IP350 and IP380 Appliance Installation Guide
Part No. N450709003 Rev A Published September 2004 COPYRIGHT ©2003 Nokia Corporation. All rights reserved. Rights reserved under the copyright laws of the United States.
RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013. Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
IMPORTANT NOTE TO USERS This software and hardware is provided by Nokia Corporation as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. Nokia reserves the right to make changes without further notice to any products herein.
TRADEMARKS Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or registered trademarks of their respective holders.
2 IP350 and IP380 Appliance Installation Guide Nokia Contact Information Corporate Headquarters
Web Site http://www.nokia.com
Telephone 1-888-477-4566 or 1-650-625-2000
Fax 1-650-691-2170
Mail Nokia Inc. Address 313 Fairchild Drive Mountain View, California 94043-2215 USA
Regional Contact Information
Americas Nokia Internet Communications Tel: 1-877-997-9199 313 Fairchild Drive Outside USA and Canada: +1 512-437-7089 Mountain View, CA 94043-2215 email: [email protected] USA
Europe, Nokia House, Summit Avenue Tel: UK: +44 161 601 8908 Middle East, Southwood, Farnborough Tel: France: +33 170 708 166 and Africa Hampshire GU14 ONG UK email: [email protected]
Asia-Pacific 438B Alexandra Road Tel: +65 6588 3364 #07-00 Alexandra Technopark email: [email protected] Singapore 119968
Nokia Customer Support
Web Site: https://support.nokia.com/ Email: [email protected]
Americas Europe
Voice: 1-888-361-5030 or Voice: +44 (0) 125-286-8900 1-613-271-6721
Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666
Asia-Pacific
Voice: +65-67232999
Fax: +65-67232897
021216
IP350 and IP380 Appliance Installation Guide 3 4 IP350 and IP380 Appliance Installation Guide Contents
About this Guide ...... 11 In This Guide ...... 11 Conventions This Guide Uses ...... 12 Notices ...... 12 Command-Line Conventions...... 13 Text Conventions ...... 15 Related Documentation ...... 16
1 Overview ...... 17 About the Nokia IP350 and IP380 IP Security Appliances ...... 17 Memory ...... 17 Encryption Acceleration...... 18 Managing the IP350 and IP380 Appliance ...... 18 Appliance Overview ...... 19 Ethernet Management Ports ...... 20 Built-in Console Port ...... 21 Built-in AUX Port ...... 23 Status LEDs ...... 24 Site Requirements ...... 25 Software Requirements ...... 26
2 Installing the Appliance ...... 27 Rack Mounting the Appliance...... 27 Connecting Power and Turning the Power On...... 29 Connecting Network Interfaces ...... 30
IP350 and IP380 Appliance Installation Guide 5 3 Performing the Initial Configuration ...... 33 Using a Console Connection to Perform the Initial Configuration . 34 Accessing Nokia Network Voyager ...... 36 Accessing Voyager Reference Information...... 37 Using Voyager to Monitor an IP350 or 380 Appliance ...... 38 Using Nokia Horizon Manager ...... 38
4 Installing and Replacing Network Interface Cards ...... 39 Deactivating Configured Interfaces ...... 40 Removing, Installing, and Replacing NICs...... 40 Configuring and Activating Interfaces ...... 46 Monitoring Network Interface Cards...... 47
5 Connecting PMC Network Interface Cards ...... 49 Dual-Port 10/100 Ethernet Interface, PMC ...... 49 Ethernet PMC NIC Features ...... 50 Ethernet NIC Connectors and Cables...... 50
6 Installing and Replacing Other Components ...... 53 Installing a PCMCIA Modem ...... 54 Replacing a Hard-Disk Drive ...... 55 Replacing or Upgrading Memory ...... 59 Before You Start ...... 60 Adding or Replacing DIMMs ...... 61 Installing an Encryption Accelerator Card ...... 66 Before You Start ...... 67 Installing the Card ...... 67 Configuring Software to Use Hardware Acceleration ...... 71
7 Using the Boot Manager ...... 73 Variables ...... 74 Viewing the Variables and Other System Parameters ...... 76
6 IP350 and IP380 Appliance Installation Guide Setting the Variables ...... 78 Other commands...... 80 Booting the System ...... 81 Using the Boot Manager to Install IPSO...... 82 Protecting the Boot Manager with a Password ...... 83 Installing the Boot Manager ...... 84 Upgrading the Boot Manager ...... 85
8 Troubleshooting ...... 87 General Troubleshooting Information...... 87 Troubleshooting Routing Problems ...... 97
A Technical Specifications ...... 103 Physical Dimensions ...... 103 Space Requirements ...... 103 NIC Interfaces ...... 104
B Compliance Information ...... 105 Declaration of Conformity...... 106 Compliance Statements ...... 108 FCC Notice (US) ...... 109
Index ...... 111
IP350 and IP380 Appliance Installation Guide 7 8 IP350 and IP380 Appliance Installation Guide Figures
Figure 1 Component Locations Front View ...... 19 Figure 2 Component Locations Rear View ...... 20 Figure 3 Ethernet Management Ports Details ...... 20 Figure 4 Pin Assignments for Console Connection ...... 22 Figure 5 Pin Assignments for Modem Connection ...... 23 Figure 6 Appliance Status LEDs ...... 24 Figure 7 Mounting Screws Location ...... 28 Figure 8 Adjustable Mounting Brackets ...... 28 Figure 9 Back Panel Power Switch ...... 29 Figure 10 Voyager Reference Access Points ...... 37 Figure 11 Dual-Port Ethernet NIC Front Panel Details ...... 50 Figure 12 Output Connector for the Ethernet Cable ...... 51 Figure 13 Ethernet Crossover-Cable Pin Connections ...... 52 Figure 14 Hard-Disk Drive Location ...... 55 Figure 15 DIMM Socket Locations ...... 60
IP350 and IP380 Appliance Installation Guide 9 10 IP350 and IP380 Appliance Installation Guide About this Guide
This manual provides information for the installation and use of the Nokia IP350 and IP380 appliance. Installation and maintenance should be performed by experienced technicians or Nokia-approved service providers only. This preface provides the following information: � In This Guide � Conventions This Guide Uses � Related Documentation
In This Guide This guide is organized into the following chapters and appendixes: � Chapter 1, “Overview” presents a general overview of the IP350 and IP380 appliances. � Chapter 2, “Installing the Appliance” explains how to rack-mount the appliance and how to physically connect it to a network and power. � Chapter 3, “Performing the Initial Configuration” explains how to make the appliance available on the network. � Chapter 4, “Installing and Replacing Network Interface Cards” explains how to install, monitor, and replace network interface cards (NICs). � Chapter 5, “Connecting PMC Network Interface Cards” explains how to connect to and use each of the supported NICs.
IP350 and IP380 Appliance Installation Guide 11 � Chapter 6, “Installing and Replacing Other Components” explains how to install or replace PCMCIA modems, memory, the hard-disk drive, and an encryption accelerator card (IP380 only). � Chapter 7, “Using the Boot Manager” explains how to use the boot manager, which is part of the IPSO software. � Chapter 8, “Troubleshooting” discusses problems you might encounter and proposes solutions to these problems. � Appendix A, “Technical Specifications” gives technical specifications such as interface characteristics. � Appendix B, “Warranty and Software License” contains Nokia warranty and software license information. � Appendix C, “General Public Licensed Software” provides information about publicly licensed software that comes with the appliance. � Appendix B, “Compliance Information” includes compliance and regulatory information. � Appendix E, “Glossary” provides a glossary of acronyms used in this document.
Conventions This Guide Uses The following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions.
Notices
Warning Warnings advise the user that bodily injury might occur because of a physical hazard.
12 IP350 and IP380 Appliance Installation Guide Conventions This Guide Uses
Caution Cautions indicate potential equipment damage, equipment malfunction, loss of performance, loss of data, or interruption of service.
Note Notes provide information of special interest or recommendations.
Command-Line Conventions This section defines the elements of commands that are available in Nokia Internet Communications products. You might encounter one or more of the following elements on a command-line path.
Table 1 Command-Line Conventions
Convention Description
command This required element is usually the product name or other short word that invokes the product or calls the compiler or preprocessor script for a compiled Nokia product. It might appear alone or precede one or more options. You must spell a command exactly as shown and use lowercase letters.
Italics Indicates a variable in a command that you must supply. For example: delete interface if_name
Supply an interface name in place of the variable. For example: delete interface nic1
IP350 and IP380 Appliance Installation Guide 13 Table 1 Command-Line Conventions (continued)
Convention Description
angle brackets < > Indicates arguments for which you must supply a value: retry-limit <1–100>
Supply a value. For example: retry-limit 60
Square brackets [ ] Indicates optional arguments. delete [slot slot_num]
For example: delete slot 3
Vertical bars, also Separates alternative, mutually exclusive elements. called a pipe (|) framing
To complete the command, supply the value. For example: framing sonet or framing sdh
-flag A flag is usually an abbreviation for a function, menu, or option name, or for a compiler or preprocessor argument. You must enter a flag exactly as shown, including the preceding hyphen.
.ext A filename extension, such as .ext, might follow a variable that represents a filename. Type this extension exactly as shown, immediately after the name of the file. The extension might be optional in certain products.
14 IP350 and IP380 Appliance Installation Guide Conventions This Guide Uses
Table 1 Command-Line Conventions (continued)
Convention Description
( . , ; + * - / ) Punctuation and mathematical notations are literal symbols that you must enter exactly as shown.
' ' Single quotation marks are literal symbols that you must enter as shown.
Text Conventions Table 2 describes the text conventions this guide uses.
Table 2 Text Conventions
Convention Description
monospace font Indicates command syntax, or represents computer or screen output, for example: Log error 12453
bold monospace font Indicates text you enter or type, for example: # configure nat
Key names Keys that you press simultaneously are linked by a plus sign (+): Press Ctrl + Alt + Del.
Menu commands Menu commands are separated by a greater than sign (>): Choose File > Open.
IP350 and IP380 Appliance Installation Guide 15 Table 2 Text Conventions (continued)
Convention Description
The words enter and type Enter indicates you type something and then press the Return or Enter key. Do not press the Return or Enter key when an instruction says type.
Italics • Emphasizes a point or denotes new terms at the place where they are defined in the text. • Indicates an external book title reference. • Indicates a variable in a command: delete interface if_name
Related Documentation The IP350 and IP380 documentation set consists of Release Notes for the Nokia software release you are running, the IP350 and IP380 Appliance Installation Guide (this document), a Voyager inline help feature, and the Voyager Reference Guide (online). You can find the IP350 and IP380 Appliance Installation Guide in PDF on the World Wide Web support site (https://support.nokia.com/). You can access inline help and the Voyager Reference Guide from Voyager. To access inline help for a specific subject, click the Help button next to the subject. Access the Voyager Reference Guide for tasks, examples, and more information by clicking the Doc button. You can order Check Point documentation from Nokia or download it from the Nokia support site at https://support.nokia.com/.
16 IP350 and IP380 Appliance Installation Guide 1 Overview
This chapter provides an overview of the IP350 and IP380 appliances and the requirements for using those appliances. The following topics are covered: � About the Nokia IP350 and IP380 IP Security Appliances � Managing the IP350 and IP380 Appliance � Site Requirements � Software Requirements � Managing the IP350 and IP380 Appliance
About the Nokia IP350 and IP380 IP Security Appliances The Nokia IP350 and IP380 IP security appliances combine the power of Nokia IPSO software with your choice of firewall, VPN, and intrusion detection security applications. Both platforms share the same one-rack unit (1 RU) size and support the same selection of network interface cards.
Memory The IP350 appliance supports from 256 MB to 512 MB of memory. The IP380 appliance supports from 256 MB to 1 GB of memory and provides approximately twice the throughput of the IP350.
IP350 and IP380 Appliance Installation Guide 17 1 Overview
Encryption Acceleration Both the IP350 and IP380 appliances provide built-in hardware-based encryption acceleration. The IP380 appliance also supports an optional encryption accelerator card to further enhance VPN performance. This guide provides documentation for both the IP350 and IP380 appliances. Most of the information for how to use these two appliances is the same. Where differences exist, they are noted in the documentation. The Nokia IP350 and IP380 appliances are ideally suited for growing companies and satellite offices that want high-performance IP routing combined with the industry-leading Check Point VPN-1/FireWall-1 enterprise security suite. The small size of the IP350 and IP380 appliance makes them ideal for installations that need to conserve space. As network devices, the IP350 and IP380 appliances support a comprehensive suite of IP-routing functions and protocols, including RIPv1/RIPv2, IGRP, OSPF and BGP4 for unicast traffic, and DVMRP for multicast traffic. The integrated router functionality eliminates the need for separate intranet and access routers in security applications.
Managing the IP350 and IP380 Appliance You can manage the IP350 and IP380 appliances by using one of the following interfaces: � Nokia Network Voyager—an SSL-secured, Web-based element management interface to Nokia IP security platforms. Voyager is preinstalled on the IP350 and IP380 appliance and enabled through the IPSO operating system. With Voyager, you can manage, monitor, and configure the IP350 and IP380 appliance from any authorized location within the network by using a standard Web browser. For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36. � The IPSO command-line interface (CLI)—an SSHv2-secured interface that enables you to easily configure Nokia IP security platforms
18 IP350 and IP380 Appliance Installation Guide Appliance Overview
from the command line. Everything that you can accomplish with Voyager—manage, monitor, and configure the IP350 and IP380 appliance—you can also do with the CLI. For information about how to access the CLI, see the Nokia CLI Reference Guide for IPSO v3.6 or later. � Nokia Horizon Manager—a secure GUI-based software image management application. With Horizon Manager, you can securely install and upgrade the Nokia proprietary IPSO operating system, plus hardware and third-party applications such as Check Point FireWall-1 and RealSecure for Nokia. Horizon Manager can perform installations and upgrades on up to 2,500 Nokia IP security platforms, offering administrators the most rapid and dependable upgrade to Check Point NG. For information about how to obtain Horizon Manager, see “Nokia Contact Information” on page 3.
Appliance Overview The following figures show component locations for the IP350 and IP380. Figure 1 Component Locations Front View
Status LEDs Modem (AUX) port
00248a
PMC interfaces Reset switch PCMCIA slots Console port
Built-in Ethernet ports (10/100 Mbps)
IP350 and IP380 Appliance Installation Guide 19 1 Overview
Figure 2 Component Locations Rear View
00249
Power switch Power plug
Ethernet Management Ports The Ethernet management ports are located on the front of the appliance. Figure 3 shows the layout of the Ethernet management ports and link LEDs.
Note The Ethernet management ports are intended for management purposes. These ports do not provide the same performance as Ethernet cards in the PMC slots.
Figure 3 Ethernet Management Ports Details
Activity LED (yellow) Link LED (green)
RJ-45 connectors
00120
Caution Cables that connect to the Ethernet ports must be IEEE 802.3 compliant to prevent potential data loss.
20 IP350 and IP380 Appliance Installation Guide Appliance Overview
The IP350 and IP380 appliances include two PMC (PCI mezzanine cards) expansion slots for Nokia supported network interface cards. For information about using this LAN card, see page 49. The IP350 and IP380 appliances also include a PCMCIA slot that supports PCMCIA modems. See “Installing a PCMCIA Modem” on page 54.
Note Nokia products only support NICs purchased from Nokia Corporation or Nokia-approved resellers. The Nokia Global Support Services group can only provide support for Nokia products that use Nokia-approved accessories. For sales or reseller information, contact a Nokia service provider listed in the “Nokia Contact Information” on page 3.
Built-in Console Port Use the built-in console port, shown in Figure 1 to supply the information that makes the appliance available on the network. Figure 4 provides pin assignment information for console connections.
IP350 and IP380 Appliance Installation Guide 21 1 Overview
Figure 4 Pin Assignments for Console Connection
Pin# Assignment Input/Output
1 DCD Input
2 RXD Input 1 5 3TXDOutput
4DTROutput 69 700001 5GND
6 DSR Input
7RTSOutput
8 CTS Input
9DTROutput
22 IP350 and IP380 Appliance Installation Guide Appliance Overview
Built-in AUX Port Use can use the AUX port, shown in Figure 1, to establish a modem connection for managing the appliance. Figure 5 provides pin assignment information for modem connections. Figure 5 Pin Assignments for Modem Connection
1 5
69 700001
To DB25 To DB9 Pin Input/Output Cable Out Cable Out
1 (DCD) Input 8 (DCD) 7 (RTS) 8 (CTS)
2 (RXD) Input 2 (TXD) 3 (TXD)
3 (TXD) Output 3 (RXD) 2 (RXD
4 (DTR) Output 20 (DTR) 6 (DSR) 9 (RI)
5 (GND) 7 (GND) 5 (GND)
6 (DSR) Input 6 (DSR) 4 (DTR)
7 (RTS) Output 4 (RTS) 1 (DCD)
8 (CTS) Input 5 (CTS) 1 (DCD)
9 (RI) Output 22 (RI) 4 (DTR)
IP350 and IP380 Appliance Installation Guide 23 1 Overview
Status LEDs You can monitor the basic operation of IP350 and IP380 appliances and network interface cards (NICs) by checking their status LEDs. The system status LEDs are located on the front panel of the appliance, as Figure 6 shows. Figure 6 Appliance Status LEDs
Power-status Voltage Fan problem
Table 3 Appliance Status LEDs
LED Front Panel Status Indication Explanation Symbol
Solid Power on
Solid Unit is experiencing an internal Voltage problem !
Blinking The unit is experiencing a temperature problem !
Solid red One or more fans are not operating properly, or a 5V, 3.3V, or 12V fuse is blown
24 IP350 and IP380 Appliance Installation Guide Site Requirements
The location and meaning of the status LEDs for network interface cards are explained in Chapter 5, “Connecting PMC Network Interface Cards.” � For information on the built-in Ethernet interface LEDs, see “Ethernet Management Ports” on page 20. � For information on the Dual port Ethernet card LEDs, see “Dual-Port 10/ 100 Ethernet Interface, PMC” on page 49.
Site Requirements Before you install an IP350 or IP380 appliance, ensure that your computer room or wiring closet conforms to the environmental specifications listed in Appendix A, “Technical Specifications.”
Warning Hazardous radiation exposure can occur if you use controls, make performance adjustments, or follow procedures that are not described in this document.
Warning An explosion can occur if the battery is incorrectly placed. Replace only with the same or equivalent type battery recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.
Warning To reduce the risk of fire, electric shock, and injury when you use telephone equipment, follow basic safety precautions. Do not use the product near water.
IP350 and IP380 Appliance Installation Guide 25 1 Overview
Caution Do not place objects over the ventilation holes on the IP350 or IP380 appliance. The components might overheat and become damaged.
Caution For IP350 or IP380 appliances intended for shipment outside of the United States, the cord might be optional. If a cord is not provided, use a power cord rated at 6A, 250V, maximum 15 feet long, made of HAR cordage and IEC fittings approved by the country of end use.
Software Requirements IP350 and IP380 appliances support the following operating system and applications when this guide was published. � Operating System Requirements—IPSO v 3.5.1, 3.7 and later. � Firewall and VPN Software Requirements—Check Point NG VPN-1/ FW-1 FP2 or higher. � Intrusion Detection Software Requirements—ISS RealSecure version 6.5 or 7.0. For information about changes to the software requirements or additional applications that have become available since this guide was published, contact your Nokia service provider, as listed in “Nokia Contact Information” on page 3.
26 IP350 and IP380 Appliance Installation Guide 2 Installing the Appliance
This chapter describes how to install the Nokia IP350 and IP380 appliances. The following topics are covered: � Rack Mounting the Appliance � Connecting Power and Turning the Power On � Connecting Network Interfaces
Caution Protect your IP350 and IP380 appliance and other electronic equipment from static discharge by making sure you are properly grounded before you touch any electronic components.
Note The operating temperature range for the IP350 and IP380 appliance is 0° C to 45° C.
Rack Mounting the Appliance The IP350 and IP380 appliances mount in a standard 19-inch rack with four mounting screws as Figure 7 shows.
IP350 and IP380 Appliance Installation Guide 27 2 Installing the Appliance
Note To avoid damaging your equipment, Nokia recommends that you use all four rack-mounting bolts when you install your appliance on the rack.
Figure 7 Mounting Screws Location
Mounting Screws 00248a
You can relocate the mounting brackets as Figure 8 shows so that the unit is 2 inches forward of the rack. Figure 8 Adjustable Mounting Brackets
00251a Two mounting positions are available allowing you to mount the unit either flush with the rack, or two inches forward of the rack.
28 IP350 and IP380 Appliance Installation Guide Connecting Power and Turning the Power On
Caution Blocking ventilation openings during installation may result in damage to the appliance.
Connecting Power and Turning the Power On The power plug and power switch for the IP350 and IP380 appliances are located on the back of the appliance as Figure 9 shows.
Note The IP350 and IP380 appliance power supplies automatically detect the input voltage (115VAC [90 to 132] or 220VAC [180 to 264]) and configure themselves appropriately.
Figure 9 Back Panel Power Switch
00249
Power switch Power plug
To connect the power supply 1. Connect the power cord securely into the power socket on the back of the appliance. 2. Plug the other end of the cord into a three-wire grounded power strip or wall outlet. 3. Press the power supply switch to the “on” position to activate the IP350 and IP380 appliance.
IP350 and IP380 Appliance Installation Guide 29 2 Installing the Appliance
The fan unit on the power supply turns on when you press the power switch. Verify that the fans are running after you press the switch. Check the power LED on the front panel of the appliance (the Nokia logo) to ensure that the power supply is operating correctly. The power LED should be illuminated. For more information about the system status LEDs, see “Status LEDs” on page 24. If the power supply fans are not running, or if the power LED is not illuminated: � Check the power supply cord to make sure it is properly connected. � Make sure the power supply switch is on. � Make sure the chassis assembly is pushed all the way in from the front of the platform. � Make sure that power is turned on to the power strip or wall receptacle you plugged the appliance in to. If the fans are still not running, or if the power LED does not illuminate, contact your Nokia service provider as listed in “Nokia Contact Information” on page 3 for technical support.
Connecting Network Interfaces Connect at least one network interface to the network to use as the Voyager system management interface. This interface is configured during the system startup procedure, which is described in Chapter 3, “Performing the Initial Configuration.” You can also connect the remaining LAN interface wires at this point, although you are not required to do so. To connect Ethernet devices: � Use a straight-through RJ-45 cable to connect to a 10-Mbps or 100-Mbps hub. � Use a crossover RJ-45 cable to connect directly to a host. For details, see “Ethernet NIC Connectors and Cables” on page 50.
30 IP350 and IP380 Appliance Installation Guide Connecting Network Interfaces
After you connect the network interfaces, continue with Chapter 3, “Performing the Initial Configuration.”.
IP350 and IP380 Appliance Installation Guide 31 2 Installing the Appliance
32 IP350 and IP380 Appliance Installation Guide 3 Performing the Initial Configuration
The first time you turn power on to a Nokia IP350 and IP380 appliance, the initial configuration process begins. This process enables you to configure the network settings and provides access to the admin account. You can perform the initial configuration in two ways. � You can configure a DHCP server to provide the initial configuration information the first time the appliance is started. � You can perform the initial configuration manually by using a console connection. This chapter describes how to perform the initial configuration manually by using a console connection. It includes the following sections: � Using a Console Connection to Perform the Initial Configuration � Accessing Nokia Network Voyager � Using Nokia Horizon Manager For information about how to use the DHCP client for initial configuration, see the Read Me First document included with the appliance.
IP350 and IP380 Appliance Installation Guide 33 3 Performing the Initial Configuration
Using a Console Connection to Perform the Initial Configuration If you do not use DHCP to perform the initial configuration of your IP350 and IP380 appliance, you must use a serial console connection (cable included). After you perform the initial configuration, the console connection is no longer required. You can use any standard VT100-compatible terminal with an RS-232 data terminal equipment (DTE) interface or terminal-emulation program configured with the following settings for the console: � 9600 bps � 8 data bits � No parity � 1 stop bit
To connect to the console 1. Connect the supplied null-modem cable (console cable) to the console port on the front panel of the IP350 and IP380 appliance. Use only the DB9 port on the front panel labeled Console; the serial (AUX) port is an auxiliary modem port. If you connect the console port to a data communications equipment (DCE) device, use a straight-through cable.
00248a
Console port
For cable pin assignments for the console connection, see “Built-in Console Port” on page 21.
34 IP350 and IP380 Appliance Installation Guide Using a Console Connection to Perform the Initial Configuration
2. Connect the other end of the cable to the VT100 console or to a system running a terminal-emulation program.
To perform the initial configuration 1. Turn on the appliance. At the console a series of startup messages appears, then the following prompt appears: BOOTMGR[0]> The prompt remains on the screen for about five seconds.
Note For information about using the boot manager, see Chapter 7, “Using the Boot Manager.”
After some miscellaneous output appears, the following prompt appears: Hostname? If the Hostname? prompt does not appear on the console, check the console port and console display connections to ensure that the serial cable is completely plugged in at both ends. If you verify the console connections and still do not see either the BOOTMGR> or Hostname? prompts, verify that the terminal or terminal emulator program settings are correct. If the settings are correct, contact your Nokia service provider as listed in “Nokia Contact Information” on page 3. 2. Respond to the Hostname? prompt within 30 seconds to prevent the DHCP client from starting. If the DHCP client starts, it might configure the appliance with an incorrect host name and IP address (this could happen if a DHCP server on your network is configured to respond to any request). To reset the incorrect host name and IP address: a. Establish a console connection to the system. b. Enter the following:
IP350 and IP380 Appliance Installation Guide 35 3 Performing the Initial Configuration
rm /config/active or mv /config/active /config/active.old c. Reboot the appliance. d. Respond to the Hostname? prompt within 30 seconds to prevent the DHCP client from restarting. 3. At each subsequent prompt, type the requested configuration information and then press Enter. For more information about how to respond to the prompts during the initial configuration process, see the release notes for the Nokia software release you are running. 4. After you complete the initial configuration, you can use Voyager to configure the remaining network ports.
Accessing Nokia Network Voyager You can use Voyager to configure the remaining network ports on your IP350 and IP380 appliance.
To open Voyager 1. Start Netscape Navigator or Microsoft Internet Explorer on the host you want to use to complete the configuration. 2. In the Location or Address field, enter the IP address of the initial interface you configured on the appliance. You are prompted to enter the admin username and the password you entered when performing the initial configuration.
Note If the username popup menu does not appear, you might not have a network connection between the host and your IP350 and IP380
36 IP350 and IP380 Appliance Installation Guide Accessing Nokia Network Voyager
appliance. Confirm the information you entered during the initial configuration and check that all cables are firmly connected.
Accessing Voyager Reference Information As you use Voyager, the Voyager Reference Guide and Voyager inline help are available for you to use. You can access both information sources from the Voyager interface, as Figure 10 shows. Figure 10 Voyager Reference Access Points
Link to Online Help (Voyager Reference
Links to Inline Help (Context Sensitive)
Voyager Reference Guide The Voyager Reference Guide is the reference source for Voyager. To access this source, click Doc.
IP350 and IP380 Appliance Installation Guide 37 3 Performing the Initial Configuration
You can also access the Voyager Reference Guide at the Nokia support site (https://support.nokia.com) or on the CD that was delivered with your IP350 and IP380 appliance (doc\voyager_guide.pdf). Alternatively, you can order a printed copy.
Voyager Inline Help You can access inline help when you use Voyager. Inline help is the context- sensitive information source for Voyager. To enable inline help for a specific subject, click the Help icon next to the subject. You can also click Help at the top of the Voyager window to get inline help for the entire Voyager window. To turn off inline help, click Close.
Using Voyager to Monitor an IP350 or 380 Appliance After you install and configure your IP350 and IP380 appliance, you can use Voyager to monitor its operation. Click Monitor from the Voyager home page to access the monitoring functions. After you finish configuring the network interfaces with Voyager, the appliance is ready for routing and application configuration. Use Voyager to configure the routing performed by the appliance. For information about how to access Voyager, see “To open Voyager” on page 36. Use the documentation provided with your security application to configure firewall, VPN, and intrusion detection software.
Using Nokia Horizon Manager You can use Horizon Manager to install and upgrade the Nokia proprietary IPSO operating system. For information about how to obtain Horizon Manager, see the “Nokia Contact Information” on page 3.
38 IP350 and IP380 Appliance Installation Guide 4 Installing and Replacing Network Interface Cards
Your IP350 and IP380 appliances come with any network interface cards (NICs) you ordered already installed. This chapter describes how to remove, add, or replace NICs later if it becomes necessary. The following topics are covered: � Deactivating Configured Interfaces � Removing, Installing, and Replacing NICs � Configuring and Activating Interfaces � Monitoring Network Interface Cards For detailed information on specific network interface cards, see Chapter 5, “Connecting PMC Network Interface Cards.”.
Caution You should have a working knowledge of networking equipment before attempting to service an IP350 or IP380 appliance. Limit service of the unit to the procedures described in this chapter.
IP350 and IP380 Appliance Installation Guide 39 4 Installing and Replacing Network Interface Cards
Caution Protect your IP350 or IP380 appliance and other electronic equipment from electrostatic discharge (ESD) by making sure you are properly grounded before touching any electronic components.
Deactivating Configured Interfaces If you are removing or replacing an installed network interface card, use Voyager to deactivate any configured ports on the NIC before removing it. � Deactivate all of the logical interfaces on the NIC. � Deactivate all of the physical interfaces on the NIC. If you do not deactivate the interfaces before removing the NIC, you may have to reinstall the NIC to deactivate its logical and physical interfaces in Voyager. For information about how to access Voyager, see “Accessing Nokia Network Voyager” on page 36.
Removing, Installing, and Replacing NICs
Note Before removing a configured network interface card with these instructions, you must deactivate the NIC in Voyager. See “Deactivating Configured Interfaces” for additional information.
Use these instructions to remove, install, or replace a NIC in IP350 and IP380 appliances. Some steps are not applicable to all procedures. The instructions point out steps appropriate to each procedure.
40 IP350 and IP380 Appliance Installation Guide Removing, Installing, and Replacing NICs
To remove, install, or replace a network interface card
Note Because power to IP350 and IP380 appliances is automatically disconnected when the chassis assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis assembly fully removed from the appliance. Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.
1. Use Network Voyager to shut the system down. For information about how to access Voyager, see “Accessing Nokia Network Voyager” on page 36. 2. Use your fingers or a screwdriver to loosen the thumbscrews that hold the chassis assembly.
00248a Chassis assembly thumbscrews
IP350 and IP380 Appliance Installation Guide 41 4 Installing and Replacing Network Interface Cards
3. Gently pull the chassis assembly forward to expose the NIC connectors. Be careful not to pull the chassis assembly entirely out of the appliance.
00252a 4. From underneath the chassis assembly, remove the bezel retaining screws.
00254b
If you are installing a NIC in an unoccupied slot, remove the blank bezel that occupies the space in the appliance front panel, retain it for future use, and proceed to step 7.
42 IP350 and IP380 Appliance Installation Guide Removing, Installing, and Replacing NICs
5. From above the chassis assembly, remove the NIC retaining screws from the back of the NIC.
00255a
6. Remove the NIC by lifting the back of the NIC away from the chassis assembly and pulling the NIC gently away from the front panel.
00 7. Insert the new NIC or blank bezel.
IP350 and IP380 Appliance Installation Guide 43 4 Installing and Replacing Network Interface Cards
If you are removing a NIC without installing another NIC: a. Insert a blank bezel into the front panel slot formerly occupied by the NIC and push it gently into place. Make sure that the bezel is completely seated into the front panel and that the screw holes on the bottom of the bezel align with those in the front panel. b. Proceed to step 9. If you are installing or replacing a NIC, insert the NIC. a. Insert the NIC bezel into the front panel.
00256a
b. Gently push the back of the NIC down toward the chassis assembly. Make sure that the NIC edge is completely seated into the connectors on the chassis assembly.
44 IP350 and IP380 Appliance Installation Guide Removing, Installing, and Replacing NICs
8. From the top of the chassis assembly, screw the NIC retaining screws into the standoffs on the back of the NIC.
00255b 9. From beneath the chassis assembly, screw in the bezel retaining screws.
00254a
IP350 and IP380 Appliance Installation Guide 45 4 Installing and Replacing Network Interface Cards
10. Close the chassis assembly until it clicks into place.
00252c 11. Tighten the thumbscrews that hold the chassis assembly.
00248a
Chassis assembly thumbscrews
The system automatically restarts when the chassis assembly clicks into place.
Configuring and Activating Interfaces The IP350 or IP380 appliance automatically detects any new NIC when the system is restarted. Use Voyager to configure and activate the logical and physical interfaces on the NIC. For information about how to access Voyager and the related reference materials, see “To open Voyager” on page 36.
46 IP350 and IP380 Appliance Installation Guide Monitoring Network Interface Cards
Monitoring Network Interface Cards You can asses the general operating condition of the NICs in your appliance by looking at the LED status indicators on the NICs. The status indicators for each NIC are explained in the NIC reference chapter. � For the status indicator information for the built-in Ethernet ports or the dual-port Ethernet NIC, see “Dual-Port 10/100 Ethernet Interface, PMC” on page 49. Use Voyager to access detailed port information. For information about accessing Voyager, see “Accessing Nokia Network Voyager” on page 36. You can also use the IPSO tcpdump command to examine the track on a specific port.
IP350 and IP380 Appliance Installation Guide 47 4 Installing and Replacing Network Interface Cards
48 IP350 and IP380 Appliance Installation Guide 5 Connecting PMC Network Interface Cards
This chapter describes the PMC NICs available for the IP350 and IP380 appliances and explains how to connect those NICs to your network. The following NICs are covered: � Dual-Port 10/100 Ethernet Interface, PMC For instructions on adding or replacing interface cards, see Chapter 4, “Installing and Replacing Network Interface Cards”
Caution Protect your IP350 or IP380 appliance and other electronic equipment from electrostatic discharge (ESD) damage by making sure you are properly grounded before you touch any electronic component.
Dual-Port 10/100 Ethernet Interface, PMC Every IP350 and IP380 appliance has four built-in dual-mode 10-Mbps and 100-Mbps ports. Additionally, the appliance supports Nokia-approved, dual-port UTP5 dual-mode 10-Mbps and 100-Mbps Ethernet NICs. When you purchase an Ethernet NIC with your IP350 and IP380 appliance, the NIC is installed before the appliance is delivered to you. For information
IP350 and IP380 Appliance Installation Guide 49 5 Connecting PMC Network Interface Cards
on how to add or replace a NIC later if it become necessary, see Chapter 4, “Installing and Replacing Network Interface Cards.”
Ethernet PMC NIC Features The Ethernet PMC NIC supports tracing through tcpdump. You can configure and monitor Ethernet interfaces with Voyager. Specifically, you set the port speed and full-duplex or half-duplex mode by using Voyager. For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36. Figure 11 shows the front panel layout of the dual-port Ethernet NIC. Figure 11 Dual-Port Ethernet NIC Front Panel Details
Link LEDs (green) NOKIA 10/100
00258 RJ-45 connectors Activity LEDs (yellow) After the power is turned on, the Ethernet link LEDs on the appliance and on the remote equipment illuminate to indicate the connection. As data is transmitted, the activity LEDs on the appliance light up.
Ethernet NIC Connectors and Cables The connectors on the Ethernet NIC are RJ-45 connectors: � To connect to a 10-Mbps or 100-Mbps hub, use a straight-through RJ-45 cable. � To connect directly to a host, use an RJ-45 crossover cable.
50 IP350 and IP380 Appliance Installation Guide Dual-Port 10/100 Ethernet Interface, PMC
Use IEEE 802.3 10BASE-T, 100BASE-TX unshielded twisted-pair, full- duplex or half-duplex cable.
Caution Cables that connect to the Ethernet card must be IEEE 802.3 compliant to prevent potential data loss.
You can order appropriate adapter cables separately. You can order additional cables from a cable vendor of your choice. Figure 12 shows the pin assignments for the cable. The RJ-45 cable output connector is numbered from right to left, with the copper tabs facing up and toward you. Figure 12 Output Connector for the Ethernet Cable
81 Pin# Assignment
1TX
2TX
3RX
00113b 4
5
6RX
7
8
Figure 13 shows the pin assignments for the RJ-45 cross-over cable.
IP350 and IP380 Appliance Installation Guide 51 5 Connecting PMC Network Interface Cards
Figure 13 Ethernet Crossover-Cable Pin Connections
00017
52 IP350 and IP380 Appliance Installation Guide 6 Installing and Replacing Other Components
This chapter provides information on how to add or replace user serviceable items other than network interface cards in your IP350 and IP380 appliance. The following topics are covered: � Installing a PCMCIA Modem � Replacing a Hard-Disk Drive � Replacing or Upgrading Memory � Installing an Encryption Accelerator Card For instructions on adding or replacing interface cards, see Chapter 4, “Installing and Replacing Network Interface Cards”
Caution You should have a working knowledge of networking equipment before attempting to service an IP350 or IP380 appliance. Limit service of the appliance to the procedures described in this chapter.
Caution Protect your IP350 or IP380 appliance and other electronic equipment from electrostatic discharge (ESD) damage by making sure you are properly grounded before you touch any component.
IP350 and IP380 Appliance Installation Guide 53 6 Installing and Replacing Other Components
Installing a PCMCIA Modem The IP350 and IP380 appliances support a PCMCIA modem card that allows you to set the country code through Voyager. For information about the country codes, see the Voyager Reference Guide.
Note The IP350 and IP380 support Ositech Five of Clubs and Ositech Five of Clubs II PCMCIA modems. Nokia recommends that you purchase your modem only from Nokia or authorized resellers. For further information, contact the appropriate Nokia customer support site listed “Nokia Contact Information” on page 3.
To use a modem with an IP350 or IP380 appliance 1. If the modem is not already installed, insert the PCMCIA modem into either the top or bottom PCMCIA slot until the modem clicks into place.
00248a PCMCIA Slots
The modem and the ejector tab on the left of the slot protrude from the unit. The appliance automatically recognizes the modem. 2. Connect the modem to a phone line. Use the appropriate cable for the modem and telephone system in the country in which the device is used. To configure IPSO to allow logins through the modem, click Config on the Home page in Voyager and then click on the Network Access and Services link in the Security and Access Configuration section.
54 IP350 and IP380 Appliance Installation Guide Replacing a Hard-Disk Drive
For information about accessing Voyager and the related reference materials, see “Using Voyager to Configure the Network Interfaces” on page 67.
Replacing a Hard-Disk Drive The IP350 and IP380 appliances include one hard-disk drive unit, which you can remove and replace. The following figure shows the location of the hard- disk drive on the motherboard.
Note Back up your hard-drive files to a remote system on a regular basis. For back up and restore procedures, see the IPSO release notes.
Figure 14 Hard-Disk Drive Location
Hard-disk drive
00253
Note The disk drive must contain the IPSO partitions and boot loader before installation. For further information, contact the appropriate Nokia customer support site as listed in “Nokia Contact Information” on page 3.
IP350 and IP380 Appliance Installation Guide 55 6 Installing and Replacing Other Components
To replace a hard-disk drive 1. Use Voyager to shut the system down. For information about how to access Voyager, see “Accessing Nokia Network Voyager” on page 36. 2. Loosen the thumbscrews that hold the chassis assembly.
00248a Chassis assembly thumbscrews 3. Gently slide the chassis assembly forward to remove the tray from the appliance so you can access the hard-disk drive retaining screws from the bottom of the tray.
00252a
Note Because power to a IP350 or IP380 is automatically disconnected when the chassis assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis assembly fully removed from the appliance. Power is still active in the chassis body
56 IP350 and IP380 Appliance Installation Guide Replacing a Hard-Disk Drive
and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.
4. From the bottom of the chassis assembly, remove the retaining screws that hold the hard-disk drive unit.
00261
5. Gently remove the hard-disk drive from the motherboard, taking care not to damage the connector. 6. Insert the new hard-disk drive unit.
00262
IP350 and IP380 Appliance Installation Guide 57 6 Installing and Replacing Other Components
Note Push the disk gently into place. Take care to align the connectors correctly as the connectors are not keyed.
7. Tighten the retaining screws that holds the hard-disk drive into place.
00261
8. Slide the chassis assembly back into the appliance until it clicks into place.
00252c
58 IP350 and IP380 Appliance Installation Guide Replacing or Upgrading Memory
9. Tighten the thumbscrews that hold the chassis assembly.
00248a
Chassis assembly thumbscrews The system automatically restarts when the chassis assembly clicks into place.
Replacing or Upgrading Memory The IP350 and IP380 appliances have two dual inline memory-module (DIMM) sockets. This section explains how to upgrade or replace the memory for either platform by using a Nokia-approved memory upgrade kit. � The IP350 comes with 256 MB of memory in one DIMM and can be upgraded to 512 MB by adding a second 256 MB DIMM.
Caution The IP350 appliance cannot function with more than 512 MB of memory. If more than 512 MB of memory is installed in an IP350, the system displays a warning message and shuts down.
� The IP380 appliance comes with 256 MB of memory in one DIMM and can be upgraded to 512 MB by adding a second 256 MB DIMM, or upgraded to 1 GB by replacing the 256 MB DIMM with two (2) 512 MB DIMMs.
IP350 and IP380 Appliance Installation Guide 59 6 Installing and Replacing Other Components
Note Nokia recommends that you obtain memory kits only from Nokia or authorized resellers. For further information, contact the appropriate Nokia customer support site listed “Nokia Contact Information” on page 3.
The DIMM sockets are located at the right of the motherboard, as you look at the appliance from the front, as Figure 15 shows. Figure 15 DIMM Socket Locations
DIMM sockets
00253
Before You Start To upgrade or replace the memory in your appliance, you need the following: � Physical access to the appliance � Nokia memory upgrade kit and accompanying documentation � Access to the appliance through Voyager or Lynx
60 IP350 and IP380 Appliance Installation Guide Replacing or Upgrading Memory
Caution To protect the IP350 or IP380 appliance and the memory modules from electrostatic discharge (ESD), make sure you are properly grounded before you touch these components.
Note Because power to a IP350 or IP380 appliance is automatically disconnected when the chassis assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis assembly fully removed from the appliance. Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.
Adding or Replacing DIMMs
To add or replace DIMMs 1. Use Voyager or Lynx to perform an orderly shutdown of the IP350 or IP380 appliance. For information about accessing Voyager, see “Accessing Nokia Network Voyager” on page 36.
IP350 and IP380 Appliance Installation Guide 61 6 Installing and Replacing Other Components
2. Loosen the two front panel thumbscrews.
00248a
Chassis assembly thumbscrews
3. Slide the chassis assembly forward to expose the DIMM sockets Be careful not to pull the chassis assembly entirely out of the appliance.
00252a
62 IP350 and IP380 Appliance Installation Guide Replacing or Upgrading Memory
4. Remove any memory module necessary by pressing the two retaining clips outward and carefully pulling each DIMM upward as the following figure shows.
00263
You might need to pull opposite ends of the DIMM alternately to gradually free it from the contact pins. 5. The memory DIMMs are keyed to prevent improper insertion. Press the new DIMM into the socket until it clicks into place.
IP350 and IP380 Appliance Installation Guide 63 6 Installing and Replacing Other Components
The top of the DIMM is smooth. The bottom edge has three different length sets of contacts, which mate with the slots on the socket. Be sure the contacts and slots are properly aligned before you insert the DIMM.
00264
The retaining clips move into the lock position as you press the DIMM into place. 6. Slide the chassis assembly back into the appliance until it clicks into place.
00252c
64 IP350 and IP380 Appliance Installation Guide Replacing or Upgrading Memory
7. Resecure the two thumbscrews.
00248a
Chassis assembly thumbscrews
The appliance automatically recognizes the new memory configuration. You can verify this from the Voyager or Lynx interface.
IP350 and IP380 Appliance Installation Guide 65 6 Installing and Replacing Other Components
Installing an Encryption Accelerator Card
Note The IP350 does not support the optional encryption accelerator card.
This section contains information about the Nokia encryption accelerator card for the IP380 appliance. The card provides high-speed cryptographic processing that enhances VPN performance. Both the IP350 and IP380 appliances provide built-in hardware-based encryption acceleration. The IP380 also supports an optional encryption accelerator card to further enhance VPN performance. No hardware configuration is required for the encryption accelerators. The built-in hardware encryption accelerators are enabled by default on both appliances. Installing the optional encryption accelerator card on the IP380 automatically disables the built-in accelerator and enables the card. Removing the card reverses the process. You must, however, use Voyager to configure your software applications (IPsec or Checkpoint VPN) to make use of the available hardware accelerator. For details, see “Configuring Software to Use Hardware Acceleration” on page 71. When you order an accelerator card with the appliance, the card is installed before the appliance is delivered. This section provides instructions for installing or replacing the card at a later time. The IP380 appliances use a PMC format accelerator card. The accelerator card has no external connections and requires no cables. The accelerator card software package is part of IPSO, so the appliance automatically detects and configures the card. For tasks related to installing the encryption accelerator card, see the following topics: � “Installing an Encryption Accelerator Card” on page 66 � “Configuring Software to Use Hardware Acceleration” on page 71
66 IP350 and IP380 Appliance Installation Guide Installing an Encryption Accelerator Card
Before You Start Before you install the card, you need: � Physical access to the unit � A Phillips-head screwdriver � Four screws (included in packaging) � A disposable wrist strap (included in packaging)
Warning To help guard against electrostatic discharge damage, follow the instructions on the wrist strap envelope before you handle the accelerator card or open the appliance.
Installing the Card 1. Use Voyager or Lynx to shut down the appliance. 2. Loosen the two front-panel thumbscrews.
00248a
Chassis assembly thumbscrews
IP350 and IP380 Appliance Installation Guide 67 6 Installing and Replacing Other Components
3. Slide the chassis assembly forward to expose the motherboard components, as the following figure shows.
00252a 4. Locate the PMC connectors on the rear of the motherboard.
Caution Make sure you locate the correct connectors for the VPN acceleration card. Do not use the PMC connectors located at the front of the motherboard, those connectors are for NICs.
68 IP350 and IP380 Appliance Installation Guide Installing an Encryption Accelerator Card
PMC connectors for VPN card AB
Standoffs
Insert the VPN card into connectors. Screw card into standoffs.
00267 5. Position the male PMC connectors on the card over the female PMC connectors on the motherboard. The two sets of connectors should be aligned with each other. The four screw holes and four standoffs should also be aligned with one another. 6. Push down on the card until it is properly seated on the motherboard.
IP350 and IP380 Appliance Installation Guide 69 6 Installing and Replacing Other Components
7. Place the screws through the standoff holes on the card and into the standoffs on the motherboard.
Screw
Accelerator card Standoff hole
Motherboard standoff
8. Turn each screw clockwise so that the card is attached to the standoffs. Do not tighten completely. 9. Make sure that all four standoff connections are properly aligned. 10. To secure the connections, tighten the screws firmly, but do not overtighten. 11. Slide the chassis assembly back into the appliance and resecure the two thumbscrews.
00248a
Chassis assembly thumbscrews Reseating the chassis assembly automatically restores power to the appliance.
70 IP350 and IP380 Appliance Installation Guide Installing an Encryption Accelerator Card
12. Configure your software to use hardware acceleration. For more information, see “Configuring Software to Use Hardware Acceleration” on page 71.
Configuring Software to Use Hardware Acceleration Use Voyager to configure virtual private network (VPN) tunnels to use hardware acceleration. This step is necessary for both the built-in hardware accelerators and for the optional encryption accelerator card on the IP380. The way you enable the software depends on whether you create VPN tunnels with Voyager or with Check Point software. If you use Voyager to create a VPN tunnel, see “To configure IPsec.” If you use Check Point software to create a VPN tunnel, see “To configure Check Point VPN.”
To configure IPsec 1. Start Nokia Network Voyager for your appliance. 2. On the Voyager home page, click Config. 3. Under Interfaces, click IPSec. 4. Scroll down and click IPSec Advanced Configuration. 5. At Hardware Device Configuration, click On. 6. Click Apply to enable the card.
To configure Check Point VPN 1. Start Nokia Network Voyager for your appliance. 2. On the Voyager home page, click Config. 3. Scroll down to Security and Access Configuration and click Cryptographic Hardware Acceleration. 4. At Hardware Device Configuration, click On. 5. Click Apply to enable the card.
IP350 and IP380 Appliance Installation Guide 71 6 Installing and Replacing Other Components
You can also monitor Nokia encryption accelerator card interfaces with Voyager. For more information about accessing Voyager and locating relevant reference materials, see the Voyager Reference Guide.
72 IP350 and IP380 Appliance Installation Guide 7 Using the Boot Manager
This chapter describes using the IPSO boot manager. The following topics are discussed in this chapter: � Variables � Booting the System � Using the Boot Manager to Install IPSO � Protecting the Boot Manager with a Password � Installing the Boot Manager � Upgrading the Boot Manager The IP350 and IP380 platforms incorporate a boot manager on disk to control the boot-up process. The boot manager allows you to perform a number of tasks, including the following: � Booting from alternate kernels, which might reside on nondefault devices or directories � Installing new versions of IPSO (the operating system) � Obtaining system information � Performing various housekeeping tasks When you first receive your IP350 or IP380 appliance, the boot manager uses factory-default parameters (kernel, boot device, and so on) for the boot process. The factory defaults cause the appliance to bypass the boot manager prompt after a five-second wait. You can change these defaults to reflect your own needs, or you can use different parameters in the command line at boot time. The boot manager maintains the default values of these parameters on
IP350 and IP380 Appliance Installation Guide 73 7 Using the Boot Manager
the hard-disk drive. You can set these values by using boot manager commands. This chapter describes the boot manager commands.
Variables A number of variables are stored by the boot manager in nonvolatile memory. You can set and view most variables from the boot manager prompt. The following sections describe how to view and set the variables. The variables are:
Table 4 Boot manager variables
Variable Description
boot manager The version number of the boot manager. This variable revision cannot be set from the command line.
autoboot If autoboot is set to no, the IP350 or IP380 appliance stops at the boot manager command line during the boot process. If autoboot is set to yes, the IP350 or IP380 appliance does not stop at the boot manager command line during a boot up. It does wait for the amount of time specified in bootwait for input from the keyboard. If input is received, the boot manager goes to the command line; otherwise, it proceeds with the boot up. Factory default: yes.
bootwait The amount of time, in seconds, that the boot manager waits for input during a boot up when autoboot is set to yes. Factory default: five seconds.
74 IP350 and IP380 Appliance Installation Guide Variables
Table 4 Boot manager variables
Variable Description
boot-file The name of the operating system kernel file. Factory default: /image/current/kernel.
boot-flags The string of flags passed to the kernel. Factory default: -x.
The following table shows possible boot flags.
Flag Meaning
-d Debug Mode: Enters the kernel debugger as soon as possible in the kernel initialization.
-s Single-User Mode: If the console is marked as insecure, you must enter the root password to access the manager.
-v Verbose Mode: Verbose during device probing and thereafter.
boot-device: This is the device from which the boot-file loads. Factory default: wd0. Options: wd0 (hard disk).
IP350 and IP380 Appliance Installation Guide 75 7 Using the Boot Manager
Viewing the Variables and Other System Parameters
printenv Use the printenv command to view the values of variables currently stored in the boot manager nonvolatile memory. The command has the following syntax: printenv For example: BOOTMGR[93]> printenv Bootmgr Revision: 3.3,base kernel=3.5.1- 06.12.2002- 080000 autoboot: YES testboot: NO bootwait: 0 boot-file: boot-flags: boot-device: vendor: Nokia model: IP
76 IP350 and IP380 Appliance Installation Guide Variables
sysinfo Use the sysinfo command to view system information such as CPU speed, memory size, and so forth. The command has the following syntax: sysinfo For example: CPU 0: 700 MHz Pentium-III w ATC Memory: 268435456 (256M bytes) Disk Devices: IO port 0x1f0 wdc0: unit 0 (wd0):
IP350 and IP380 Appliance Installation Guide 77 7 Using the Boot Manager
ls Use the ls command to view the contents of directories on the devices in your IP350 or IP380 appliance. The command has the following syntax: ls device directory where device is the device containing the directory you want to look at, and directory is the directory on that device. Both device and directory are optional. The default directory is /image on the wd0 device. For example: BOOTMGR[2]> ls wd0 /image/current .description bootmgr etc kernel.debug usr VERSION cdrom ipso.tgz mnt web bin dev kernel sbin
Setting the Variables
setenv Use the setenv command to set a particular variable. The command has the following syntax: setenv name value where name is the name of the variable, and value is the new value you want the variable to assume. For example: BOOTMGR[2]> setenv autoboot yes sets the value of autoboot to be yes.
78 IP350 and IP380 Appliance Installation Guide Variables
unsetenv Use the unsetenv command to clear a particular variable. The command has the following syntax: unsetenv name where name is the name of the variable to be cleared. For example, the following command clears the boot-file variable: BOOTMGR[2]> unsetenv boot-file
Note This command sets the autoboot variable to no, and the bootwait variable to zero.
set-defaults Use the set-defaults command to set variables to their factory-default values. The command has the following syntax: set-defaults name where name is the name of the variable to be set to its factory default. If name is not specified, all variables are set to their factory defaults. For example, the following command sets the value of autoboot to be yes, the factory default: BOOTMGR[2]> set-defaults autoboot
setalias Use the setalias command to set an alias. The command has the following syntax: setalias name device where name is the alias name, and device the device for which name is the alias.
IP350 and IP380 Appliance Installation Guide 79 7 Using the Boot Manager
For example, the following command sets the alias disk to have the value of wd0: BOOTMGR[2]> setalias disk wd0 You can have a maximum of eight aliases set at one time.
unsetalias Use the unsetalias command to clear an alias. The command has the following syntax: unsetalias name where name is the name of the alias to be cleared. For example, the following command deletes the disk alias from the list of aliases: BOOTMGR[2]> unsetalias disk
Other commands
halt Use the halt command to halt the system. The command has the following syntax: halt
help Use the help command to display a list of the available commands. The command has the following syntax: help or ?
80 IP350 and IP380 Appliance Installation Guide Booting the System
Booting the System The boot command lets you boot up the operating system (IPSO). It allows you to set the boot device, boot file, and boot flags from the command line. The command has the following syntax: boot boot-device boot-file boot-flags where boot-device is the storage device from which the operating system loads at boot up, and boot-file is the operating system kernel. The boot-flags control the operation of the command. Refer to the boot flag table in “Variables” on page 74. For example, at the boot manager command prompt enter the following: BOOTMGR[0]> boot wd0 /image/current/mykernel -vd This command boots mykernel from disk wd0 in verbose and debug mode. You can supply all, any, or none of the arguments. If you do not supply an argument, the boot manager uses its default. It first searches its nonvolatile memory to see if the corresponding default argument is specified there. If so, it uses that value; if not, it defaults to the values in the following table:
Argument Default
boot-device wd0 (the hard-disk drive)
boot-file /image/current/kernel
boot-flags -x
IP350 and IP380 Appliance Installation Guide 81 7 Using the Boot Manager
Using the Boot Manager to Install IPSO Use the install command to install IPSO. The syntax of the command is: install For complete installation procedures, refer to the appropriate version of release notes.
Note A full installation using the install command deletes the existing IPSO image on the IP350 or IP380 appliance.
To install a new copy of the IPSO kernel 1. At the boot manager command prompt, enter: BOOTMGR[0]>install If you used the passwd command to protect this command with a password, the boot manager prompts you for your password before allowing you to execute the install command. 2. Enter the information the install command requests (your system IP address, the server IP address, and other information). 3. Reboot the IP350 or IP380 appliance.
82 IP350 and IP380 Appliance Installation Guide Protecting the Boot Manager with a Password
Protecting the Boot Manager with a Password To prevent accidental or unauthorized access to your IP350 or IP380 appliance hard disk, you can require that the user enter a password to access the boot manager install command. Use the password command to set the password.
Note The password you enter gives you access to the install command in boot manager, not access to IPSO.
To set a password 1. At the boot manager command prompt enter: BOOTMGR[0]> passwd The passwd program prompts you for your current password. 2. If the appliance is protected by a password, enter your current password. The program prompts you for the new password. 3. Enter the new password. The program prompts you to re-enter the new password for verification. 4. Enter the new password again.
Note If you forget your install password, contact the appropriate Nokia Customer Support site as listed in “Nokia Contact Information” on page 3 for information on how to set a new one.
IP350 and IP380 Appliance Installation Guide 83 7 Using the Boot Manager
Installing the Boot Manager The boot manager is installed at the factory; you should not need to re-install it. If you should need to re-install the boot manager, contact the appropriate Nokia customer support site listed in the Nokia Contact Information section at the front of this guide for instructions and a new boot manager. The command to install the boot manager has the following syntax: install_bootmgr boot-device boot-file where boot-device is the storage device to which you write the new boot manager image and from which boot manager image loads at boot up. Boot-file is the new boot manager. The new boot manager options are cpipflash, cpvpnflash, nkipflash, and nkvpnflash. Execute the install_bootmgr command from IPSO (the operating system), not from the boot manager.
Note To install the new boot manager, you must be in single-user mode.
To install the new boot manager 1. Start the appliance in single-user mode. 2. At the IPSO command prompt, enter: /etc/install_bootmgr wd0 /image/current/bootmgr/ nkipflash The command installs the new boot manager image (nkipflash) into the flash device (wd0). The installation takes some time to complete. Do not interrupt the installation process.
84 IP350 and IP380 Appliance Installation Guide Upgrading the Boot Manager
Upgrading the Boot Manager The command to upgrade your boot manager has the following syntax: upgrade_bootmgr boot-device boot-file where boot-device is the storage device from which the boot manager loads at boot up and boot-file is the new boot manager image. The new boot manager options are cpipflash, cpvpnflash, nkipflash, and nkvpnflash. Execute the upgrade_bootmgr command from IPSO (the operating system), not from the boot manager. For complete upgrade procedures, refer to the appropriate version of release notes.
Note To install the new boot manager, you must be in single user mode.
To upgrade the boot manager 1. Get the upgraded boot manager image from the appropriate Nokia customer support site as listed in the Nokia Contact Information section at the front of this guide. 2. Start the IP350 or IP380 appliance in single-user mode. 3. At the IPSO command prompt, enter: /etc/upgrade_bootmgr wd0 /etc/nkipflash The command upgrades the boot manager with the new image (nkipflash), writing it into the hard disk dirve (wd0). The upgrade takes some time to complete. Do not interrupt the upgrade process.
IP350 and IP380 Appliance Installation Guide 85 7 Using the Boot Manager
86 IP350 and IP380 Appliance Installation Guide 8 Troubleshooting
This chapter provides troubleshooting tips, problems, and solutions related to IP350 and IP380 appliance installations. For information about how to reinstall the operating system (IPSO) on to your appliance, see Chapter 7, “Using the Boot Manager.”
General Troubleshooting Information The information in this section relates to non-routing problems. For information about how to troubleshoot routing problems, see “Troubleshooting Routing Problems” on page 97.
Unable to Log in to the Console Port—No Error Message Two laptop computers (using terminal emulation programs) or terminals should be able to communicate back to back in the same way that the terminal communicates with the IP350 and IP380 appliance. If this is not possible using your laptop computer or terminal, the problem is with the terminal or cable and not the appliance.
IP350 and IP380 Appliance Installation Guide 87 8 Troubleshooting
Problem You do not have a console connection to the IP350 and IP380 appliance. Solution For information about how to create a console connection, see “Using a Console Connection to Perform the Initial Configuration” on page 34.
Problem Not connected with a null-modem cable. Solution Verify that you are using a null-modem cable. For pinout information, see “Using a Console Connection to Perform the Initial Configuration” on page 34.
Problem Wrong terminal settings. Solution Verify terminal settings: 8 data, 1 stop, no parity, 9600 bps.
Problem Terminal set for flow control. Solution The IP350 and IP380 appliance does not use flow control. The terminal should be set for no flow control.
Problem Defective IP350 and IP380 appliance or file system. Solution Contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.
Problem Database is corrupt. Solution Return to default settings according to the instructions included in the instructions for resetting the default password, or contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.
Login Prompt Appears, But Password Not Accepted
Problem Entered wrong password. Solution Obtain a valid password or set the password to a default value.
88 IP350 and IP380 Appliance Installation Guide General Troubleshooting Information
To reset the admin password to a default value
Note You must have local serial access to your appliance console to perform this procedure. With a keyboard and monitor directly connected to the appliance, the boot: prompt does not appear, and you cannot perform this procedure.
1. Boot up the appliance in single-user mode by restarting or power cycling the appliance. When the boot: prompt appears, enter -s before the appliance goes into multiuser mode; you have about 10 seconds to do this. 2. After the appliance boots up, the following text appears: Enter pathname of shell or RETURN for sh: Press Enter. 3. Type /etc/overpw at the # prompt. When the response asks if you want to continue, type y. 4. The admin password defaults to no password for admin. Continue to boot to multiuser mode. 5. Reconfigure the password as you normally would in Lynx.
Note Blank passwords are not accepted in Voyager or Lynx. In such cases, enter the following command to reset the password from the command line using a blank password: dbpasswd admin newpassword "" The two double quotation marks at the end of the command properly indicate a blank password. After you execute this command, the system reports that the password was not successfully changed. However, the password is changed and is now newpassword.
IP350 and IP380 Appliance Installation Guide 89 8 Troubleshooting
Finally, return the entire database to its default settings and bring up the new system-startup procedure. The new system-startup procedure is described in Chapter 3, “Performing the Initial Configuration”.
To reset the default database settings 1. Log in to the IP350 and IP380 appliance as admin by using Voyager. For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36. 2. Under Configuration Database Management (Config > System Configuration > Manage Configuration Sets), choose the option to create a new factory default configuration. 3. Create the new default configuration.
Do Not Get a Login Prompt—Error Messages Appear
Problem The IP350 and IP380 appliance is defective, or the file system on the IP350 and IP380 appliance is defective. Solution Contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.
Note Use the full installation procedure to install a new system. The new system completely replaces the contents of the drive and might be needed to restore or reload an IP350 and IP380 appliance. This procedure erases any configuration database on the appliance. For information about how to complete the full installation procedure, see the current release notes. The release notes are located on the Nokia customer support Web site as listed in the “Nokia Contact Information” on page 3.
90 IP350 and IP380 Appliance Installation Guide General Troubleshooting Information
Not Able to Connect to Voyager Using the Ethernet Port, But Console Access Works
Problem Using the wrong Ethernet cable. Solution Use a crossover Ethernet cable if you are connecting directly to the computer. Use a straight-through cable if you are connecting to a hub. For cabling information, see “Dual-Port 10/100 Ethernet Interface, PMC” on page 49.
Problem Port is not configured as active. Solution View the port in Voyager, or from Lynx, and verify that the interface is configured as active.
Problem Host port configuration is incorrect. Solution Check host Ethernet port settings. Verify that IP address and netmask settings are correct for the IP350 and IP380 appliance configuration.
Problem Wrong link speed. Solution Verify that the port on the host and the port on the IP350 and IP380 appliance are set for the same speed (10 Mbps or 100 Mbps). An unblinking data and activity LED on a port is a good indication that there is a speed mismatch.
Problem Duplex setting is wrong. Solution Correct duplex setting.
Do Not See Interfaces that Should be Present
Problem Local IP350 and IP380 appliance ports do not appear. Solution Your NIC might be defective. Contact the appropriate Nokia customer support site as listed in “Nokia Contact Information” on page 3.
IP350 and IP380 Appliance Installation Guide 91 8 Troubleshooting
Note The problem could be with the slot on the PMC card carrier. Try installing the NIC in another slot.
Common Ethernet Problems—Connectivity with Attached Device
Problem No link light. Solution You might have used the wrong cable. Use a crossover cable between an IP350 and IP380 appliance and a host, and a straight-through cable between an appliance and a hub.
Problem Solid data and activity LED. Solution You might have set the wrong speed. Verify that the speeds match on each end of the Ethernet connection (10 Mbps or 100Mbps).
Problem Port not enabled. Solution Verify from the Interface page in Voyager that the interface port is configured as active.
Problem High collision rate on the hub. Solution Disconnect connections one at a time until the problem is localized to one computer and troubleshoot further.
Unable to Ping Through Appliance—No Connectivity Between Ports This section covers connectivity issues that are isolated within an IP350 and IP380 appliance or network.
92 IP350 and IP380 Appliance Installation Guide General Troubleshooting Information
Localize the problem by issuing pings to various network interfaces. Use tcpdump to help isolate the problem. Use tcpdump to verify that a packet is leaving or entering a port.
Problem Interfaces not up. Solution Ensure that all interfaces are up and active, as described in Chapter 3, “Performing the Initial Configuration.”
Problem No route to network. Solution Check the routing table to see if a route exists to the network where the interface is located. If no route exists, see “Troubleshooting Routing Problems” on page 97.
Problem Attached device does not have proper default route or routing information. Solution If a local computer is unable to ping through an attached appliance, the computer might contain either an invalid default route or invalid routing information. If you are using default routes from a computer, ensure that the local interface is the default route for that computer.
Problem The ARP table has old information. Solution If the ARP table has an old or invalid entry for the device associated with the IP address you are attempting to ping, use Voyager to delete the invalid entry. For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
To delete the invalid entry 1. Click Config. 2. Click ARP in the Interfaces section.
IP350 and IP380 Appliance Installation Guide 93 8 Troubleshooting
3. Click Display or Remove Dynamic ARP Entries. 4. Click Delete for the entry you want to delete. 5. Click Apply.
Problems with Multicast Use tcpdump to view packets. To display packets for a specific interface, use the following command: tcpdump -i interface proto igmp. For more information about how to use the tcpdump command, see the Voyager Reference Guide. Under Routing Options in the Routing Configuration section in Voyager, you can also enable several types of trace options for DVMRP. These traces are logged into /var/tmp/ipsrd.log. For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
Problem No IP connectivity. Solution Verify that you have IP connectivity; ping various hosts on each network.
Problem DVMRP is not enabled on the interfaces. Solution Verify that DVMRP is enabled on the interfaces in use.
Problem Exceeding TTL on clients. Solution Verify that the client is set up for the proper TTL number. Many clients are set to receive local traffic only one hop away.
94 IP350 and IP380 Appliance Installation Guide General Troubleshooting Information
Problems Interfacing to 1483 Devices (Classical IP)
Problem Remote and local devices are not configured for the same VC and VP value. Solution Set remote and local devices to the same VC and VP values. Consult your 1483 device documentation.
Problem Remote and local devices are not in the supported VC range of the network interface card. Solution Use ipsctl to determine the VC range. Enter the following command: ipsctl ifphys:logical interface:max_rxlabel
Problem Encapsulation is not set to LLC/SNAP. Solution Set encapsulation to LLC/SNAP. Consult your 1483 device documentation.
Problem The MTU size is not 1500. Solution The MTU size must be 1500. Nokia does not support larger MTU sizes.
Appliance Not Receiving Power
Problem Power cord is not properly plugged in. Solution Check cord. Make sure it is properly seated at both ends.
Problem Power supply not providing power. Solution Check power source. If there is no power at the source, take appropriate action such as inserting a new fuse or resetting circuit breaker.
IP350 and IP380 Appliance Installation Guide 95 8 Troubleshooting
Appliance Does Not Recognize New Memory Configuration
Problem DIMMs are not properly seated in DIMM sockets. Solution Repeat memory installation procedures. Make sure DIMMs are fully seated in sockets. Be sure DIMMs click into place.
Appliance locks up after you upgrade IPSO with a console connection. No error messages appear, but the appliance stops responding to console and network.
Problem During the upgrade process, some of the environment variables might not have updated correctly. Solution You can verify what the current boot manager settings are by issuing a printenv command at the boot manager prompt, as shown in this example: Loading boot manager .. BOOTMGR[0]> printenv Bootmgr Revision: 3.3,base kernel=3.5.1-fcs1 02.12-2001-102644 autoboot: NO bootwait: 5 boot-file: boot-flags: boot-device: No referenced boot-file or boot-device appears. Setting the boot manager to defaults causes the boot manager to determine that no environment variables are set, and it responds by importing the defaults from the binary file. To set the boot manager to defaults, issue the set-defaults command at the boot manager prompt as shown in this example: BOOTMGR> set-defaults
96 IP350 and IP380 Appliance Installation Guide Troubleshooting Routing Problems
If you issue the printenv command again, the boot-file and boot-device entries are present, as shown in this example: BOOTMGR[2]> printenv Bootmgr Revision: 3.3,base kernel=3.5.1-fcs1 02.12.2001-102644 autoboot: YES bootwait: 5 boot-file: /image/current/kernel boot-flags: boot-device: wd0 Issue the halt command to restart your appliance. BOOTMGR> halt
Troubleshooting Routing Problems Several useful tools are available to troubleshoot routing problems. The first tool is available from the Monitor page in Voyager, from which you display routing statistics and errors. You can access this information from the command-line interface using the ICLID (IPSRD command-line interface daemon) command. An example use of the ICLID command is shown below. For information about the ICLID command, see the Voyager Reference Guide. For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
IP350 and IP380 Appliance Installation Guide 97 8 Troubleshooting
Note Adding a question mark (?) after any command provides additional command options. Typing a question mark (?) at a prompt provides a list of available commands.
hostname[admin]# iclid hostname | IP address> hostname | IP address> ? exit get help quit show hostname | IP address> hostname | IP address> show ? address bgp igmp iphelper mfc rip vrrp bootpgw igrp krt ospf route inbound-filter dvmrp interface memory resource version hostname | IP address> show route ? aggregate bgp igrp ospf static all direct inactive rip summary hostname | IP address> show route ospf Codes: C - connected, S - static, I - IGRP, R - RIP, B - BGP, O - OSPF, E - OSPF external, A - Aggregate, K - Kernel Remnant, H - Hidden, S - Suppressed The response to the preceding ICLID command is as follows: 0 172.16/16 via 10.1.1.225, eith-sp4p1c0,cost 3, age 3111 In addition, several trace options are available. You can enable these options under the routing options in Voyager. When a trace is enabled the output appears in /var/tmp/ipsrd.log.
98 IP350 and IP380 Appliance Installation Guide Troubleshooting Routing Problems
Common Problems with OSPF Use tcpdump to view routing information. Use the following command display routing updates for that interface: tcpdump -i interface proto ospf For more information about how to use the tcpdump command, see the Voyager Reference Guide. Under routing options in Voyager, you can also enable several types of trace options for OSPF. These traces are logged in /var/tmp/ipsrd.log. For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
Problem OSPF is not configured. Solution Verify that OSPF is properly configured for all interfaces that are involved in OSPF routing. For more information, see Configuring OSPF from the Configuring Routing document page in Voyager. You can access the document page by pressing Doc.
Problem OSPF hello and dead timers are not the same on each interface for a given link. Solution Verify that the settings at the end of each link are identical.
Problem Attached devices do not support OSPF. Solution Ensure that the attached IP350 and IP380 appliance supports OSPF. If the attached appliance does not support OSPF, configure it with a protocol that the appliance supports and exchange routes with OSPF, or set a default or static route.
Note You can also use ICLID to display OSPF details.
IP350 and IP380 Appliance Installation Guide 99 8 Troubleshooting
Common Problems with RIP Use tcpdump to view routing information. Use the following command to display routing updates for a specific interface: tcpdump -i interface proto rip For more information about how to use the tcpdump command, see the Voyager Reference Guide. Under routing options in Voyager, you can also enable several types of trace options for routing information protocol (RIP). These traces are logged in /var/tmp/ipsrd.log. For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
Problem Inconsistent subnet mask (netmask does not match the class of IP address for RIP v1). Solution RIP version 1 must use consistent subnet masks; change to RIP version 2 or OSPF to use inconsistent subnet masks.
Problem Number of networks exceeds the RIP limit. Solution RIP can span up to 16 networks. Verify that your network topology does not exceed this limit.
Common Problems Exchanging Routes Always enter a metric value if you are exporting routes from OSPF to RIP.
Problem Exchanging routes are not configured correctly. Solution Exchanging routes involves several configuration steps. Follow the tasks in the Voyager Reference Guide (online documentation) to ensure that you follow all steps. For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
100 IP350 and IP380 Appliance Installation Guide Troubleshooting Routing Problems
Problem Routing protocol is not functioning properly. Solution to ensure that each routing protocol is functioning properly, see “Common Problems with OSPF” on page 99 and “Common Problems with RIP” on page 100.
IP350 and IP380 Appliance Installation Guide 101 8 Troubleshooting
102 IP350 and IP380 Appliance Installation Guide A Technical Specifications
Physical Dimensions
Dimensions Height: 1.75 in. (4.45 cm)
Width: 17 in. (44 cm) 19 in. (48 cm) rack mountable
Depth: 16.12 in. (40.94 cm)
Weight 17 lbs. (7.7 kg) base system
Space Requirements The IP350 and IP380 are designed for front-screw mounting in a 19-inch rack. Each IP350 and IP380 requires the following space in a rack: � 1.75 inches (4.45 centimeters) of vertical space � 18 inches (46 centimeters) behind the front-panel of the rack � 6 inches (15 centimeters) behind the IP350 or IP380 appliance to allow the back exit fan to move air through the appliances
IP350 and IP380 Appliance Installation Guide 103 A Technical Specifications
Caution Do not place objects over the ventilation holes on the IP350 or IP380 appliance. The appliance might overheat and become damaged.
NIC Interfaces
Cable Output Cable Type Connector
Ethernet IEEE 802.3 10BASE-T, RJ-45 100BASE-TX unshielded twisted pair, full-duplex or half-duplex
104 IP350 and IP380 Appliance Installation Guide B Compliance Information
This appendix contains the following compliance information:
� Declaration of Conformity � Compliance Statements � FCC Notice (US)
IP350 and IP380 Appliance Installation Guide 105 B Compliance Information
Declaration of Conformity
According to ISO/IEC Guide 22 and EN 45014:
Manufacturer’s Name: Nokia Inc.
Manufacturer’s Address: 313 Fairchild Drive Mountain View, CA 94043-2215 USA
declares that the product:
Product Name: IP350, IP380
Model Number: IP0380
Product Options: All
Serial Number: 1 to 100,000
Date First Applied: 2002
conforms to the following standards:
Safety: EN60950:1992, A1,A2:1993, A3:1995, A4:1997, A11:1998 with Japanese National Deviations
EMC: EN55024 1998, EN55022A 1998, EN61000-3-2, EN61000-3-3
106 IP350 and IP380 Appliance Installation Guide Declaration of Conformity
Supplementary Information:
Pursuant to directive 1999/5/EC this product complies with the requirements of the Low Voltage Directive 73/23/EEC and the EMC Directive 89/336/EEC with Amendment 93/68/EEC.
Alan Hutchinson Manager Regulatory Compliance Engineering Mountain View, California August 2002
IP350 and IP380 Appliance Installation Guide 107 B Compliance Information
Compliance Statements
This hardware complies with the standards listed in this section.
Emissions Standards
FCC Part 15 Subpart B Class A US/Canada EN55022 (CISPR 22 Class A) European Community (CE)
Immunity Standards
EN50024: European Community (CE) EN61000-4-2 EN61000-4-3 EN61000-4-4 EN61000-4-5 EN61000-4-6 EN61000-4-8 EN61000-4-11 ENV50204
Harmonics and Voltage Fluctuation
EN61000-3-2 European Community (CE) EN61000-3-3 European Community (CE)
Safety Standards
UL60950 US Can/CSA-C22.2 No. 950 Canada
108 IP350 and IP380 Appliance Installation Guide FCC Notice (US)
FCC Notice (US) This device has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this device does cause harmful interference to radio or television reception, the user is encouraged to try to correct the interference by one or more of the following measures: � Reorient or relocate the receiving antenna. � Increase the separation between the computer and receiver. � Connect the computer into an outlet on a circuit different from that to which the receiver is connected. � Consult the dealer or an experienced radio/TV technician for help.
Caution Any changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment.
IP350 and IP380 Appliance Installation Guide 109 B Compliance Information
110 IP350 and IP380 Appliance Installation Guide Index
A ls 78 printenv 76 accelerator card 66 setalias 79 accessing and removing DIMMs 61 set-defaults 79 appliance components 19 setenv 78 arguments 81 sysinfo 77 attaching accelerator card to motherboard 70 unsetalias 80 autoboot variable 74 unsetenv 79 configuring B with Voyager 36 boot command 81 connections boot manager 73 Ethernet network interface cards 50 booting the system 81 modem 23 installing 84 power 29 installing IPSO using 74, 82 connector pin assignments password protection for 83 Ethernet network interface cards 51 upgrading 85 connectors for variables used by 74, 81 Ethernet network interface cards 50 boot manager revision variable 74 console cable 34 boot-device variable 75 boot-file variable 75 D boot-flags variable 75 data communications equipment device 34 bootwait variable 74 deactivating, network interface cards 40 DIMMs C accessing and removing 61 commands adding 61 halt 80 socket locations 60 help 80 documentation ICLID 97 structure 11 install 82 dual-port Ethernet network interface card 50
IP350 and IP380 Appliance Installation Guide Index - 111 E monitoring IP350 and IP380 appliances 24 encryption accelerator card 66 Ethernet cable output connector 51 N Ethernet crossover-cable pin connections 52 network interface cards Ethernet management ports 20 deactivating 40 Ethernet network interface cards dual-port Ethernet 50 cable pin assignments 51 front panel location 19 connecting to 50 installing 39, 40 connectors 50 types supported 21 NIC H deactivating 40 halt command 80 null-modem cable 34 hard disk drive, replacing 55 help command 80 O opening Voyager 36 I output connector ICLID command 97 for the Ethernet cable 51 install command 82 installing P network interface cards 40 PCMCIA modem, installing 54 PCMCIA modem 54 PCMCIA modems, slot for 21 interfaces pin assignments for modem specifications 104 connections 22, 23 IP350 appliances, monitoring 24 power connections 29 IP380 appliances, monitoring 24 printenv command 76 IPSO, booting 81 R L replacing, hard disk drive 55 ls command 78 reset switch 19 RJ-45 connector 50, 51 M management ports 20 S memory secondary status LEDs 25 capacity 59 setalias command 79 upgrading 59 set-defaults command 79 modems, PMCIA 21 setenv command 78
Index - 112 IP350 and IP380 Appliance Installation Guide setting variables 78 space requirements 103 specifications interfaces 104 specifications, technical 103 static discharge 61 sysinfo command 77
T technical specifications 103 troubleshooting 87
U unsetalias command 80 unsetenv command 79 upgrading memory 59
V variables autoboot 74 boot flag 75 boot manager 74 boot-device 75 boot-file 75 bootwait 74 setting 78 viewing 76 Voyager opening 36
IP350 and IP380 Appliance Installation Guide Index - 113 Index - 114 IP350 and IP380 Appliance Installation Guide