
Ground (GRD)
Data Terminal Ready (DTR)
Ring Indicator
6
20
22
8
Pins
Pins
1
13
1
8
14
25
RJ45 Connector (Female)
DB25 Connector (Male)
Completing the Installation
In a new system of NAC Controller PEPs, the installed NAC Controller PEP becomes the
management module on chassis power up, and the NAC Controller PEP will automatically be set
to the factory default values. A complete list of the factory default values are provided in Chapter
After installing the NAC Controller PEP into the N1 chassis and making the connections to the
network, proceed to the following First‐Time Log‐In Using a Console Port Connection procedure
to access the module management startup screen from your PC, terminal, or modem connection.
4-18 NAC Controller PEP Installation
Completing the Installation
First-Time Log-In Using a Console Port Connection
Note: This procedure applies only to initial log-in, and to logging in to a device not yet configured
with administratively-supplied user and password settings.
By default, the Matrix NAC Controller PEP Series device is configured with three user login
accounts: ro for Read-Only access; rw for Read-Write access; and admin for super-user access to
all modifiable parameters. The default password is set to blank (carriage return). For information on
changing these default passwords, refer to Chapter 3 in the Enterasys Matrix
DFE-Diamond/Platinum Series Configuration Guide.
1. Connect a terminal to the local console port as described in “Connecting to COM Port for
Local Management” on page 4‐14. The startup screen, Figure 4‐15, displays.
2. At the login prompt, enter one of the following default user names:
–
–
–
ro for Read‐Only access,
rw for Read‐Write access, or
admin for Super User access. (This access level allows Read‐Write access to all modifiable
parameters, including user accounts.)
3. Press ENTER.
4. The Password prompt displays. Leave this string blank and press ENTER. The module
information and Matrix prompt displays as shown in Figure 4‐15.
The chassis is now ready to be configured. For information about setting the IP address and
configuring Telnet settings for remote access to NAC Controller PEP management, refer to
Chapter 3 in the Enterasys Matrix DFE‐Diamond/Platinum Series Configuration Guide. The CLI
commands enable you to initially set up and perform more involved management configurations.
The Enterasys Matrix DFE‐Diamond/Platinum Series Configuration Guide is available online at:
If you require assistance, contact Enterasys Networks using one of the methods described in
“Getting Help” on page xviii.
Enterasys NAC Controller Hardware Installation Guide 4-19
Completing the Installation
Figure 4-15 Matrix DFE Startup Screen Example (N7 Chassis)
login: admin
Password:
M A T R I X N7
Command Line Interface
Enterasys Networks, Inc.
50 Minuteman Rd.
Andover, MA 01810-1008 U.S.A.
Phone: +1 978 684 1000
E-mail: [email protected]
WWW: http://www.enterasys.com
(c) Copyright Enterasys Networks, Inc. 2003
Chassis Serial Number:
xxxxxxxxxxxx
Chassis Firmware Revision: xx.xx.xx
Matrix N7(su)->
4-20 NAC Controller PEP Installation
5
Troubleshooting
This chapter provides information concerning the following:
Refer to page...
5-1
5-4
5-6
Troubleshooting Checklist
Overview of the NAC Controller PEP Shutdown Procedure
Unless otherwise noted, the following information applies to all NAC Controller PEPs.
Using LANVIEW
The NAC Controller PEPs use a built‐in visual diagnostic and status monitoring system called
LANVIEW. The LANVIEW LEDs (Figure 5‐1) allow quick observation of the network status to aid
in diagnosing network problems.
About the Management (MGMT) LED
The MGMT LED (shown in Figure 5‐1) indicates that the NAC Controller PEP is serving as the
Management Module to control the management functions for the NAC Controller PEP. The
Management Module handles all IP requests to the chassis IP address, such as PING, Telnet,
SNMP, and HTTP. The Management Module also handles the CLI configuration sessions by
means of the console port.
Viewing the Receive and Transmit Activity
To view the receive and transmit activity on a group of attached segments, press the GROUP
SELECT button (see Figure 5‐1) to step to the group of interest (Groups 1 or 2). Each time the
GROUP SELECT button is pressed, the GROUP LED lights up in sequence, indicating which
group is selected. The receive and transmit activity for that group of segments is then indicated by
the RX and TX LEDs for each port.
Enterasys NAC Controller Hardware Installation Guide 5-1
Using LANVIEW
Figure 5-1 LANVIEW LEDs for the 2S4082-25
1 MGMT LED
2 Group 1, Port 1 LEDs
Figure 5-1 LANVIEW LEDs for the 7S4280-19
1 MGMT LED
2 Group 1, Port 1 LEDs
Table 5‐1 describes the LED indications and provides recommended actions as appropriate for
The terms used in Table 5-1 indicate the following:
•
•
•
•
Flashing indicates an LED is flashing randomly.
Blinking indicates an LED is flashing at a steady rate (approximately 50% on, 50% off).
Solid indicates a steady LED light. No pulsing.
Alternating indicates an LED is flashing in a steady rate other than 50% on, 50% off.
5-2 Troubleshooting
Using LANVIEW
Table 5-1 LANVIEW LEDs
LED
Color
State
Recommended Action
MGMT
None
Off. This module is NOT the
None.
Management Module.
Green
Amber
Solid. This module is the
designated Management
Module.
None.
None.
Flashing. This is a temporary
indication that the module is
saving data.
CPU
None
Power off.
Ensure chassis has adequate power.
Amber
Blinking. Module in process of None.
booting.
Solid. Testing.
If the LED remains amber for several
minutes, contact Enterasys Networks for
technical support.
Green
Red
Blinking. Image starts running. None.
Solid. Functional.
None.
None.
Solid. Processor in reset.
Green
and
Amber
Blinking. Indicates that the
module is in the process of
shutting down.
None. This state is activated when the
OFFLINE/RESET switch is pressed for less
than 1 second to a start the process of an
orderly shutdown.
While in this state, do not remove any
chassis.
Amber
and off
Alternating (67% on, 33% off). While in this state, you have 60 seconds to
Indicates that a shutdown
process has completed. This
indication will remain for 60
seconds before automatically
restarting.
safely remove the chassis from the chassis.
RX
(Receive)
None
No link. No activity. Port
enabled or disabled.
None.
None.
Green
Solid. Link present, port
enabled, no traffic is being
received by the interface.
Amber
Red
Flashing. Link present, port
enabled, traffic is being received
by the interface.
None.
Blinking. Indicates collisions.
Contact Enterasys Networks for technical
This indication is only supported support.
on 10/100 ports.
Enterasys NAC Controller Hardware Installation Guide 5-3
Troubleshooting Checklist
Table 5-1 LANVIEW LEDs (continued)
LED
Color
State
Recommended Action
TX
(Transmit)
None
Port enabled, but no activity.
If it is known that the port should be active
and is not, contact Enterasys Networks for
technical support.
Green
Red
Flashing. Indicates data
transmission activity. Rate of
flashing indicates the data rate.
None.
Flashing. Fault or Error
(collision).
None, unless there is a high rate of activity.
In this case, check for network configuration
problems or a defective device.
Troubleshooting Checklist
If the NAC Controller PEP is not working properly, refer to Table 5‐2 for a checklist of problems,
possible causes, and recommended actions to resolve the problem.
Table 5-2 Troubleshooting Checklist
Problem
Possible Cause
Recommended Action
All LEDs are OFF. Loss of power.
Ensure that the module was installed properly
according to the installation instructions in Chapter 4,
and that the host chassis is providing power.
No Local
Management
Password screen.
Incorrect terminal setup.
Refer to the Enterasys Matrix DFE-Diamond/Platinum
procedures.
Improper console cable
pinouts.
Refer to “2S4082-25 COM Port Pinout Assignments”
on page A-6 and “7S4280-19 COM Port Pinout
Corrupt firmware image, or
hardware fault.
If possible, attempt to download the image to the
Cannot navigate
beyond Password password combination
screen. entered.
Improper username/
If the username/password combination has been
forgotten, refer to “Setting the Mode Switches” on
page B-1 for instructions on how to set the mode
switch to reset the username/password combination to
the default values.
5-4 Troubleshooting
Troubleshooting Checklist
Table 5-2 Troubleshooting Checklist (continued)
Problem Possible Cause Recommended Action
Cannot contact the IP address not assigned.
module through
in-band
Refer to the Enterasys Matrix DFE-Diamond/Platinum
Series Configuration Guide for the IP address
assignment procedure.
management.
Port is disabled.
Enable port. Refer to the Enterasys Matrix
DFE-Diamond/Platinum Series Configuration Guide for
instructions to enable/disable ports.
Host Port policy and/or
management VLAN is
incorrectly configured, or not
configured.
Verify that a management VLAN exists and that it is
associated with the Host Port.
Refer to the Enterasys Matrix DFE-Diamond/Platinum
Series Configuration Guide for information about Host
Port and management VLAN configuration.
No link to device.
Verify that all network connections between the
network management station and the module are valid
and operating.
If the problem continues, contact Enterasys Networks
for technical support.
Port(s) goes into
standby for no
apparent reason.
Loop condition detected.
Verify that Spanning Tree is enabled. Refer to the
Enterasys Matrix DFE-Diamond/Platinum Series
Configuration Guide for the instructions to set the type
of STA.
Review the network design and delete unnecessary
loops.
If the problem continues, contact Enterasys Networks
for technical support.
User parameters
Position of Mode switch (7), Reenter the lost parameters as necessary. Refer to the
(IP address, device Persistent Data Reset, was
and module name, changed sometime before
Enterasys Matrix DFE-Diamond/Platinum Series
Configuration Guide for the instructions to configure
the device.
etc.) were lost
when the module
either cycling power or
pressing the
If the problem continues, contact Enterasys Networks
for technical support.
power was cycled, OFFLINE/RESET switch,
the front panel
OFFLINE/RESET
switch was
causing the user-entered
parameters to reset to
factory default settings.
pressed.
Clear Persistent Data that
was set through Local
Management.
The module was moved
either from slot-to-slot or
from chassis-to-chassis.
Enterasys NAC Controller Hardware Installation Guide 5-5
Overview of the NAC Controller PEP Shutdown Procedure
Overview of the NAC Controller PEP Shutdown Procedure
Caution: Do not remove a NAC Controller PEP from an operating chassis system before reading
the following information and instructions.
Precaución: Antes de retirar los módulos DFE del chasis en funcionamiento, lea las siguientes
instrucciones y la información suministrada.
The chassis must shut down in an orderly fashion to ensure that the other devices on the network
are notified of the impending change. The devices can then make intelligent decisions and
•
•
“Recommended Shutdown Procedure” (page 5‐7)
“Last Resort Shutdown Procedure” (page 5‐7)
Figure 5-2 OFFLINE/RESET Switch for the 2S4082-25
1
OFFLINE/RESET switch
Figure 5-2 OFFLINE/RESET Switch for the 7S4280-19
1 OFFLINE/RESET switch
5-6 Troubleshooting
Overview of the NAC Controller PEP Shutdown Procedure
Recommended Shutdown Procedure
Caution: Do not remove a NAC Controller PEP from an operating chassis system before reading
the following information and instructions.
Precaución: Antes de retirar los módulos DFE del chasis en funcionamiento, lea las siguientes
instrucciones y la información suministrada.
Before pulling a NAC Controller PEP out of a chassis,
press or tap on its OFFLINE/RESET switch for less than 1 second.
Its CPU LED changes from solid green to blinking between green and amber, indicating that the
module is shutting down. At the end of the shutdown routine, the CPU LED changes to a
67%/33% sequence of amber/off, respectively, indicating the module is in a halt state. In this time it
is safe to restart or remove the module from the chassis.
When a controlled shutdown is initiated from the OFFLINE/RESET switch, you have 60 seconds
from the time the CPU starts alternately flashing amber/off until the device automatically restarts.
Note: The only safe time to pull a chassis out of the chassis is when the CPU LED is alternately
flashing amber/off. Otherwise, system operation will be interrupted.
Last Resort Shutdown Procedure
Caution: This method of shutting down a NAC Controller PEP is not recommended except as a last
resort, because all processes currently running on the module will be interrupted resulting in loss of
frames.
Precaución: No se recomienda utilizar este método para apagar los módulos DFE. Recurra a él
sólo como último recurso, puesto que interrumpe todos los procesos del módulo en
funcionamiento, lo que podría resultar pérdidas de frames.
To reset a NAC Controller PEP without it performing an orderly shutdown routine,
press and hold the OFFLINE/RESET switch for approximately 6 seconds.
Pulling any NAC Controller PEP out of the chassis before it has been shut down is not
recommended. The only safe time to pull a module out of the chassis is after the completion of a
shutdown and the management LED is alternately flashing amber/off.
Enterasys NAC Controller Hardware Installation Guide 5-7
Overview of the NAC Controller PEP Shutdown Procedure
5-8 Troubleshooting
6
Initializing the NAC Controller
This chapter provides a detailed discussion of the NAC Controller software initialzation.
Refer to page...
Overview
6-1
6-3
The NAC Controller Initialization Procedure
The NAC Controller Policy Configuration
6-6
6-7
6-16
Overview
The NAC Controller is composed of two subcompents, the Policy Enforcement Point (PEP) and
the Engine. Each component has an IP address, and the components are managed jointly in the
operation of the NAC Controller on the network. When configuring the NAC Controller for IP
connectivity in the network topology, it is important to consider both the NAC Controller PEP and
NAC Controller Engine as described below.
Two management configurations for the NAC Controller are supported depending on the
management topology of your network: in‐band management or out‐of‐band management. For
the in‐band management configuration, all management traffic sourced from the NAC Controller
is generated onto the data VLAN along with end system traffic that is traversing the appliance.
For the out‐of‐band management configuration, all management traffic sourced from the NAC
Controller is generated on a different VLAN than the end system traffic. More details about these
management configurations as related to required settings of adjacent network infrastructure
devices are explained below. Either the in‐band or out‐of‐band management configuration is
supported for the Layer 2 (L2) and Layer 3 (L3) NAC Controller. Therefore, one of the following
configurations must be selected as the installation type during the intialization of the NAC
Controller:
•
•
•
•
Layer 2 NAC Controller with In‐Band Management
Layer 2 NAC Controller with Out‐Of‐Band Management
Layer 3 NAC Controller with In‐Band Management
Layer 3 NAC Controller with Out‐Of‐Band Management
Note: The NAC Controller software initialization will take place within a single discussion.
Unless otherwise specified, the content of the discussion applies to all four installation
types.
Enterasys NAC Controller Hardware Installation Guide 6-1
Overview
The ports located in the lower rows of the NAC Controller are referred to as ʺdownstream ports,ʺ
and connect downlink to infrastructure devices such as access layer switches in the network. The
ports,ʺ and connect uplink to upstream devices such as core routers. The 10/100 Ethernet port
located at the top of the NAC Controller supports management functionality with an
Out‐Of‐Band management configuration, as explained below. See Figure 6‐1 for the location of the
different NAC Controller port types.
It is important to note that the NAC Controller appliance transparently bridges packets at layer 2
from downstream ports to upstream ports, downstream ports to other downstream ports,
upstream ports to downstream ports, and upstream port to other upstream ports. Therefore, it is
not necessary to have a 1:1 downstream port to upstream port configuration on the NAC
Controller. Furthermore, the traffic enforcement point on the NAC Controller is implemented as
traffic ingressed the downstream ports per MAC address or IP address before the traffic is bridged
through the NAC Controller to any other port. As a result of traffic sourced from an end system
being appropriately filtered (for example: forwarded, discarded, contained to a VLAN, or
prioritized) upon ingress to the NAC Controller port before it is bridged, the flow of traffic from
each downstream end system is securely controlled to all other devices connected to other
upstream and downstream ports on the NAC Controller.
Figure 6-1 NAC Controller Ports
location on both systems.
Figure 6‐3 through Figure 6‐6 display the configuration topologies for the four NAC Controller
installation types. In each case, upstream ports on the NAC Controller connect to the network core
in the direction of where the NetSight management server connects to the network, although it is
not necessary to connect the NetSight management server upstream from the NAC Controller.
Downstream ports on the NAC Controller connect to the network edge where end systems are
connecting.
6-2 Initializing the NAC Controller
General Management Considerations
General Management Considerations
The following are general NAC Controller management configuration considerations:
•
The Layer 3 NAC Controller is positioned inbetween two routers on the network. Only one
VLAN/subnet spans between these routers as shown in Figure 6‐2. For Layer 3 NAC
Controller configuration, all data traffic (non‐management traffic) traversing the NAC
Controller between the upstream router and the downstream router must be untagged. The
reason for this is that the NAC Controller does not preserve VLAN tagging for data traffic
traversing the appliance, regardless of whether in‐band or out‐of‐band management is
configured. The upstream and downstream routers must be configured with routed interfaces
for this VLAN/subnet as shown below with IP addresses 20.20.20.2/24 and 20 20 20.1/24.
Figure 6-2 Layer 3 NAC Controller Positioning
•
When using In‐Band management:
–
–
–
Two IP addresses are assigned to the NAC Controller when configured for in‐band
management; a management IP address for the NAC Controller Engine and a
management IP address for the NAC Controller PEP.
The NAC Controller Engine IP address and NAC Controller PEP IP addresses, masks, and
gateway must be part of the same subnet that spans the upstream and downstream
routers.
No management VLAN ID is required. All management traffic sourced from the NAC
Controller Engine and NAC Controller PEP egresses the upstream and downstream ports
of the NAC Controller untagged onto the VLAN that spans the two routers, show as
shown below.
–
–
A remediation web server IP address is not required. The remediation web server is run
off of the management IP address of the NAC Controller Engine.
See Figure 6‐5 on page 6‐5 for a diagram on layer 3 In‐Band management. See Figure 6‐3 on
page 6‐4 for a diagram on layer 2 In‐Band management.
•
When using Out‐Of‐Band management:
–
Three IP addresses are assigned to the Layer 3 NAC Controller when configured for
out‐of‐band management; a management IP address and remediation IP address for the
NAC Controller Engine and a management IP address for the NAC Controller PEP.
Enterasys NAC Controller Hardware Installation Guide 6-3
General Management Considerations
–
The NAC Controller Engine management IP address is used for management traffic
generated from the NAC Controller Engine, and the NAC Controller Engine remediation
IP address used to run the remediation web server.
–
–
The NAC Controller Engine remediation IP address, mask, and default gateway must
belong to the subnet that spans the downstream and upstream routers.
The NAC Controller Engine management IP address along with a mask is assigned to the
10/100 Ethernet port. Therefore, the 10/100 Ethernet port must be connected into the
topology with a separate physical link onto the management VLAN. No default gateway
is assigned to the management IP address.
–
–
The NAC Controller Engine management IP address and NAC Controller PEP IP
addresses, masks, and gateway must be part of the same subnet, and not on the subnet
that spans the upstream and downstream routers which carries data traffic.
A management VLAN ID must be specified. All management traffic sourced from the
NAC Controller PEP egresses the upstream and downstream ports of the NAC Controller
tagged to the management VLAN. Therefore, the upstream and downstream routers
must be configured to 802.1Q VLAN trunk the management VLAN to the NAC
Controller.
–
The NetSight management server IP address should be configured on the same subnet as
will traverse the data VLAN on the way to the NetSight management server.
See Figure 6‐4 on page 6‐5 for a diagram of layer 2 Out‐Of‐Band management and Figure 6‐6 on
page 6‐6 for a diagram of layer 3 Out‐Of‐Band management
Figure 6-3 Layer 2 In-Band Management Topology
6-4 Initializing the NAC Controller
Preparation for NAC Controller Initialization
Figure 6-6 Layer 3 Out-Of-Band Management
Preparation for NAC Controller Initialization
Before starting the NAC Controller initialization:
•
Setup a PC capable of SSH. PuTTY, an SSH client, can be used on a machine running Microsoft
Windows for SSH. PuTTY can be downloaded from the following link:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
•
•
Connect the PC to the NAC Controller Engine 10/100 port with the supplied cross‐over
capable.
Open an SSH session to the NAC Controller Engine. The default static private IP address is
169.254.1.1, so the PC must be configured appropriately with an IP address on the
169.254.0.0/16 subnet. The IP address 169.254.2.1 must not be used.
•
For a Layer 3 NAC Controller, connect the downlink port into the network topology on the
VLAN spanning the two routers where the NAC Controller will be deployed inline, but do
not connect in the uplink port yet, so the NAC Controller has connection into the network but
not placed inline with network traffic. Otherwise, make note of all MAC addresses associated
to all directly connected router interfaces where the NAC Controller will be positioned.
Note: Should you need to reinitialize a NAC Controller that has already been initialized, perform a
clear config all on the PEP to assure a default configuration when performing an initialization of the
NAC Controller.
6-6 Initializing the NAC Controller
The NAC Controller Initialization Procedure
The NAC Controller Initialization Procedure
With an SSH session open, a login prompt will display. Complete the initialization of the
NAC Controller as follows:
1. Upon powering up the NAC Controller and opening the SSH session, you are presented with
a login prompt.
Welcome to the Enterasys Networks Network Access Controller
Please log in as 'root' to begin the configuration process.
enterasystag login:
a. Enter root <ENTER> and the following appears:
***********************************************************************
Enterasys Networks Network Access Controller Configuration
Press contrl-c to skip configuration for now
***********************************************************************
No mail.
Press [enter] to continue:
b. Press <ENTER> to proceed to the password screen.
2. A screen appears with the following text:
There is currently no password set on the system administrator account (root).
It is recommended that you set one now so that it is active the first time the
machine is rebooted. Would you like to set a root password?
NAC Controller. Enter in the desired password and click OK to proceed to the next screen.
3. The Choose Installation Type screen appears as displayed in Figure 6‐7. Select the appropriate
installation type for your system based on whether you are configuring a Layer 2 or Layer 3
NAC controller and type of management. Click on OK to proceed
Figure 6-7 Choose NAC Controller Installation Type
If you chose an Out‐Of‐Band management type, go to Step 4. If you chose an In‐Band
management type, go to Step 5.
Enterasys NAC Controller Hardware Installation Guide 6-7
The NAC Controller Initialization Procedure
4. If the management type for this installation is Out‐Of‐Band, a screen appears as displayed in
Figure 6‐8 asking you to enter the VLAN ID for Out‐Of‐Band management. Out‐Of‐Band
management requires a management VLAN separate from the VLAN spanning the two
routers on which data traffic traverses the NAC Controller. Enter the VLAN ID for
Out‐Of‐Band management and click OK to proceed to the next screen
Figure 6-8 Enter the Management VLAN ID
If you chose a layer 3 install type, go to Step 5. If you chose a layer 2 install type, go to Step 6.
5. If the layer for this installation is layer 3, a screen appears as displayed in Figure 6‐9, asking
you to Enter the IP address of the directly connected router(s) for this NAC Controller. Enter a
single IP address, and click More to enter another one, or Done to proceed to the next screen.
The IP addresses of all directly connected interfaces must be entered here to assure
connectivity into the topology.
Figure 6-9 Enter Directly Connected Router IP Address
6. A screen appears asking you to enter the network information for the NAC Controller Engine.
The information entered is management installation type dependent. For In‐Band
management, as displayed in Figure 6‐10, enter the Host Name, IP address/Netmask, Default
Gateway, and Domain Name Server (DNS) and click on Accept to proceed.
6-8 Initializing the NAC Controller
The NAC Controller Initialization Procedure
Figure 6-10 Setup NAC Controller Engine Networking for In-Band Installation Types
For Out‐Of‐Band management, as displayed in Figure 6‐11, enter the host name, management
IP address/netmask (10/100 Ethernet interface), and remediation IP address/netmask, and
click on Accept to proceed. The NAC Controller Engine management IP address must be on
the same subnet as the NAC Controller PEP IP address. The NAC Controller Engine
remediation IP address must belong to a subnet different from the NAC Controller
management IP address.
Enterasys NAC Controller Hardware Installation Guide 6-9
The NAC Controller Initialization Procedure
Figure 6-11 Setup NAC Controller Engine Networking for Out-Of-Band Installation Types
7. A screen appears asking you to setup the NAC Controller PEP networking. Enter the IP
address/netmask, gateway, SNMP V3 User, SNMP Authentication, and SNMP Privacy as
displayed in Figure 6‐12 and click on Accept to proceed.
Figure 6-12 Setup NAC Controller PEP Networking
6-10 Initializing the NAC Controller
The NAC Controller Initialization Procedure
8. A screen appears asking you to enter the NetSight server IP address. Enter the IP address of
the NetSight server as displayed in Figure 6‐13 and click on OK to proceed.
Figure 6-13 Enter NetSight Server IP Address
9. A setup review screen appears allowing you to confirm your configuration. Confirm the setup
configuration as displayed in Figure 6‐14 for In‐Band management type and Figure 6‐15 for
Out‐Of‐Band management type and click on Yes to proceed.
Figure 6-14 In-Band Management Type Configuration Setup Confirmation
Enterasys NAC Controller Hardware Installation Guide 6-11
The NAC Controller Initialization Procedure
Figure 6-15 Out-Of-Band Management Type Configuration Setup Confirmation
to update the date and time as displayed in Figure 6‐16. If you select No, skip the following
two steps and proceed to Step 14 to configure the UTC/Local Time Hardware Clock setting. If
you select Yes, proceed to Step 11.
Figure 6-16 Configure System Date and Time
11. A screen displays for setting the system date as displayed in Figure 6‐17. Click on ^(‐) to select
a previous month or V(+) to select the next month. When the correct date is selected, click on
OK to proceed.
6-12 Initializing the NAC Controller
The NAC Controller Initialization Procedure
Figure 6-17 Set the System Date
12. A screen displays for setting the system time in an hour/minute/second format as displayed in
Figure 6‐18. Click on the desired box to make any changes and click on OK to proceed.
Figure 6-18 Set the System Time
13. A screen displays for setting whether the hardware clock is set to the Coordinated Universal
Time (UTC/GMT) or to local time as displayed in Figure 6‐19. Select your hardware clock
setting. Click on OK to proceed.
Enterasys NAC Controller Hardware Installation Guide 6-13
The NAC Controller Initialization Procedure
Figure 6-19 Select the UTC/Local Hardware Clock Setting
If your system hardware clock is set to local time, go to Step 14. If your system hardware clock
14. If your system hardware clock is set to local, the timezone configuration screen displays as
displayed in Figure 6‐20. Select the desired timezone and click OK to proceed.
Figure 6-20 Timezone Configuraiton
15. A screen appears allowing you to enable an SNMP daemon. To monitor the NAC Controller
using SNMP click on Yes as displayed in Figure 6‐21 to proceed, otherwise click on No. If you
click on No, the display performs some processing and returns to the system prompt.
6-14 Initializing the NAC Controller
The NAC Controller Initialization Procedure
Figure 6-21 Enable an SNMP Daemon
16. If you selected No to enable an SNMP Daemon, the initialization of the NAC Controller is
complete. If you selected Yes to enable an SNMP Daemon an SNMP system information
screen displays as shown in Figure 6‐22. Enter the SNMP trap community string, the SNMP
V3 user, SNMP authentication, and SNMP privacy. Optionally enter in a system contact and
system location. Click on Accept to complete the initialization of the NAC Controller.
Figure 6-22 Enter SNMP System Information
Enterasys NAC Controller Hardware Installation Guide 6-15
The NAC Controller Policy Configuration
The NAC Controller Policy Configuration
Review the following considerations prior to configuring policy on NAC Controller PEP devices:
Setup the VLAN Configurations
NAC Controller PEP VLAN configuration must conform with the requirements of your network
topology. During NAC Controller Engine management initialization for Out‐Of‐Band
management configurations, you entered a management VLAN for this NAC Controller. For
Out‐Of‐Band configurations, this management VLAN entered during initialization is pushed
down to the PEP.
For In‐Band management, the NAC Controller management VLANs are configured. The
management VLANS are VLAN 1 for L2 and VLAN 90 for L3. There are also a number of VLANs
configured such as 3056 for Port Mirroring or 3089 for Quarantine. It is important that you note
these defaults and determine if they are desirable or in conflict with VLANs already present in
your network.
To display current VLAN settings and make any changes to VLAN configurations provide a
console connection to the NAC Controller PEP host.0.1.
For L2 access to the CLI for NAC Controller PEP configuration, connect the console to the NAC
Controller PEP COM port. The COM port location is shown in Figure 6‐23. The NAC Controller
PEP CLI prompt will display.
Figure 6-23 NAC Controller PEP COM Port Location
Use the show port vlan host.0.1 command to display the current VLAN configuratin for this NAC
Controller PEP. Use the show vlan command to display all configured VLANs. Once you have
determined changes that may be required, reference the DFE‐Platinum and Diamond Series
Configuration Guide for information pertaining to VLAN configuration.
NAC Controllers Require Separate Domains
The NAC Controller can be configured in one of two modes of operation: L2 or L3. The mode of
operation controls how connecting end systems are detected by the NAC Controller on the
network and is selected based on where the NAC Controller is positioned in the network in
relation to these end systems. If the NAC Controller is positioned before the first routed boundary
for connecting end systems closer to the access edge of the network, the L2 NAC Controller mode
is utilized. If the NAC Controller is positioned after the first routed boundary deeper inside the
network, the L3 NAC Controller mode is utilized.
6-16 Initializing the NAC Controller
The NAC Controller Policy Configuration
See Figure 6‐24 to help visualize how you would determine the NAC Controller mode of
operation. Starting at the end‐user and moving up stream, the position of the first NAC Controller
is downstream of the first router in its path. This NAC Controller functions in L2 operations
mode. Continuing to move upstream past the router, the next NAC Controller is upstream of the
first router in its path. This NAC Controller functions in L3 operations mode.
Figure 6-24 Determining NAC Controller Mode of Operation
NAC Controllers of the same mode of operation must by assigned to their own unique policy
domain. For example, you can have multiple L2 NAC Controllers in one domain and multiple L3
NAC Controllers in another domain, but you canʹt combine L2 and L3 NAC Controllers in the
same domain.
non-NAC Controller switch type.
Because the two NAC Controllers shown in Figure 6‐24 are of different operational modes, they
must each belong to a separate policy domain from each other as well as any other switch in the
network.
Assure that all NAC Controllers of the same operational mode are in a policy domain not shared
with any NAC Controller of a different operational mode or any non‐NAC Controller switch type.
Enterasys NAC Controller Hardware Installation Guide 6-17
The NAC Controller Policy Configuration
Modifying NAC Controllers Preconfigured Policy
NAC Controllers are shipped with a default policy configuration already configured on the
device. To modify this default policy configuration, you must create a domain for the NAC
Controller as discussed in section “NAC Controllers Require Separate Domains” on page 6‐16,
assign the NAC Controller to the domain, then import the policy configuration from the device
into Policy Manager. You can then modify the policy configuration and enforce it back to the NAC
Controller.
1. To begin the process of importing the policy configuration from the device into the policy
manager, open the policy manager and select File > Import > Policy Configuration from
Device. The Import From Device wizard displays as shown in Figure 6‐25
Check the Class of Services box as shown and click the Next button to proceed.
Figure 6-25 Import From Device Wizard
to the right hand window. Click the Next button to proceed.
3. The Read From Device window will display as shown in Figure 6‐26 on page 6‐19. Select the
roles and rules that you would like to add to this NAC Controller data file. Click the Next
button to proceed.
6-18 Initializing the NAC Controller
The NAC Controller Policy Configuration
Figure 6-26 Import From Device Wizard
5. The Merge Rules window will display. Click the Next button to procced.
6. The Roles screen displays as shown in Figure 6‐27. You need to assure that the Assessing and
Quarantine services are properly configured. Click on the Services tab to access the Services
screen.
Figure 6-27 Roles Screen
7. In the Services tab, expand Local Services and under Local Services expand Manual Services.
The screen that displays will be similar to Figure 6‐28 on page 6‐20. Select the role under
Enterasys NAC Controller Hardware Installation Guide 6-19
The NAC Controller Policy Configuration
Manual Services for the rules associated with that role to display in the Details View on the
right hand side of the screen. Verify and modify rules as appropriate for your network.
Figure 6-28 Services Screen
Adding Assessment Classification Rules
If assessment will be enabled in the Enterasys NAC solution, add classification rules to the
ʺAssessingʺ policies to allow end‐system traffic destined to the assessment servers deployed on
the network as shown in Figure 6‐29.
Figure 6-29 End-System to Assessment Server Classification Rule
6-20 Initializing the NAC Controller
The NAC Controller Policy Configuration
Modifying the Downstream Default Policy
Depending on the network configuration or circumstances, itʹs possible that traffic from the
upstream side could be rerouted to the NAC Controller, where it would be authenticated using
the upstream source IP address. To avoid this problem, add a Layer 3 IP Address Source rule to
the downstream default policy configured on the NAC Controller, using the upstream IP subnets
(or critical servers located in the upstream) and containing the traffic to a VLAN.
Enterasys NAC Controller Hardware Installation Guide 6-21
The NAC Controller Policy Configuration
6-22 Initializing the NAC Controller
A
Specifications and Regulatory Compliance
This appendix provides operating specifications for the NAC Controller. Enterasys Networks
reserves the right to change the specifications at any time without notice.
Refer to page...
NAC Controller PEP 2S4082-25 Module Specifications
NAC Controller PEP 7S4280-19 Specifications
A-1
A-3
A-5
A-6
7C111 Chassis Specifications and Regulatory Compliance
Physical Specifications
The physical specifications for the module 7C111 chassis, power supply modules, and the fans are
as follows:
7C111 Chassis
Table A-1 Chassis Specifications
Item
Specification
Physical
Dimensions:
8.81 H x 44.46 W x 51.92 D (cm)
3.47 H x 17.62 W x 20.44 D (in.)
Weight:
6.36 kg (14 lb)
12.72 kg (28 lb)
Chassis empty:
Chassis with NAC Controller PEP:
Mean Time Between Failures (MTBF)
118,975 hours
Enterasys NAC Controller Hardware Installation Guide A-1
7C111 Chassis Specifications and Regulatory Compliance
Power Supply
Table A-2 7C111 Power Supply Specifications
Item
Specification
Electrical
Accepts up to (2) IEC320 C13 power cord plugs
Input Frequency:
50 to 60 Hz
Input (Voltage/Amps):
2 x 100 to 125 Vac ~ 3.6 A
2 x 200 to 240 Vac ~ 1.6 A
Input Power:
400 W
Output Voltages:
5 V @ 40 amps
12 V @ 5.5 amps
3.3 V @ 40 amps
-12 V @ 2 amps
Environmental Requirements
The environmental specifications for the N1 chassis system are as follows:
Table A-3 Environmental Specifications
Item
Specification
Operating Temperature:
Storage Temperature:
Operating Relative Humidity:
5°C to 40°C (41°F to 104°F)
-30°C to 73°C (-22°F to 164°F)
5% to 90% (non-condensing)
Regulatory Requirements
Table A‐4 provides the safety and electromagnetic compatibility (EMC) requirements met by the
N1 chassis system:
Table A-4 Regulatory Compliance Standards
Item
Specification
Safety:
Safety: UL 60950, CSA C22.2 No. 60950, 2006/95/EC,
EN 60950, IEC 60950.
Modules which support laser connections also meet the
EN 60825 and 21 CFR 1040.10 standards.
Electromagnetic Compatibility (EMC) FCC:
47 CFR Parts 2 and 15, CSA C108.8, 2004/108/EC, EN
55022, EN 61000-3-2, EN 61000-3-3, EN 55024,
AS/NZS CISPR 22, VCCI V-3.
A-2 Specifications and Regulatory Compliance
7C111 Chassis Specifications and Regulatory Compliance
NAC Controller Engine Interface Specifications
Table A‐5 provides the Input/Output ports, processor and memory, physical, and environmental
specifications for the NAC Controller Engine (same on both ‐SYS models).
Table A-5 NAC Controller Engine Specifications
Item
Specification
Ports
External Gigabit Ethernet Ports (2) When referring to these ports with NAC Controller PEP CLI
commands, use the following syntax to designate port type,
slot location, and port number:
ge.1.port#
where ge is the port type, 1 specifies the the slot location of
the single-slot NAC Controller PEP within the chassis, and
port# is the port number. The port # will be designated as
the next sequential ge port after the last ge port on the NAC
Controller PEP.
Mini-GBIC slots can be mix-and-match, 1000BASE-SX, -LX,
-ELX and 1000BASE-T compliant Minii-GBICs. Refer to
“Mini-GBIC Input/Output Specifications” on page A-7.
Internal Gigabit Ethernet Ports (2)
The two internal ports connect to the on-board processor
and are used by the installed NAC Controller Engine
software. These ports have the same capabilities as any
other NAC Controller PEP port.
When referring to these ports with NAC Controller PEP CLI
commands, use the following syntax to designate port type,
slot location, and port number:
pc.1.port#
where pc is the port type, 1 specifies the the slot location of
the single-slot NAC Controller PEP within the chassis, and
port# is the port number, either 1 or 2.
RS 232 Serial COM Port
Provides connection for Local Management. This port may
be used for NAC Controller initialization.
VGA Port
Provides display monitor connection.
10/100 Ethernet Port
Can be used for NAC Controller initialization, management,
or network connection.
USB Port
Provides USB connection.
Processor/Memory
Processor
Pentium M 14 GHz Processor
Dynamic Random Access Memory 1 GB
(DRAM)
Hard Drive
60 GB 2.5 inch drive
External Power Supply
AC Input Voltage
AC Input Amps
Frequency
100—200V
1.5A
50-60Hz
Enterasys NAC Controller Hardware Installation Guide A-3
7C111 Chassis Specifications and Regulatory Compliance
Table A-5 NAC Controller Engine Specifications (continued)
Item
Specification
DC Output Voltage
DC Output Amps
Physical
12v
5A
Dimensions
•
•
•
Width: 10.65 in. (27.05 cm)
Length: 7.3 in. (18.54 cm)
Depth: 1.8 in (4.57 cm)
Predicted hours for Mean Time
Between Failures (MTBF)
For the MTBF hours for this module, refer to the MTBF web
site at URL
50 Watts
Maximum Wattage
Environmental
Operating Temperature
Storage Temperature
Operating Relative Humidity
Minimum Air Flow
0°C to 40°C (32°F to 104°F)
-30°C to 73°C (-22°F to 164°F)
5% to 90% (non-condensing)
200 Linear Feet / Minute
The COM port is a serial communications port for local access to Local Management. Refer to
Table A‐6 for the COM port pin assignments.
Table A-6 COM Port Pin Assignments
Pin Signal Name
Input/Output
Output
Input
1
2
3
4
5
6
7
8
Transmit Data (XMT)
Clear to Send (CTS)
Data Set Ready (DSR)
Receive Data (RCV)
Input
Input
Signal Ground (GND)
Request to Send (RTS)
Data Terminal Ready (DTR)
Data Carrier Detect (DCD)
NA
Output
Output
Input
A-4 Specifications and Regulatory Compliance
NAC Controller PEP 2S4082-25 Module Specifications
NAC Controller PEP 2S4082-25 Module Specifications
Table A‐7 provides the I/O ports, processors and memory, physical, and environmental module
specifications for the 2S4082‐25.
Table A-7 Specifications for 2S4082-25
Item
Specification
Ports
Ports 1 through 24
Twenty-four 10BASE-T/100BASE-TX/1000BASE-T compliant
ports through twenty-four RJ45 connectors.
Network Expansion Module slot
Processors/Memory
Processor
The NAC Controller Engine is pre-installed.
MPC750CX, 400 MHz processor
256 MB
Dynamic Random Access Memory
(DRAM)
FLASH Memory
Physical
32 MB
Dimensions
46.43 H x 6.05 W x 29.51 D (cm)
18.28 H x 2.38 W x 11.62 D (in.)
Approximate Weight
Gross: 5.54 kg (12.0 lb.) (shipping carton containing one
module)
Net: 4.10 kg (9.0 lb) (one module without packaging)
Calculated hours for Mean Time
Between Failures (MTBF) for the
2S4082-25
Refer to the MTBF web site at URL
Environmental
Operating Temperature
Storage Temperature
Operating Relative Humidity
5°C to 40°C (41°F to 104°F)
-30°C to 73°C (-22°F to 164°F)
5% to 90% (non-condensing)
Enterasys NAC Controller Hardware Installation Guide A-5
2S4082-25 COM Port Pinout Assignments
The COM port is a serial communications port for local access to Local Management. Refer to
Table A‐6 for the COM port pin assignments.
Table A-8 COM Port Pin Assignments
Pin Signal Name
Input/Output
Output
Input
1
2
3
4
5
6
7
8
Transmit Data (XMT)
Clear to Send (CTS)
Data Set Ready (DSR)
Receive Data (RCV)
Input
Input
Signal Ground (GND)
Request to Send (RTS)
Data Terminal Ready (DTR)
Data Carrier Detect (DCD)
NA
Output
Output
Input
NAC Controller PEP 7S4280-19 Specifications
Table A‐9 provides the I/O ports, processors and memory, physical, and environmental module
specifications for the 7S4080‐19 NAC Controller PEP.
Table A-9 Specifications
Item
Specification
7S4280-19 Ports
Ports 1 through 18
Mini-GBIC slots for up to 18 mix-and-match 1000BASE-SX, -LX,
-ELX and 1000BASE-T compliant Mini-GBICs. Refer to
“Mini-GBIC Input/Output Specifications” on page A-7.
NEM Slot
The NAC Controller Engine is pre-installed.
Processors/Memory
Processor
IBM 750CXe, 600 MHz processor
256 MB
Dynamic Random Access Memory
(DRAM)
FLASH Memory
Physical
32 MB
Dimensions
46.43 H x 6.05 W x 29.51 D (cm)
18.28 H x 2.38 W x 11.62 D (in.)
Approximate Weight
Gross: 5.0 kg (11.0 lb.) (shipping carton containing one module)
Net:
3.86 kg (8.5 lb.) (one module without packaging)
Predicted hours for Mean Time
Between Failures (MTBF) for NAC
Controller PEPs:
Refer to the MTBF web site at this URL:
A-6 Specifications and Regulatory Compliance
NAC Controller PEP 7S4280-19 Specifications
Table A-9 Specifications (continued)
Item
Specification
Environmental
Operating Temperature
Storage Temperature
Operating Relative Humidity
5°C to 40°C (41°F to 104°F)
-30°C to 73°C (-22°F to 164°F)
5% to 90% (non-condensing)
Mini-GBIC Input/Output Specifications
The Mini‐Gigabit Ethernet Card (Mini‐GBIC) port interface slots can accept 1000BASE‐SX short
wavelength or 1000BASE‐LX long wavelength fiber‐optic Mini‐GBICs (see Table A‐10). The
optional Mini‐GBICs are hot swappable.
Table A-10 Mini-GBIC Input/Output Port Specifications
Item
Specification
MGBIC-LC01
Provides one LC fiber-optic multimode port that is compliant with the
1000BASE-SX standard LC connector.
MGBIC-LC03
MGBIC-LC09
MGBIC-MT01
MGBIC-08
Provides one LC fiber-optic multimode port that is compliant with the
1000BASE-SX standard LC duplex style connector.
Provides one LC fiber-optic single-mode port that is compliant with
the 1000BASE-LX standard LC connector.
Provides one MT-RJ fiber-optic multimode port that is compliant with
the 1000BASE-SX standard MT-RJ connector.
Provides one LC fiber-optic single-mode port that is compliant with
the 1000BASE-ELX standard LC connector.
MGBIC-02
Provides one RJ45 copper connection that is compliant with the
1000BASE-T standard RJ45 connector.
The COM port is a serial communications port for local access to Local Management. Refer to
Table A‐11 for the COM port pin assignments.
Table A-11 COM Port Pin Assignments
Pin Signal Name
Input/Output
Output
Input
1
2
3
4
5
6
7
8
Transmit Data (XMT)
Clear to Send (CTS)
Data Set Ready (DSR)
Receive Data (RCV)
Input
Input
Signal Ground (GND)
Request to Send (RTS)
Data Terminal Ready (DTR)
Data Carrier Detect (DCD)
NA
Output
Output
Input
Enterasys NAC Controller Hardware Installation Guide A-7
NAC Controller PEP 7S4280-19 Specifications
Gigabit Ethernet Specifications
The following specifications for the Mini‐GBICs (shown in Table A‐12 through Table A‐20) meet or
exceed the IEEE 802.3z‐1998 standard.
MGBIC-LC01/MGBIC-MT01 Specifications (1000BASE-SX)
Table A-12 MGBIC-LC01 / MGBIC-MT01 Optical Specifications
Item
62.5 µm MMF
-9.5 dBm
-17 dBm
50 µm MMF
-9.5 dBm
-17 dBm
Transmit Power (minimum)
Receive Sensitivity
Link Power Budget
7.5 dBm
7.5 dBm
Table A-13 MGBIC-LC01 / MGBIC-MT01 Operating Range
Item
Modal Bandwidth @ 850 nm
160 MHz/km
Range
62.5 µm MMF
62.5 µm MMF
50 µm MMF
50 µm MMF
2-220 Meters
2-275 Meters
2-500 Meters
2-550 Meters
200 MHz/km
400 MHz/km
500 MHz/km
MGBIC-LC03 Specifications (1000BASE-SX)
Table A-14 MGBIC-LC03 Optical Specifications
Item
62.5/125 µm MMF
-9.5 dBm
50/125 µm MMF
-9.5 dBm
Transmit Power (minimum)
Transmit Power (maximum)
Receive Sensitivity
-3 dBm
-3 dBm
-20 dBm
-20 dBm
1
Link Power Budget (Multimode Only)
10.5 dBm
10.5 dBm
1. The maximum drive distance (up to 2 km) depends on the quality of the installed multimode fiber-optic cable
segment. Use the Link Power Budget to calculate the maximum cable length of the attached segment. The
Link Power Budget must not exceed those specified in this table. The MGBIC-LC03 input power must not
exceed -3 dBm. Otherwise, saturation could occur.
Table A-15 MGBIC-LC03 Operating Range
Item
Modal Bandwidth @ 1310 nm
160 MHz/km
Range
62.5 µm MMF
50 µm MMF
2,000 Meters
2,000 Meters
400 MHz/km
A-8 Specifications and Regulatory Compliance
NAC Controller PEP 7S4280-19 Specifications
MGBIC-LC09 Specifications (1000BASE-LX)
Table A-16 MGBIC-LC09 Optical Specifications
Item
62.5 µm MMF
-11.5 dBm
-20 dBm
50 µm MMF
-11.5 dBm
-20 dBm
10 µm MMF
-9.5 dBm
-20 dBm
Transmit Power (minimum)
Receive Sensitivity
Link Power Budget
8.5 dBm
8.5 dBm
10.5 dBm
Table A-17 MGBIC-LC09 Operating Range
Item
Modal Bandwidth @ 1300 nm
Range
62.5 µm MMF
50 µm MMF
50 µm MMF
10 µm SMF
500 MHz/km
400 MHz/km
500 MHz/km
N/A
2-550 Meters
2-550 Meters
2-550 Meters
2-10,000 Meters
MGBIC-08 Specifications (1000BASE-ELX)
Table A-18 MGBIC-08 Optical Specifications
Item
Transmit Power (minimum)
Receive Sensitivity
-0 dBm, min.
-24 dBm, min.
-3 dBm
+2 dBm, typical
-26 dBm, typical
+5 dBm, max.
Maximum Input Power
1
Link Power Budget (Full Duplex Only)
23 dB
28dB, typical
1. The maximum drive distance (up to 70 km) depends on the quality of the installed single-mode fiber-optic
cable segment. Use the Link Power Budget to calculate the maximum cable length of the attached segment.
The Link Power Budget must not exceed those specified in this table. The MGBIC-08 input power must not
exceed -3 dBm. Otherwise, saturation could occur.
Table A-19 MGBIC-08 Operating Range
Item
1550 nm
Range
9 or 10 µm SMF
N/A
70,000 Meters
Enterasys NAC Controller Hardware Installation Guide A-9
NAC Controller PEP 7S4280-19 Specifications
MGBIC-02 Specifications (1000BASE-T)
Table A-20 MGBIC-02 / Specifications
Item
Specification
Supported Cable
Type:
Copper, Category 5 UTP
Up to 100 meters
Maximum Length
Connector
Data Rate
RJ45
1 Gbps, IEEE 802.3:2000 compatible
1000BASE-T operation only
Automatic crossover detection
TX Output impedance
RX Input impedance
100 ohms, typical at all frequencies between 1 MHz and 125 MHz
100 ohms, typical at all frequencies between 1 MHz and 125 Hz
Regulatory Compliance
The 2S4082‐25 and 7S4280‐19 meet the safety and electromagnetic compatibility (EMC)
requirements listed in Table A‐21:
Table A-21 Compliance Standards
Regulatory Compliance
Standards
Safety
UL 60950, CSA C22.2 No. 60950, 2006/95/EC, EN 60950, IEC
60950, EN 60825, 21 CFR 1040.10.
Electromagnetic Compatibility (EMC) 47 CFR Parts 2 and 15, CSA C108.8, 2004/108/EC, EN 55022, EN
61000-3-2, EN 61000-3-3, EN 55024, AS/NZS CISPR 22, VCCI
V-3.
A-10 Specifications and Regulatory Compliance
B
Mode Switch Bank Settings
and Optional Installations
This appendix covers the following items:
Refer to page...
B-1
B-1
B-2
Setting the Mode Switches
Memory Locations and Replacement Procedures
Required Tools
Use the following tools to perform the procedures provided in this appendix:
•
•
Antistatic wrist strap
Phillips screwdriver
Caution: An antistatic wrist strap is required to perform the following procedures to minimize ESD
damage to the devices involved.
Precaución: Para minimizar los efectos de las descargas de electricidad estática, deberá utilizar
una pulsera antiestática al realizar los siguiente procedimientos.
Setting the Mode Switches
Caution: Read the appropriate sections to be fully aware of the consequences when changing
switch settings.
Only qualified personnel should change switch settings.
Precaución: Si desea modificar la configuración del interruptor, lea las secciones
correspondientes para saber cuál será el resultado de hacerlo.
The location on the main board of the mode switches for both the 2S4082‐25 and the 7S4280‐19 are
the same. Figure B‐1 shows the location of the mode switches and the switch settings for normal
operation. These switches are set at the factory to the off position and rarely need to be changed.
Switch definitions and positions are as follows:
•
•
Switches 1 through 6 – For Enterasys Networks use only.
Switch 7 – Clear Persistent Data. Changing the position of this switch clears Persistent Data on
the next power‐up of the module. All user‐entered parameters, such as the IP address or
Enterasys NAC Controller Hardware Installation Guide B-1
Memory Locations and Replacement Procedures
module names, are reset to the factory default settings. Once the module resets, you can either
use the factory default settings or reenter your own parameters.
•
Switch 8 – Clear Admin Password. Changing the position of this switch clears the admin
password, and restores the factory default password on the next power‐up of the module.
Once the module resets, you can either use the factory default settings or reenter your own
password.
Note: Do not change the position of Switch 8 unless it is necessary to reset the admin password to
its factory default setting.
Figure B-1 Mode Switch Location on the NAC Controller PEP (2S4082-25 shown)
1
Mode switch bank
Memory Locations and Replacement Procedures
Module (SIMM) needs to be replaced, the following sections describe how to access, locate, and
replace these memory modules. If you have questions concerning the replacement of either
memory module, refer to “Getting Help” on page xviii for details on how to contact
Enterasys Networks.
Location of Memory Modules
The location on the main board of the DRAM SIMM and DIMM for both the 2S4082‐25 and the
7S4280‐19 are the same. Figure B‐2 shows the locations of the DRAM SIMM and DIMM on the
main board of the 2S4082‐25.
B-2 Mode Switch Bank Settings and Optional Installations
Memory Locations and Replacement Procedures
Figure B-2 DIMM and DRAM SIMM Locations for the NAC Controller PEP (2S4082-25
shown)
1 Flash DIMM
2 DRAM SIMM
Flash DIMM Replacement Procedure
Caution: Observe all Electrostatic Discharge (ESD) precautions when handling sensitive electronic
equipment.
seguridad para evitar descargas de electricidad estática.
1. Refer to Figure B‐3. Push the connector arms away from the DIMM and simultaneously lift the
DIMM enough to release it from the connector fingers.
Figure B-3 Removing the Existing DIMM
À
Á
Â
À
1
Connector arms
2
DIMM
3
Connector fingers
2. Rotate the DIMM upwards, then remove it from the connector fingers.
Enterasys NAC Controller Hardware Installation Guide B-3
Memory Locations and Replacement Procedures
Installing the DIMM
Caution: Observe all Electrostatic Discharge (ESD) precautions when handling sensitive electronic
equipment.
seguridad para evitar descargas de electricidad estática.
To install a DIMM, refer to Figure B‐4 and proceed as follows:
1. Insert the DIMM down between the connector fingers.
2. Pivot the DIMM downward so the tabs on the connector arms align with the two DIMM
alignment notches. With the two connector arms spread outward, push the DIMM down
between the connector arms. Then release the two connector arms to lock the DIMM into
place.
Figure B-4 Installing the DIMM
Ã
À
Â
Ã
Á
Â
1
2
DIMM
Connector fingers
3
4
Connector arms
DIMM alignment notches (2)
B-4 Mode Switch Bank Settings and Optional Installations
Memory Locations and Replacement Procedures
DRAM SIMM Replacement Procedure
Caution: Observe all Electrostatic Discharge (ESD) precautions when handling sensitive electronic
equipment.
Precaución: Al trabajar con equipos electrónicos sensibles, tome todas las precauciones de
seguridad para evitar descargas de electricidad estática.
Removing the DRAM SIMM
To remove the existing DRAM SIMM, proceed as follows:
1. Locate the DRAM SIMM connector on the main PC board. Refer back to Figure B‐5.
2. Push the connector arms away from the DRAM SIMM, as shown in Figure B‐5, enough to
release the DRAM SIMM from the connector contacts.
Figure B-5 Removing Existing DRAM SIMM
Á
À
À
Â
1
Connector arms
2
DRAM SIMM
3
Connector contacts
3. Pull the DRAM SIMM straight up and remove it from the connector contacts.
Installing the DRAM SIMM
Caution: Observe all Electrostatic Discharge (ESD) precautions when handling sensitive electronic
equipment.
seguridad para evitar descargas de electricidad estática.
To install a DRAM SIMM, refer to Figure B‐6 and proceed as follows:
1. Push the connector arms away from the DRAM SIMM enough to insert the DRAM SIMM into
the connector contacts.
2. Insert the DRAM SIMM straight down between the connector contacts enough for the tabs on
the connector arms to align with the two DRAM SIMM alignment notches.
3. Push the DRAM SIMM down into the connector contacts. Then rotate the two connector arms
toward the DRAM SIMM to lock it into place.
Enterasys NAC Controller Hardware Installation Guide B-5
Index
Environmental requirements A-2
Numerics
1000BASE-SX/LX/ELX network
connections
requirements for 2-5
requirements for 2-4
100BASE-TX
requirements 2-4
10BASE-T
NAC controller
CLI information 1-3
features 1-2
F
NAC controllers
specifications for A-6
Network
connecting to 4-7, 4-10
Network Requirements
list of 2-3
G
Getting help
Contract number for xviii
RMA number xviii
serial, revision numbers xviii
GROUP SELECT button
use of the 5-1
connection 4-7
requirements 2-4
2S4082-25-SYS
picture 1-1
7S4280-19-SYS
picture 1-1
802.1D-1998 1-7
802.1Q-1998 1-7
802.3ae-2002 1-7
Pinout assignments
Pinouts
crossover 4-9, 4-10
Policy
IEEE 802.1D-1998
Spanning Tree Algorithm
support 1-7
IEEE 802.3-2002 1-7
Installation
C
Cable
Fiber budget A-7
Cable connections
2S4082-25 4-7
Fiber-Optic 4-11
Cable specifications
1000BASE-T network 2-4
100BASE-TX network 2-4
COM port connections
Modem 4-16
VT Series Terminal 4-15
what is needed 4-14
Connecting to the network 4-7, 4-10
Console port
connecting to the Network 4-7, 4-10
optional Mini-GBIC 4-2
Policy Support 1-7
L
LEDs 1-7
LANVIEW LEDs
Local Management
R
Receive LEDs
viewing of 5-1
S
Safety compliance A-10
Secure Networks Policy Support
description of 1-7
M
SIMMs
Management (MGMT) LED
function of 5-1
Matrix N1 chassis
NAC controller installation into 4-5
DIMM and SIMM B-2
MGBIC-02
specifications for A-10
MGBIC-08
specifications for A-9
MGBIC-LC01/MGBIC-MT01
specifications for A-8
MGBIC-LC03
specifications for A-8
MGBIC-LC09
Mini-GBIC
installation of 4-2
removal of 4-5
specifications for A-7
Mode Switch
Specifications A-1
pinout assignments A-4, A-6, A-7
NAC controller A-5, A-6
Specifications, MGBIC-08 A-9
optical A-9
Specifications, MGBIC-LC01
operating range A-8
Specifications, MGBIC-LC03
Specifications, MGBIC-LC09
operating range A-9
D
DIMM
replacement procedures for B-2
E
Electromagnetic Compatibility (EMC)
requirements A-10
Enterasys
contract number xviii
Internet mail address xviii
RMA number xviii
support number xviii
World Wide Web xviii
Enterasys Matrix N1 chassis
overview 1-2
Specifications, MGBIC-MT01
operating range A-8
optical A-8
setting of B-1
Enterasys NAC Appliance
Standards compatibility 1-7
Index-1
T
Transmit LEDs
viewing of 5-1
Troubleshooting 1-7, 5-1
checklist for 5-4
U
Unpacking the module 4-1
V
Viewing Receive and Transmit Activity
instructions for 5-1
Index-2
|