Anda di halaman 1dari 73

NetEnforcer

AC-400 Series
Policy Based Bandwidth Management

Hardware Guide
P/N D360001 R3

Important Notic e
Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and
will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form of
action, whether in contract, tort (including negligence), strict liability or otherwise.
SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR
INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND
SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOT
ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN
THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.
Please read the End User License Agreement and Warranty Certificate provided with this product before using the product.
Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty
Certificate.
WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANY
SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND,
REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE),
STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR
ANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Copyright
Copyright 1997-2008 Allot Communications. All rights reserved. No part of this document may be reproduced,
photocopied, stored on a retrieval system, transmitted, or translated into any other language without a written permission and
specific authorization from Allot Communications Ltd.

Trademarks
Products and corporate names appearing in this manual may or may not be registered trademarks or copyrights of their
respective companies, and are used only for identification or explanation and to the owners' benefit, without intent to infringe.
Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd.
NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment
is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be
required to correct the interference at his own expense.
Changes or modifications not expressly approved by Allot Communication Ltd. could void the user's authority to operate the
equipment.

iv

AC-400 Series Hardware Guide

P rinting His tory


First Edition: July, 2006
Second Edition: May, 2007
Third Edition: April, 2008

AC-400 Series Hardware Guide

Important Notice ...........................................................................................................................iv


Printing History .............................................................................................................................. v

CHAPTER 1: AC-400 SERIES HARDWARE ........................................................... 1-1


AC-400 Series Packing List ....................................................................................................... 1-2
AC-400 Series Front Panel ........................................................................................................ 1-3
AC-402 Front Panel .................................................................................................................. 1-3
AC-404 Front Panel .................................................................................................................. 1-5
AC-400 Series LCD Panel ........................................................................................................ 1-7
Management Port...................................................................................................................... 1-7
AC-404 Interfaces..................................................................................................................... 1-7
AC-400 Series Rear Panel.......................................................................................................... 1-8
Rack Mounting the Unit ............................................................................................................ 1-9
Connection to Supply Circuit ................................................................................................... 1-9
Ambient Temperature ............................................................................................................... 1-9
Airflow ..................................................................................................................................... 1-9
Reliable Grounding................................................................................................................... 1-9
Preparing the NetEnforcer for Rack Installation .................................................................... 1-10
Rack Mechanical Loading ...................................................................................................... 1-10
AC-400 Series Powering Up .................................................................................................... 1-11
Connection to AC Power ........................................................................................................ 1-11
Powering Up Via LCD Panel ................................................................................................. 1-11

CHAPTER 2: NETWORK PLACEMENT ................................................................. 2-1


Connecting the NetEnforcer to the Network ............................................................................ 2-1

CHAPTER 3: SETTING UP THE NETENFORCER................................................ 3-1


Configuring Via a Terminal or Telnet ...................................................................................... 3-1
Configuring Via the LCD Panel ............................................................................................. 3-12

CHAPTER 4: REDUNDANCY .................................................................................... 4-1


Enabling Redundancy ................................................................................................................ 4-1
Parallel Redundancy .................................................................................................................. 4-9

AC-400 Series Hardware Guide

ii
i

Status Indicators in Parallel Redundancy Mode ..................................................................... 4-11


Secondary NetEnforcer Activation ......................................................................................... 4-12
Parallel Redundancy Connection ............................................................................................ 4-13
Active Redundancy ................................................................................................................... 4-18
Failover ................................................................................................................................... 4-18
Policy Configuration ............................................................................................................... 4-18
Connecting the NetEnforcer in Active Redundancy ............................................................... 4-19

CHAPTER 5: HARDWARE SPECIFICATIONS ..................................................... 5-1


Standards, Compliance and Certifications ................................................................................ 5-2

CHAPTER 6: FIREWALL PORT REFERENCE ..................................................... 6-1


Basic Management ...................................................................................................................... 6-1
NetXplorer................................................................................................................................... 6-2

CHAPTER 7: QUIPEMENT DE SRIE AC-400 ................................................... 7-1


Mises en garde dordre gnral ................................................................................................. 7-1
Remarques dordre gnral ....................................................................................................... 7-3
Spcifications matrielles ........................................................................................................... 7-4
Dimensions ............................................................................................................................... 7-4
Spcifications requises ................................................................................................................ 7-4
Alimentation ............................................................................................................................. 7-4
Conditions ambiantes ................................................................................................................ 7-4
Consommation dnergie .......................................................................................................... 7-5
Dissipation de chaleur ............................................................................................................... 7-5

iv

AC-400 Series Hardware Guide

TABLE OF FIGURES
Figure 1-1 NetEnforcer Front Panel: AC-402 ........................................................................... 1-3
Figure 1-2 NetEnforcer Front Panel: AC-404 ........................................................................... 1-5
Figure 1-3 NetEnforcer LCD Panel: AC-400 Series ................................................................. 1-7
Figure 1-4 NetEnforcer Rear Panel: AC-400 Series ................................................................. 1-8
Figure 2-1 LAN and WAN Placement of NetEnforcer ............................................................. 2-1
Figure 3-1 NetEnforcer Setup Menu ......................................................................................... 3-2
Figure 3-2 Current Configuration (1) ........................................................................................ 3-4
Figure 3-3 Current Configuration (2) ........................................................................................ 3-5
Figure 3-4 Network Configuration ............................................................................................ 3-6
Figure 3-5 Password .................................................................................................................. 3-9
Figure 3-6 Time Setup............................................................................................................. 3-10
Figure 4-1 NIC Tab AC4802 NetXplorer Configuration ....................................................... 4-3
Figure 4-2 Networking Tab AC-402 NetXplorer Configuration ........................................... 4-4
Figure 4-3 NIC Tab AC-404 NetXplorer Configuration........................................................ 4-7
Figure 4-4 Networking Tab AC-404 NetXplorer Configuration ........................................... 4-8
Figure 4-5 Connecting Two NetEnforcers in Parallel Redundancy ........................................ 4-10
Figure 4-6 - DIP Switch Location: AC-400 Series .................................................................... 4-14
Figure 4-7 DIP Switch Configuration for Parallel Redundancy ............................................. 4-17
Figure 4-8 Active Redundancy AC-404 ............................................................................... 4-19

AC-400 Series Hardware Guide

C hapter 1: AC -400 S eries Hardware


The Allot NetEnforcer AC-400 Series enables the definition and classification of traffic
by users, applications and resources. Several NetEnforcer AC-400 models are available
to support large and small sites and different data network speeds.
The AC-400 Series platform is 1.75" high (one rack unit).
Several NetEnforcer AC-400 models are available to support large and small sites and
different data network speeds.
Each model type has a different number of ports to accommodate different
requirements:

AC-402: Two Ports, 1 Line

AC-404: Four Ports, 2 Lines

All NetEnforcer AC-400 series units support

96,000 connections (192,000 flows)

1,024 Pipes

4,096 Virtual Channels

Allot basic management software is included with all AC-402 devices while AC-404
devices are shipped with NetXplorer Centralized Management Software. AC-402 units
can be upgraded to NetXplorer Centralized Management software, replacing the basic
management.
The NetEnforcer AC-402 is a general-purpose device with one line (two port)
connectivity for small enterprises. The device is available with AC power supplies and
copper interfaces. The AC-402 may be ordered with an upgradable throughput of 2
Mbps, 10 Mbps, 45 Mbps or 100 Mbps.

AC-400 Series Hardware Guide

1-1

Chapter 1: AC-400 Series Hardware

The NetEnforcer AC-404 is intended to be used in medium sized enterprise networks


that require the ability to handle dual network segments. The AC-404 has two line (four
port) connectivity. The device is available with AC power supplies and with copper
interfaces. The AC-404 may be ordered with an upgradable throughput of 2 Mbps, 10
Mbps, 45 Mbps or 100 Mbps.
The NetEnforcer AC-400 Series offers redundant critical components for fail-safe
operation. Redundant hardware components on the AC-400 Series include redundant
fans and dual hot-swappable power supplies.

A C -400 S eries P ac king L is t


Verify that the following items are included with the NetEnforcer:

NetEnforcer (hardware with pre-installed software)

NetEnforcer Documentation

1 Power Cable

1 Cross Ethernet Cables

1 Serial Console Cable

2 19" Side Mounting Brackets

All NetEnforcer models contain a lithium battery on the main board.

1-2

C AUT ION

Danger of explos ion if battery is inc orrec tly replac ed. R eplac e only
with the s ame or equivalent type rec ommended by the manufac turer.
Dis pos e of us ed batteries ac c ording to the manufac turers
ins truc tions .

NOT E

The maximum Ethernet cable length is generally up to 50 meters.

AC-400 Series Hardware Guide

Chapter 1: AC-400 Series Hardware

A C -400 S eries F ront P anel


The NetEnforcer AC-400 Series connects to your network via connectors located on the
front panel. The LCD panel, connectors and LED indicators on the front panel for each
model, are shown following.

AC -402 F ront P anel

Figure 1-1 NetEnforcer Front Panel: AC-402


The front panel of the AC-402 contains nine LEDs. Two LEDs are positioned on each
of the External, Internal and Management network connectors. The remaining three
LEDs are the Standby, Active and Power indicators.
The modes of operation of the External, Internal and Management indicators are
described in the table below.
Indicator

Status

NetEnforcer Status

Green

On

A valid link is detected (either 10 or 100Mbps).

Off

No valid link.

On

Blinks when traffic (activity) is detected on the interface.

Off

No traffic (activity) is detected on the interface.

Orange

Table 1-1 External/Internal/Management LED Conditions: AC-402

AC-400 Series Hardware Guide

1-3

Chapter 1: AC-400 Series Hardware

The modes of operation of the Standby, Active and Power indicators are described in
the table below.
Indicator

Status

NetEnforcer Status

Standby

On

Two NetEnforcers are connected in Redundancy mode


and this NetEnforcer is the secondary system.

Off

If you have one NetEnforcer, this should be the normal


state of the LED. If you have two NetEnforcers
configured in Redundancy mode, this NetEnforcer is not
in standby.

On

NetEnforcer is in Active mode.

Off

NetEnforcer is in Bypass mode. Traffic passes through


NetEnforcer with no Quality of Service or traffic
shaping. If you have two NetEnforcers configured in
Redundancy mode, this is the secondary NetEnforcer in a
Parallel Redundancy configuration and it is not active (In
the other NetEnforcer this LED should be on).

On

NetEnforcer is powered up.

Off

NetEnforcer is shut down.

Active

Power

Table 1-2 Standby/Active/Power LED Conditions: AC-402

1-4

AC-400 Series Hardware Guide

Chapter 1: AC-400 Series Hardware

AC -404 F ront P anel


Console Port

Management
Port

Line 2
Internal/External
Ports

Line 1
Internal/External
Ports

LCD Panel

Figure 1-2 NetEnforcer Front Panel: AC-404


The front panel of the AC-404 contains thirteen LEDs. Two LEDs are positioned on
each of the External, Internal and Management network connectors. The remaining
three LEDs are the Standby, Active and Power indicators.
The modes of operation of the External, Internal and Management indicators are
described in the table below.

Indicator

Status

NetEnforcer Status

Green

On

A valid link is detected (either 10 or 100Mbps).

Off

No valid link.

AC-400 Series Hardware Guide

1-5

Chapter 1: AC-400 Series Hardware

Indicator

Status

NetEnforcer Status

Orange

On

Line 1: Blinks when traffic (activity) is transmitted on the


interface.
Line 2: Blinks when traffic (activity) is transmitted or
received on the interface.

Off

No traffic (activity) is detected on the interface.

External/Internal/Management LED Conditions: AC-404


The modes of operation of the Standby, Active and Power indicators are described in
the table below.
Indicator

Status

NetEnforcer Status

Standby

On

Two NetEnforcers are connected in Parallel Redundancy


mode and this NetEnforcer is the secondary system.

Off

If you have one NetEnforcer, this should be the normal


state of the LED. If you have two NetEnforcers
configured in Parallel Redundancy mode, this
NetEnforcer is not in standby.

On

NetEnforcer is in Active mode.

Off

NetEnforcer is in Bypass mode. Traffic passes through


NetEnforcer with no Quality of Service or traffic
shaping. If you have two NetEnforcers configured in
Parallel Redundancy mode, this is the secondary
NetEnforcer in the configuration and it is not active (In
the other NetEnforcer this LED should be on).

On

NetEnforcer is powered up.

Off

NetEnforcer is shut down.

Active

Power

Standby/Active/Power LED Conditions: AC-404

1-6

AC-400 Series Hardware Guide

Chapter 1: AC-400 Series Hardware

AC -400 S eries L C D P anel


The LCD panel provides an indication of traffic usage and enables the system to be
configured directly without connecting a terminal.
Standby Indicator

Up Arrow

Active Indicator

Right Arrow

Down Arrow

Power Indicator
On/Off

Select

Enter

Display Area

Left Arrow

Figure 1-3 NetEnforcer LCD Panel: AC-400 Series

Management P ort
The dedicated Management port on all NetEnforcer models enables out-of-band
management of the device. Operating through the Management port increases security
by denying access to the device via the Internal or External ports. Moreover, when there
is a problem in the regular network it is still possible to manage and monitor the
NetEnforcer.

AC -404 Interfac es
All interfaces function as terminal interfaces (DTE) and as such need to be connected to
DCE with a straight cable. The following should be noted.

When connecting the AC-404 to devices that function as DCE (e.g. switch port,
hub etc.) via 10BaseT or 100BaseT, a straight CAT-5 cable should be used.

When connecting the AC-404 to devices that function as DTE (e.g. router) via
10BaseT or 100BaseT, a crossed CAT-5 cable should be used.

AC-400 Series Hardware Guide

1-7

Chapter 1: AC-400 Series Hardware

A C -400 S eries R ear P anel


The rear panel of the NetEnforcer AC-400 Series contains the following:

Power Switch

Power Cable Connector

Backup (37-pin D-type) Connector

Ground Connector

Serial Port (for future use)

Power Switch

Power Cable
Connector and
Fuse

Backup
Connector

Serial
Connector

Grounding
Screw

Figure 1-4 NetEnforcer Rear Panel: AC-400 Series

1-8

C AUT ION

T he power s upply unit inc ludes an internal fus e. O nly Allot S ervic e
pers onnel are authorized to replac e it.

NOT E

The power supply automatically adapts to voltages between 100V and


240V.

AC-400 Series Hardware Guide

Chapter 1: AC-400 Series Hardware

R ac k Mounting the Unit


The NetEnforcer may be mounted in an open or closed standard 19-inch (48.26 mm)
rack using the rack-mount bracket kit. This appendix describes how to prepare the
device and rack for installation and how to mount the device in the rack.

C onnec tion to S upply C irc uit


The electrical power cords are intended to serve to disconnect the device. The user can
power down the device only by removing the two electrical power cords form the power
source or the device itself.
C AUT ION

Make s ure the wall s oc ket outlet is ins talled near the equipment and
that the s oc ket is eas y to ac c es s . It is rec ommended that the wall
power outlet be c onnec ted to the building ins tallation protec tion.
W hen c onnec ting a NetE nforc er to 120 V AC s upply, plug into 15 A
s ervic e rec eptac les , type N5/15 or NE MA 5-15R .

Ambient T emperature
The device has a maximum operation ambient of 104 F (40 C). The ambient
temperatures around the rack should not exceed this temperature.

Airflow
To ensure proper cooling, airflow should be unrestricted within or around the rack.
Keep the area four to six inches behind the enclosure unobstructed. Make sure that there
is proper airflow around all of the NetEnforcer's vent openings.

R eliable G rounding

AC-400 Series Hardware Guide

1-9

Chapter 1: AC-400 Series Hardware

Make sure that each installation site has a suitable ground connection. Please connect
ground to all the metal racks, enclosures, boxes and raceways. The NetEnforcer
equipment should be reliably grounded through the power supply cord.

P reparing the NetE nforc er for R ac k


Ins tallation
Attach the mounting brackets of the device included in the NetEnforcer accessory kit to
both sides of the device using all eight Phillips pan-head screws included in the
NetEnforcer accessory kit. Insert the screws into the holes on both sides of the device.

R ac k Mec hanic al L oading


When mounting the device in the rack, ensure that a hazardous condition does not result
due to uneven mechanical loading.

1-10

AC-400 Series Hardware Guide

Chapter 1: AC-400 Series Hardware

A C -400 S eries P owering Up


C onnec tion to AC P ower
The power supply cord is intended to serve as the disconnect device. The user can
power down the device only by removing the power cord from the power source or the
device itself.
Make sure the wall socket outlet is installed near the equipment and that the socket is
easy to access. It is recommended that the wall socket outlet be connected to the
building installation protection.
When connecting NetEnforcer to 120 / 240 VAC supply, plug into 10 A service
receptacles, type N5/10 or NEMA 5-10R. Ensure that each site has a suitable ground.
Ground all metal racks, enclosures, boxes and raceways. The NetEnforcer equipment
should be reliably grounded through the power supply cord.

P owering Up V ia L C D P anel
Connect the NetEnforcer to an AC power source and put the Power switch (located on
the rear panel) to On. The Power indicator on the LCD panel is lit.
The display area of the LCD panel indicates the following: Power On.
After a few seconds, the display area of the LCD panel indicates the following:
System Loading *.
Once the system has completed loading, the following occurs:

The Active LED on the LCD panel is lit, meaning that NetEnforcer is now
connected to the network and it is ready.

The display area of the LCD panel indicates the default view - the current
bandwidth consumption. For example:
Inbound: XXX.X
Outbound: YYY.Y

AC-400 Series Hardware Guide

1-11

Chapter 1: AC-400 Series Hardware

You can now proceed to configure the NetEnforcer, as required.

1-12

AC-400 Series Hardware Guide

C hapter 2: Network P lac ement


The NetEnforcer is normally placed on the internal side of your access router. The
Internal port of the NetEnforcer interfaces with your Local Area Network (LAN) and
the External port of the NetEnforcer interfaces with your access router. Refer to Figure
2-1 to see the NetEnforcers placement in a network.

C onnec ting the NetE nforc er to the Network


When connecting the NetEnforcer to the network, use the proper cable.

Figure 2-1 LAN and WAN Placement of NetEnforcer

AC-400 Series Hardware Guide

2-1

Chapter 2: Network Placement

NetEnforcer is capable of operating parallel to another NetEnforcer to provide Parallel


Redundancy.
T o c onnec t the NetE nforc er to your network:
1. Connect the LAN side of your network to the Internal connector on the front panel
of NetEnforcer.
2. Connect the Ethernet cable connected to the WAN side of your network to the
External connector on the front panel of NetEnforcer.
3. Connect the power cable and power up NetEnforcer.
When connecting two NetEnforcers in Redundancy mode, use the special 37-pin cable
supplied.
NOT E

2-2

After you connect the cables (and the Active LED is on), the Internal and
External Link LEDs on the front panel are on. When traffic is passing
through the interface, the Activity LEDs blink.

AC-400 Series Hardware Guide

C hapter 3: S etting Up the NetE nforc er


In order to manage and configure NetEnforcer policies remotely from your Web
browser, several basic parameters must be configured on NetEnforcer. You can
configure these basic parameters using a terminal connected to NetEnforcer or by using
the LCD panel.

C onfiguring V ia a T erminal or T elnet


You can use a standard terminal /PC running terminal emulation software connected to
the Console port, or Telnet via the internet to configure a NetEnforcer. If you choose to
connect via the Console port, most standard windows-based PC systems have a terminal
emulation program called HyperTerminal that can be used for this purpose. Configure
the terminal to run VT100 terminal emulation with the following parameters:

Baud rate 19200

8 bits

Stop bits 1

No flow control

No parity

AC-400 Series Hardware Guide

3-1

Chapter 3: Setting Up the NetEnforcer

T o c onnec t a terminal to the NetE nforc er:


1. Use the supplied serial cable to connect the terminal to the Console Connector on the

front panel of the NetEnforcer.


2. Connect the power cable and power up NetEnforcer, as described in Powering Up,

page 1-9.
3. At the terminal, select Start > Programs > Accessories and double-click on the

HyperTerminal icon. Enter a name for the session and then to set the com port and
the parameters (see above). The system boots up and you are prompted for a login
and a password.
4. Enter admin for the login and allot for the password. (To change the password, see

page 3-9.)
5. Press <Enter>. The NetEnforcer Setup Menu is displayed:

Figure 3-1 NetEnforcer Setup Menu

3-2

AC-400 Series Hardware Guide

Chapter 3: Setting Up the NetEnforcer

T o c onnec t to a NetE nforc er via T elnet:


1. Open a Microsoft DOS window on a PC and at the C:\ prompt, enter Telnet

(IP address of NetEnforcer). Press <Enter>. The system boots up and you are
prompted for a login and a password.
2. Enter admin for the login and allot for the password. (To change the password, see

page 3-9.)
Press <Enter>. The NetEnforcer Setup Menu is displayed:

NetE nforc er S tart Menu


From this menu, you can perform the following tasks:

Display the current configuration, page 3-4.


Configure network parameters, page 3-6.
Change the login password, page 3-9.
Modify the date and time settings, page 3-10.

When all necessary parameters are set, NetEnforcer prompts you to reboot. After
rebooting is completed, NetEnforcer is ready to be connected and to add Quality of
Service in your network.

AC-400 Series Hardware Guide

3-3

Chapter 3: Setting Up the NetEnforcer

Dis playing the C urrent C onfiguration


You can display and view the currently set network configuration parameters at any
time.
T o dis play the c urrent c onfiguration:
1. In the NetEnforcer Setup Menu, enter 1 (List current configuration) and press

<Enter>. The current network configuration parameters are displayed. A sample


screen is shown below:

Figure 3-2 Current Configuration (1)

3-4

AC-400 Series Hardware Guide

Chapter 3: Setting Up the NetEnforcer

2. Press <Enter> to show the second screen of parameters:

Figure 3-3 Current Configuration (2)


3. Press <Enter> to return to the NetEnforcer Setup Menu.

AC-400 Series Hardware Guide

3-5

Chapter 3: Setting Up the NetEnforcer

C onfiguring Network P arameters


You can define network parameters manually.
T o define network parameters manually:
1. In the NetEnforcer Setup Menu, enter 2 (Network configuration) and press <Enter>.

The Network Configuration menu is displayed:

Figure 3-4 Network Configuration


2. Enter 2 (Manual configuration) and press <Enter>.

3-6

AC-400 Series Hardware Guide

Chapter 3: Setting Up the NetEnforcer

3. Enter values for the following IP parameters:

Device IP Address

The IP address for your NetEnforcer, for example,


10.1.18.7.

Network mask

The network mask for your NetEnforcer, for


example, 255.0.0.0.

Device Hostname

The host name for your NetEnforcer, for example,


Jonny2.

Domain name

A domain name for your NetEnforcer, for example,


allot.com. Do not provide a leading ..

Default gateway IP address The IP address of your default gateway, for


example, 10.0.02. If you do not have a default
gateway, enter NONE.
Default gateway interface

If you entered a default gateway in the previous


step, the NetEnforcer interface to which it is
connected, either 0 for Internal or 1 for External.

Primary name server IP


address

If you have a Domain Name Server (DNS), its IP


address. If you do not have a DNS, enter none.

Secondary name server IP


address

If you have a second DNS, its IP address. If you do


not have a second DNS, enter none.

Enable VLAN
Environment.

Enables/disables the VLAN environment.

AC-400 Series Hardware Guide

3-7

Chapter 3: Setting Up the NetEnforcer

The Ethernet Adapter Settings screen is displayed.


4. Enter the following parameters to set up the NetEnforcer Ethernet adapters:

The duplex type for the Internal interface. Enter full for full duplex, half for half
duplex or auto for AutoSensing.
If you selected full or half duplex, enter the link speed of the Internal interface,
10M or 100M. Use M for Mbps.
The duplex type for the External interface. Enter full for full duplex, half for half
duplex or auto for AutoSensing.
If you selected full or half duplex, enter the link speed of the External interface,
10M or 100M. Use M for Mbps.

5. Enter the following parameters to set up the Management Port:

NOT E

The duplex type for the Internal interface. Enter full for full duplex, half for half
duplex or auto for AutoSensing.
If you selected full or half duplex, enter the link speed of the Internal interface,
10M or 100M. Use M for Mbps.
The duplex type for the External interface. Enter full for full duplex, half for half
duplex or auto for AutoSensing.
If you selected full or half duplex, enter the link speed of the External interface,
10M or 100M. Use M for Mbps.
If the NetE nforc er unit is being managed via NetXplorer, only the
Management P ort c an be c onfigured on the E thernet Adapter
S ettings s c reen.

6. Press <Enter> to finish and return to the Network Configuration menu.


7. To save your configuration, enter 3 (Save latest settings as current configuration)

from the Network Configuration menu. A message is displayed, asking whether you
wish to make your changes effective immediately. Enter y or n.

3-8

AC-400 Series Hardware Guide

Chapter 3: Setting Up the NetEnforcer

C hanging the P as s words


You can change the login password for either the Admin user or the Monitor user. The
Admin user has access to all NetEnforcer functions, while the Monitor user has
read-only access. It is strongly recommended to change the default password (allot).
NetEnforcer might enable access from anywhere on the Internet, and should therefore
be protected with a unique password.
T o c hange the us ers pas s word:
1. In the NetEnforcer Setup Menu, enter 3 (Change password) and press <Enter>. The

Password screen is displayed:

Figure 3-5 Password


2. Enter 1 or 2 to specify the type of user whose password you want to change and
press <Enter>.
3. Enter a new password and press <Enter>. The password must be between 5 and 8
characters. You can use a combination of upper and lower case letters and numbers.
4. Re-enter the password and press <Enter>. If NetEnforcer detects a simple password,
a warning is displayed on the screen.
NOT E

The new user name and password will be used in the NetEnforcer Log In
window when accessing NetEnforcer through a browser.

AC-400 Series Hardware Guide

3-9

Chapter 3: Setting Up the NetEnforcer

Modifying Date and T ime S ettings


You can modify date and time settings as required. You can set the system time
manually, or you can set up NetEnforcer to receive time checks from an NTP (Network
Time Protocol) server, if you have one on your network.
T o modify the date and time s ettings :
1. In the NetEnforcer Setup Menu, enter 4 (Set time) and press <Enter>. The Time

Setup screen is displayed:

Figure 3-6 Time Setup


The current day, date, system time and time zone are displayed at the top of the
screen.

3-10

AC-400 Series Hardware Guide

Chapter 3: Setting Up the NetEnforcer

2. To change the time zone, perform the following steps:

Enter 1 and press <Enter>.


Enter y and press <Enter>. NetEnforcer displays a list of time zones.
Enter the required time zone and press <Enter>.

3. To change the system time, perform the following steps:

Enter 2 and press <Enter>.


Enter the new date and time in the format DD-MM-YYY -HH-mm. For example,
12-05-2001-11-20 for 12th May 2001, 11:20 am.
Press <Enter> to set the time.

C hanging the R oot Us er P as s word


You can change the root password that provides access to super-user rights.
T o c hange the root pas s word:
1. Use the supplied serial cable to connect the terminal to the Console Connector on the

front panel of NetEnforcer.


2. Set the NetEnforcer power switch, located near the NetEnforcer power cable, to the

ON position. The system boots up and on the terminal you are prompted for a login
and a password.
3. At the terminal, press <Enter>. The system boots up and you are prompted for a

login and a password.


4. Enter root for the login and bagabu for the password, and then press <Enter>.
5. Enter passwd and then press <Enter>.

AC-400 Series Hardware Guide

3-11

Chapter 3: Setting Up the NetEnforcer

6. Enter a new password and press <Enter>. The password must be between 5 and 8

characters. You can use a combination of upper and lower case letters and numbers.
7. Re-enter the new password and press <Enter>.

When all necessary parameters are set, NetEnforcer prompts you to reboot. After
rebooting is completed, NetEnforcer is ready to be connected and to add Quality of
Service in your network.
T IP

Y ou c an further protec t ac c es s to the NetE nforc er by limiting the


hos ts that are allowed to manage the unit.

C onfiguring V ia the L C D P anel


All NetEnforcer models provide an LCD panel from which you can configure basic
NetEnforcer parameters without connecting a terminal. This enables quick and easy
setting of basic parameters such as the IP address of NetEnforcer and NIC settings.
When not being used to configure the NetEnforcer, the display area in the LCD panel
displays its default view, which is the current inbound and outbound bandwidth usage.
The units are in Kbps or Mbps with one digit after the point and the display is refreshed
every five seconds.
NOT E

W hen you are c onfiguring NetE nforc er and there is no ac tivity for
more than 30 s ec onds , the dis play area returns to the default view
and any modific ations to parameters that were not s aved are los t.

T he Main Menu
The LCD panel provides one main menu from where you can perform the following
operations:

3-12

AC-400 Series Hardware Guide

Chapter 3: Setting Up the NetEnforcer

Configure NIC settings, page 3-13.

Set the NetEnforcer IP address, page 3-14.

Activate Bypass, page 3-16.

Reboot, shutdown or exit NetEnforcer, page 3-17.

G etting S tarted on NetE nforc er


In order to start working with NetEnforcer, press the Power button to turn on
NetEnforcer. Once the system has completed loading, the display area of the LCD
indicates its default view, the current bandwidth consumption of NetEnforcer. For
example:
Inbound: XX.XM
Outbound: YYY.YM
You can now proceed to configure NetEnforcer, as required.
NOT E

If QoS func tionality is not inc luded in your NetE nforc er (not enabled
by your ac tivation key), the default view indic ates the following:

Inbound:Outbound:-.

C onfiguring NIC S ettings


Configuring NIC settings enables you to configure the internal and external Ethernet
adapters to either automatically sense the direction and speed of network traffic, or use a
predetermined duplex type and speed.
NOT E

If the NetE nforc er unit is being managed via NetXplorer, only the
Management P ort c an be c onfigured via the L C D.

T o c onfigure NIC s ettings :


1. With the display area displaying the default view, press the Select button. The main

menu is displayed as follows:


Main menu:
1. NIC Settings

AC-400 Series Hardware Guide

3-13

Chapter 3: Setting Up the NetEnforcer

2. Press the Select button. If the Management port is enabled, the display area indicates

the following:
1-1.[M]anagement
[In]/[Ex]ternal
NOT E

If the Management port is dis abled, the dis play area indic ates the
following:

1-1.Interface
[In]/[Ex]ternal.
3. Use the arrow buttons to select the required interface and press the Enter button.

The display area indicates the following:


Mode: [A]uto or
[F]ull/[H]alf du
4. Use the arrow buttons to select the duplex type for the selected interface and press

the Enter button. The display area indicates the following:


Speed: [A]uto or
[100]/[10] Mbps
5. Use the arrow buttons to select the link speed of the selected interface and press the

Enter button. The display area indicates the following:


[S]ave/[C]ancel
6. Use the arrow buttons to select whether to save the settings or cancel and press the

Enter button. The new NIC settings are applied and after a few moments, the
display area displays its default view, the current bandwidth consumption.

S etting the NetE nforc er IP Addres s


Setting the NetEnforcer IP address enables you to specify the IP address, netmask and
default gateway for NetEnforcer.

3-14

AC-400 Series Hardware Guide

Chapter 3: Setting Up the NetEnforcer

T o c onfigure the IP addres s :


1. With the display area displaying the default view, press the Select button. The Main

menu is displayed.
2. Press the down arrow once to display the following:

Main menu:
2. Setup IP
3. Press the Select button. The display area indicates the following:

2-1.Set IP:
xxx.xxx.xxx.xxx (the current IP address definitions are displayed)
4. Specify the IP address of NetEnforcer. Use the up and down arrow buttons to select

the required number and the left and right arrow buttons to move between the digits.
5. Press the Enter button. The display area indicates the following:

2-2.Set mask:
xxx.xxx.xxx.xxx (the current netmask definitions are displayed)
6. Specify the netmask of NetEnforcer. Use the up and down arrow buttons to select

the required number and the left and right arrow buttons to move between the digits.
7. Press the Enter button. The display area indicates the following:

2-3 Gateway exists [Yes/No]


Select whether you have a gateway defined in your network. If you select N then you
will exit to the next step, skipping step 2-4. If you have a gateway select Y and
proceed:
2-4.Gateway:
xxx.xxx.xxx.xxx (the current gateway definitions are displayed)
8. Specify the IP address of the default gateway. Use the up and down arrow buttons to

select the required number and the left and right arrow buttons to move between the
digits.
9. Press the Enter button. The display area indicates the following:

[S]ave/[C]ancel

AC-400 Series Hardware Guide

3-15

Chapter 3: Setting Up the NetEnforcer

10. Use the arrow buttons to select whether to save the settings or cancel and press the

Enter button. The new IP and gateway settings are applied and after a few moments,
the display area displays its default view, the current bandwidth consumption.
The following cases of failure may be indicated:
Failure
Register NIC Settings
Netmask Save
Management NIC Save
Gateway Save

Display
Fail: NE IP save
Chk NE IP config
Fail: MASK save
Chk NE IP config
Fail: Mgmt save
Chk NE IP config
Fail: GW save
Chk NE IP config

Ac tivating B ypas s
T o s end the NetE nforcer into B ypas s :
1. With the display area displaying the default view, press the Select button. The Main

menu is displayed.
2. Press the down arrow three times to display the following:

Main menu:
4. Bypass
3. Press the Select button. If the system is not in Bypass mode, the display area

indicates the following:


Go into Bypass?
[Y]es/[N]o
4. Use the arrow buttons to select whether to enter Bypass mode and press the Enter

button. NetEnforcer switches to Bypass mode and after a few moments, the display
area displays its default view, the current bandwidth consumption.
NOT E

3-16

When the system is already in Bypass mode, you are prompted to select
whether to exit Bypass mode. Use the arrow buttons to select whether to
exit Bypass mode and press the Enter button.

AC-400 Series Hardware Guide

Chapter 3: Setting Up the NetEnforcer

R ebooting, S hutting Down and E xiting the NetE nforc er


You can reboot or shut down the NetEnforcer and exit from LCD configuration as
required.
T o reboot the NetE nforc er:
1. With the display area displaying the default view, press the Select button. The Main

menu is displayed.
2. Press the down arrow four times to display the following:

Main menu:
5. Reboot
3. Press the Select button. The display area indicates the following:

Reboot?
[Y]es/[N]o
4. Use the arrow buttons to select whether to reboot NetEnforcer and press the Enter

button. NetEnforcer reboots and the display area indicates the following:
System
Rebooting * (blinking asterisk)
NOT E

This message is also displayed in the display area when NetEnforcer is


rebooted using a terminal.

T o s hutdown the NetE nforc er:


1. With the display area displaying the default view, press the Select button. The Main

menu is displayed.
2. Press the down arrow five times to display the following:

Main menu:
6. Shutdown
3. Press the Select button. The display area indicates the following:

Shutdown?
[Y]es/[N]o

AC-400 Series Hardware Guide

3-17

Chapter 3: Setting Up the NetEnforcer

4. Use the arrow buttons to select whether to reboot NetEnforcer and press the Enter

button. NetEnforcer reboots and the display area indicates the following:
System
Shutting down * (blinking asterisk)
After a few seconds, the display area indicates that NetEnforcer may be powered off.
NOT E

This message is also displayed in the display area when NetEnforcer is


shutdown using a terminal.

T o return to L C D default view:


1. With the display area displaying the default view, press the Select button. The Main

menu is displayed.
2. Press the down arrow six times to display the following:

Main menu:
7. Exit
3. Press the Enter or the Select button. The display area displays its default view, the

current bandwidth consumption.

3-18

AC-400 Series Hardware Guide

C hapter 4: R edundanc y

E nabling R edundanc y
In order to implement redundancy, it is necessary to configure the network interfaces
and enable redundancy in each NetEnforcer involved.

C onfiguring the AC -402 via the NetE nforc er


NOT E

The AC-402 cannot support Active Redundancy.

1. Configure the Management Port interface via the LCD on the front panel of the
NetEnforcer.
2. Log into the NetEnforcer via the Management Port or Telnet (see page Error!
Bookmark not defined.).
3. Open a console connection to the NetEnforcer and use the following CLI
commands:
T o s et the interfac es :
go config nic

Options are:
o

internal1 MODE:SPEED

external1 MODE:SPEED

For example: go config nic internal1 full:100

AC-400 Series Hardware Guide

4-1

Chapter 4: Redundancy

T o s et redundanc y mode:
go config network -redund_mode

Options are:
o

parallel

serial

For example: go config network redund_mode parallel


T o toggle redundanc y:
go config network bypass_unit

Options are:
o

enable

disable

For example: go config network bypass_unit enable

4-2

AC-400 Series Hardware Guide

Chapter 4: Redundancy

C onfiguring the AC -402 via NetXplorer


1. Log into NetXplorer
2. Select the NetEnforcer you wish to configure in the Navigation Pane
3. Right-click the NetEnforcer and select Configuration from the drop

down menu.
OR
Click the Configuration button in the Toolbar.
4. Open the NIC tab and in the Action on Failure field, set INTERNAL1

and EXTERNAL1 to fail paired port.

Figure 4-1 NIC Tab AC4802 NetXplorer Configuration

AC-400 Series Hardware Guide

4-3

Chapter 4: Redundancy

5. Open the Networking tab and set the Redundancy Mode as required to

Parallel or Serial.
6. Select the Enable Bypass Unit checkbox.

Figure 4-2 Networking Tab AC-402 NetXplorer Configuration


7. Click Save. The system will reboot

After rebooting, you can view the changes from the Configuration tab.
For more information concerning NetEnforcer configuration via NetXplorer, see the
NetXplorer Operation Guide.

4-4

AC-400 Series Hardware Guide

Chapter 4: Redundancy

C onfiguring the AC -404 via the NetE nforc er


1. Configure the Management Port interface via the LCD on the front panel of
the NetEnforcer.
2. Log into the NetEnforcer via the Management Port or Telnet (see page 3-1).
3. Open a console connection to the NetEnforcer and use the following CLI
commands:
T o s et the interfac es :
go config nic

Options are:
o

internal1 MODE:SPEED

internal2 MODE:SPEED

external1 MODE:SPEED

external2 MODE:SPEED

For example: go config nic internal1 full:100


T o s et redundanc y mode:
go config network -redund_mode

Options are:
o

parallel

active

serial

AC-400 Series Hardware Guide

4-5

Chapter 4: Redundancy

For example: go config network redund_mode parallel


T o toggle redundanc y:
go config network bypass_unit

Options are:
o

enable

disable

For example: go config network bypass_unit enable

C onfiguring the AC -404 via NetXplorer


1.

Log into NetXplorer

2.

Select the NetEnforcer you wish to configure in the Navigation Pane

3.

Right-click the NetEnforcer and select Configuration from the drop


down menu.
OR
Click the Configuration button in the Toolbar.

4.

4-6

Open the NIC tab and in the Action on Failure field, set
INTERNAL1 and EXTERNAL1 to fail paired port.

AC-400 Series Hardware Guide

Chapter 4: Redundancy

Figure 4-3 NIC Tab AC-404 NetXplorer Configuration


5.

Set INTERNAL2 and EXTERNAL2 to No Action in the Action on


Failure field.

6.

Open the Networking tab and set the Redundancy Mode as required
to Parallel, Serial or Active.

7.

Select the Enable Bypass Unit checkbox.

AC-400 Series Hardware Guide

4-7

Chapter 4: Redundancy

Figure 4-4 Networking Tab AC-404 NetXplorer Configuration


8.

Click Save. The system will reboot

After rebooting, you can view the changes from the Configuration tab.
For more information concerning NetEnforcer configuration via NetXplorer, see the
NetXplorer Operation Guide.

4-8

AC-400 Series Hardware Guide

Chapter 4: Redundancy

P arallel R edundanc y
Failure of a network device can be catastrophic, causing network downtime and lost
business. The key to designing any mission-critical network is to recognize that these
failures can occur, and to design a network that can handle failures and still allow the
network to function. In order to do this, it is important to use the most reliable
equipment, with redundancy built in to all mission-critical equipment.
NetEnforcer can operate in parallel to provide Parallel Redundancy. Parallel
Redundancy requires two NetEnforcer systems and, where an external Bypass module
is used, a single Bypass module.
The Primary NetEnforcer handles the traffic and the Secondary NetEnforcer is designed
to be in Standby mode as long as the Primary NetEnforcer is active. Only if, for any
reason, the Primary NetEnforcer is not able to function properly does the Secondary
NetEnforcer become active.
Both NetEnforcers receive traffic from the internal network, but only the Primary
NetEnforcer is passing the traffic to the external network.
While the Primary NetEnforcer receives and handles traffic coming from the external
network, the Secondary External interface is disabled, since the system is in Standby
mode. If the Primary NetEnforcer should fail, the Secondary NetEnforcer automatically
takes control of the traffic, and enables its External interface.
In Parallel Redundancy mode, the Bypass mode is activated in the event that both the
Primary and Secondary NetEnforcers fail.

AC-400 Series Hardware Guide

4-9

Chapter 4: Redundancy

The following diagram shows how to connect two NetEnforcers in Parallel


Redundancy:

Figure 4-5 Connecting Two NetEnforcers in Parallel Redundancy

4-10

AC-400 Series Hardware Guide

Chapter 4: Redundancy

S tatus Indic ators in P arallel R edundanc y


Mode
When operating in Parallel Redundancy mode, two NetEnforcer units are connected.
During operation, the LED indicators on NetEnforcer give various readings. The LEDs
relevant to operations in Parallel Redundancy mode are the Standby, Active and Power
LEDs on the NetEnforcer LCD panel.
The modes of operation of the indicators are described in the following tables:
Standby
LED

Active
LED

Power
LED

Analysis

Primary
Unit

OFF

ON

ON

Primary NetEnforcer is in Active mode.

Secondary
Unit

ON

OFF

ON

Secondary NetEnforcer is in Standby


mode, ready to take over.

Primary
Unit

OFF

OFF

ON

Primary NetEnforcer fails or is now


booting.

Secondary
Unit

OFF

ON

ON

Secondary NetEnforcer took over and it


is in Active mode.

Primary
Unit

OFF

OFF

OFF

Primary NetEnforcer is powered OFF.

Secondary
Unit

OFF

ON

ON

Secondary NetEnforcer took over and it


is in Active mode.

Primary
Unit

OFF

ON

ON

Primary NetEnforcer is in Active mode.

Secondary
Unit

OFF

OFF

OFF

Secondary NetEnforcer is powered


OFF. The only Fail-safe mode available
now is Bypass.

AC-400 Series Hardware Guide

4-11

Chapter 4: Redundancy

Standby
LED

Active
LED

Power
LED

Analysis

Primary
Unit

OFF

OFF

ON

Primary NetEnforcer failed or not


completed booting.

Secondary
Unit

OFF

OFF

ON

Secondary NetEnforcer failed or not


completed booting. Bypass is activated
(in the primary unit and all traffic is
going through Bypass.

Table 4-1 LED Conditions: AC-400 Series, Parallel Redundancy Mode

S ec ondary NetE nforc er Ac tivation


When two NetEnforcers are connected in Parallel Redundancy mode, the Secondary
NetEnforcer will take control and become the active unit under the following
conditions:
Upon a Primary subsystem failure.
During booting of the Primary NetEnforcer platform. When booting is
completed, the Primary unit automatically takes control again.
Upon any Primary NetEnforcer power feed failure and power OFF condition.
Upon the Primary NetEnforcer Ethernet cable disconnecting from either the
Internal or External ports. After reconnecting the cable and rebooting, the
Primary NetEnforcer takes control again.
When the Bypass module is not connected properly to the NetEnforcer Backup
connector, even with all other connectors fully plugged.
NOT E

The NetEnforcer's Ethernet Adapter can detect Ethernet cable


disconnection. NetEnforcers in redundant configuration react to such
events by having the Primary NetEnforcer lose control until the next
machine reboot, and the Secondary NetEnforcer becoming the active unit.
If a cable is disconnected, it is recommended to reboot the Primary
NetEnforcer after reconnecting the cable.

4-12

AC-400 Series Hardware Guide

Chapter 4: Redundancy

P arallel R edundanc y C onnec tion


Before using NetEnforcers in Parallel Redundancy mode, make sure that the
configuration of both NetEnforcers is identical except for their DIP switch settings and
IP addresses, which must be unique for each unit. You can use the Save & Distribute
option to distribute the same QoS policy to both NetEnforcers.
C AUT ION

P leas e note that only a c ertified Allot C ommunic ations S ervic e


E ngineer is authorized to remove the NetE nforc er c over and c hange
the internal DIP s witc hes . If a non-authorized pers on removes the
c over from the NetE nforc er, its warranty bec omes void.

NOT E

You can distribute policy to other NetEnforcer s, only if they are of the
same model as the one from which you are distributing.

S etting Dip S witches


In order to access internal components of the NetEnforcer units, including the DIP
switches, the main cover must be removed.
C AUT ION

Only a c ertified Allot C ommunic ations S ervic e E ngineer is authorized


to remove the NetE nforc er c over and c hange the internal DIP
s witc hes . If a non-authorized pers on removes the c over from the
NetE nforc er, its warranty bec omes void.

In circumstances where you to need to remove the main cover, carefully follow the
instructions below.
T o remove the main c over:
1. Remove the fourteen screws (five on each side of the main cover and four at the

back) using a small Philips screwdriver.


2. Stand in a position where you are facing the back of the unit. With both hands, pull

the cover towards you, until approximately a third of the unit is exposed.

AC-400 Series Hardware Guide

4-13

Chapter 4: Redundancy

3. Remove the cover by lifting it from the overhanging rear section and then pull the

cover away from the main unit. This will expose the inside components of the
NetEnforcer.
Below is a schematic diagram of an opened Enhanced Platform unit, with an
enlargement of the DIP switches.

Figure 4-6 - DIP Switch Location: AC-400 Series

4-14

AC-400 Series Hardware Guide

Chapter 4: Redundancy

DIP S witc hes


The service panel contains eight DIP switches. Their functions are described below:
Switch No.

Function

ON = Forced Active (Factory Default = OFF)

For future use (Factory Default = OFF)

ON = Peer Bypass control (Factory Default = OFF)


For more information see Appendix B, Fail-Safe Operation,
Figure B-3

ON = Bypass connected, OFF = Bypass float (Factory Default = ON)

ON = Bypass connected, OFF = Bypass float (Factory Default = ON)

ON = Bypass connected, OFF = Bypass float (Factory Default = ON)

ON = Bypass connected, OFF = Bypass float (Factory Default = ON)

ON = Bypass connected, OFF = Bypass float (Factory Default = ON)

Table 4-1 DIP Switch Functions: Enhanced Platform


The unit is shipped with the factory defaults indicated above. This setup ensures the
normal operation of the Bypass switch (meaning that it is activated upon a failure), and
that the Active status is not forced. For normal device behavior, it is strongly
recommended not to change DIP switch factory settings.
After ensuring identical configuration, test each NetEnforcer (while connected to the
network as a single device) and verify that they are operating identically to one another.
1. Set the DIP Switches to Parallel Redundancy mode. See Figure 4-7.
2. Designate one of your NetEnforcers to be the default Primary, and connect the end

of the Backup cable marked Primary to the backup connector of the unit. Connect
the other end of the backup cable to the backup connector of the Secondary
NetEnforcer.

AC-400 Series Hardware Guide

4-15

Chapter 4: Redundancy

3. After booting ensure that the Active LED is ON and the Standby LED is OFF. On

the Secondary NetEnforcer, the Active LED is OFF and the Standby LED is ON.
C AUT ION

W hen two NetE nforc ers are c onnec ted in R edundanc y mode with a
s witc h on eac h interfac e, if the P rimary NetE nforc er fails and the
S ec ondary s ys tem takes c ontrol of traffic , the redundant unit may
take s ome time to ac tivate. T his is normal s witc h behavior. T he
s witc h will c ontinue to redirec t pac kets to the P rimary NetE nforc er,
ins tead of to the S ec ondary NetE nforc er.

NetEnforcer AC-400 Series models have the option of working in Parallel Redundancy,
where one system is in Float mode and the other is not. This enables one system to
cancel the other systems Bypass mode. When this feature is activated (DIP switch 6 is
set to ON), the active system cancels the Bypass mode of the other system, if it exists.
If the Primary NetEnforcer fails, the Secondary NetEnforcer becomes active and
cancels the Primary Bypass. If the Secondary NetEnforcer also fails, it releases its
control over of the primary NetEnforcer that will move to Bypass mode.
The recommended configuration as shown in Figure 4-7, is to set the Primary
NetEnforcer to Bypass mode (switches 1 to 5 are set to ON) and the Secondary
NetEnforcer to Float mode (switches 1 to 5 are set to OFF, and switch 6, Control Over,
is set to ON).

4-16

AC-400 Series Hardware Guide

Chapter 4: Redundancy

Primary

ON

Secondary
8
7
6
5
4
3
2
1

BYPASS

ON

8
7
6
5
4
3
2
1

CONTROL OVER
FLOAT

Figure 4-7 DIP Switch Configuration for Parallel Redundancy


If there is a problem with the Primary NetEnforcer, the box should be disconnected
from the network and the DIP switches on the Secondary NetEnforcer should be set to
standalone configuration.
C AUT ION

P leas e note that only a c ertified Allot C ommunic ations S ervic e


E ngineer is authorized to remove the NetE nforc er c over and c hange
the internal DIP s witc hes . If a non-authorized pers on removes the
c over from the NetE nforc er, its warranty bec omes void.

C AUT ION

In s tandalone mode, NetE nforc er DIP s witc hes s hould remain in the
fac tory default s ettings . T o have the NetE nforc er in s tandalone
mode, s witc hes 1 to 5 are s et to ON and s witc hes 6 to 8 are s et to
OF F .

AC-400 Series Hardware Guide

4-17

Chapter 4: Redundancy

A c tive R edundanc y
In the Active Redundancy configuration, each NetEnforcer AC-404 manages a single
link while duplicating the links traffic to the other NetEnforcer. Both NetEnforcers are
active. Each unit shapes the traffic of one link only, but the shaping algorithm considers
traffic of both links. Such configuration is recommended for network topologies where
both links are active in load-balancing mode.
NOT E

Active Redundancy is not available on AC-402 models.

F ailover
In the event that one of the links fails due to router, switch or line malfunction, the
network redundancy mechanism (for example, spanning tree) will ensure that traffic is
routed or switched via the other link and managed by the second NetEnforcer. Since
both NetEnforcers maintain a constant view of the two links, there will be no loss of
flow's state and other information required for correct shaping and application
classification. Note that the bypass function is not used in such configurations.

P olic y C onfiguration
In the Active Redundancy configuration, the two NetEnforcers should share the same
policy configuration.

4-18

AC-400 Series Hardware Guide

Chapter 4: Redundancy

C onnec ting the NetE nforc er in Ac tive


R edundanc y
Line 1 is used to pass actual traffic these interfaces will be used to connect the AC404s to the corresponding switches or routers.

Figure 4-8 Active Redundancy AC-404


Line 2 is used to duplicate traffic and pass it to the second NetEnforcer. Traffic that is
passed between NetEnforcers is not sent to adjacent network devices it is only used
for monitoring and classification purposes.

AC-400 Series Hardware Guide

4-19

C hapter 5: Hardware S pec ific ations


This chapter lists the hardware specifications for all NetEnforcer AC-400 Series
models.

Dimens ions
Standard 1U by 19-inch, rack mountable
Height

1.73 in (44 mm)

Width

17.32 in (440 mm)

Depth

11.73 in (298 mm)

Weight

12 lbs (5.5 kg)

P ower R equirements
Input Voltage

100 - 240 V

Frequency

47 - 63 Hz

Current

2A

Power consumption

70 W

Operating E nvironment
Temperature

32 F to 104 F (0 to 40 C)

Humidity

5% to 95% (non condensing)

Heat Dissipation

240 BTU/Hour

EMI

Residential, commercial and light industry.

AC-400 Series Hardware Guide

5-1

Chapter 5: Hardware Specifications

S tandards , C omplianc e and C ertific ations


All AC-400 models hold certificates for and comply with the standards listed below.

E MC
EMC Directive 89/336/EEC, article 7(1)
EN 55022:1998+A1(00) class A
EN 61000-3-2:1995_A1(98)+A2(98)
EN 61000-3-3:1995
EN 55024:1998+A1(01)
FCC 47 CFR part 15, subpart B, class A
ICES-003:1997, class A
VCCI:2002, class B
NEBS: GR-1089-Core*

S afety
IEC 60950:1999 with Japanese deviations
EN 60950:2000
NEBS: GR-1089-Core*

UL
1950 NetEnforcer UL File number: E206586
CAN/CSA C22.2 No.60950-00 * UL 60950, third edition

5-2

AC-400 Series Hardware Guide

Chapter 5: Hardware Specifications

E nvironmental
ETS 300 019-2-2 T 2.1
ETS 300 019-2-3 T 3.1
NEBS: GR-63-Core*
* NetEnforcer is designed to meet these standards.

AC-400 Series Hardware Guide

5-3

C hapter 6: F irewall P ort R eferenc e

B as ic Management
If your NetEnforcer using Basic Management is working behind a firewall, the
following ports must be opened on the firewall to enable access to the NetEnforcer
management functions:
Firewall Port

Gives Access To

TCP Port: 23

Telnet

TCP Port: 80

Web Server/GUI

TCP Port: 56000

Internal Accounting GUI


Access

TCP Port: 51000

Policy Editor GUI Access

TCP Port: 52000

Monitoring GUI Access

TCP Port: 53000

Alerts GUI Access

TCP Port: 53306

MySQL Access

TCP Port: 56000

External Accounting Data


Transfer Access

AC-400 Series Hardware Guide

6-1

Chapter 6: Firewall Port Reference

NetXplorer
In some networks, the NetEnforcer can be separated from the NetXplorer server by a
firewall for security reasons.
To enable the communication between the NetXplorer and NetEnforcers the following
ports in the Firewall should be opened:

6-2

TCP/80

HTTP

UDP/161

SNMP

UDP/162

SNMP Trap

UDP/123

NTP

TCP/123

NTP

AC-400 Series Hardware Guide

C hapter 7: quipement de s rie AC -400


Le NetEnforcer est une passerelle dapprentissage transparente certifie conforme la
norme IEEE 802.1, qui inclut un mcanisme interne de drivation en vue dassurer la
continuit du dbit de donnes en cas de problme matriel ou logiciel .
Les mises en garde et remarques suivantes doivent faire lobjet dune attention toute
particulire :

Mis es en garde dordre gnral


ALIMENTATION

Avant de retirer le couvercle, dconnecter le produit de


lalimentation secteur. Toute opration de rglage et dentretien
ralise au niveau du dispositif doit uniquement tre effectue par un
personnel qualifie, avec lappareil dconnect de sa source
dalimentation.

ALIMENTATION

Lunit dalimentation comprend un fusible interne .Son


remplacement doit uniquement tre effectu par un personnel
qualifi.

ALIMENTATION

Assurer vous quune sortie dalimentation secteur se trouve


proximit de lappareil et quelle soit facile daccs. Il est
recommand que la source dalimentation soit connecte une
installation de protection base dans le btiment.Afin de connecter
un NetEnforcer une alimentation de 120 VAC, connecter les
rceptacles de service de 15 A , puis composer N5/15 ou NEMA 515R.

AC-400 Series Hardware Guide

7-1

Chapter 7: quipement de srie AC-400

7-2

Redondance

Dans le cas dune connexion en mode redondant de deux dispositifs


NetEnforcers un commutateur sur chaque interface, lunit
redondante pourrait mettre un certain temps reprendre le contrle
du trafic si le dispositif primaire venait prsenter une dfaillance et
que le dispositif secondaire prenait le contrle du trafic. Il sagit-l
dun comportement tout fait normal de la part du commutateur,
qui continuera rediriger les paquets de donnes vers le distributeur
primaire, plutt que vers le dispositif NetEnforcer secondaire.

Batterie

Il y a danger dexplosion, si la batterie est remplace incorrectement.


Remplacer la uniquement par un mme type ou dun quivalent,
recommand par lindustrielle. Disposer de vos batteries uses en
vous rapportant aux instructions de lindustrielle.

AC-400 Series Hardware Guide

Chapter 7: quipement de srie AC-400

R emarques dordre gnral


Paramtrage

Il est dconseill de modifier les paramtres par dfaut du NetEnforcer ;


la modification des paramtres NIC seffectue uniquement par le biais du
panneau ACL.

Alimentation

Lalimentation c.a. sadapte automatiquement des tensions comprises


entre 100 et 240 V, une frquence de 50/60 Hz. Lalimentation c.c. quant
elle, sadapte automatiquement des tensions de 48 ou 60 V c.c.
Cet quipement est destin une utilisation dans un espace accs limit
et par un personnel dment qualifi. Pour viter tout choc lectrique, ne
raliser aucune opration autre que celles dcrites dans le feuillet
dinstructions de dballage.

Cbles
Ethernet en cuivre

laide des cbles Ethernet droits UTP CAT-6 fournis, raccorder les
connexions de lien portant les tiquettes Internal (Interne) et External
(Externe). La longueur maximale de ces cbles est gnralement de 50
mtres.

Commutateur DIP

Seul, un personnel qualifi du service dingnierie dAllot


Communications est autoris retirer le couvercle du NetEnforcer afin de
changer les commutateurs internes DIP. Si une personne non autorise
retire le couvercle du NetEnforcer, sa garantie est alors annule.

Circulation de lair

Afin dassurer un refroidissement convenable, la circulation de lair ne


doit pas tre restreinte lintrieur ou autour du rack. Prserver un
espace dgag, allant de 1 m 1.5 m entre le rack et lenclos. Assurez vous
quil y a une bonne circulation de lair, autour des ouvertures de
ventilations du NetEnforcer.

Mise la masse

Assurez vous que chaque site dinstallation possde une mise la masse
conforme. Veuillez connecter la masse tous rack mtallique, enclos et
boites. Le dispositif NetEnforcer devrait tre mis la masse, en tant reli
par le cordon dalimentation secteur.

Installation

Attacher les oreillettes montables fournis dans le kit daccessoires du


NetEnforcer, aux deux extrmits du dispositif en utilisant les huit vis,
galement fournis dans le kit daccessoires.

Rack

AC-400 Series Hardware Guide

7-3

Chapter 7: quipement de srie AC-400

S pc ific ations matrielles


Dimens ions
Conception 2U standard de 19 pouces, montable en rack
Hauteur 1.73 in (44 mm)
Largeur 17.32 in (440 mm)
Profondeur 11.73 in (298 mm)
Poids 12 lbs (5.5 kg)
REMARQUE Lunit de drivation en cuivre pse 1,75 kg (3.86 lbs) ; celle en fibre optique
pse 1,94 kg (4.28 lbs).

S pc ific ations requis es


Alimentation
Tension c.a. en entre

100 - 240 V

Frquence

50/60 Hz

Intensit

2 A rated/ 5A Fused

C onditions ambiantes

7-4

Temprature

0 40 C (32 104 F)

Humidit

5 95 % (sans condensation)

AC-400 Series Hardware Guide

Chapter 7: quipement de srie AC-400

C ons ommation dnergie


AC-402

70 W

Dis s ipation de c haleur


AC-402 240 BTU/Heure

AC-400 Series Hardware Guide

7-5