Nortel Secure Network Access Installation — Quick Start Switch 4070 NN47230-303 .
Nortel Secure Network Access Document status: Standard Document version: 01.01 Document date: 28 July 2008 Copyright © 2008, Nortel Networks All Rights Reserved. Sourced in Canada, the United States of America, and India LEGAL NOTICE While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS "WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Contents Regulatory Information and Safety Precautions 5 International Regulatory Statements of Conformity 5 National Electromagnetic Compliance (EMC) Statements of Compliance 5 FCC statement (USA only) 5 ICES statement (Canada only) 6 Canadian Department of Communications Radio Interference Regulations 6 Règlement sur le brouillage radioélectrique du ministère des Communications 6 CE marking statement (Europe only) 6 EN 55022 statement 6 EN 55024 statement 6 European Union and European Free Trade Asso
Contents Safety precautions 21 Safety precautions navigation Installation checklist 23 21 Installation 25 Navigation 25 Unpacking the device 25 Installing an NSNA device into a rack 26 Prerequisites for installing an NSNA into a rack Cabling the device 30 Cabling the device navigation 30 Connecting network cables 30 Connecting serial cables 30 Configuration Navigation 33 Creating a new cluster 33 Prerequisites 33 Joining an SNAS to an existing cluster 36 Enabling the browser-based interface 38 Applyi
Regulatory Information and Safety Precautions Read the information in this section to learn about regulatory conformities and compliances.
Regulatory Information and Safety Precautions ICES statement (Canada only) Canadian Department of Communications Radio Interference Regulations This digital apparatus (Nortel Secure Network Access Switch) does not exceed the Class A limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.
NOM statement (Mexico only) • EN 55024 (IEC 61000-4-2, -3, -4, -5, -6, -8, -11)–Electromagnetic Immunity • EN 61000-3-2 (IEC 610000-3-2)–Power Line Harmonics • EN 61000-3-3 (IEC 610000-3-3)–Power Line Flicker 7 VCCI statement (Japan/Nippon only) This is a Class A product based on the standard of the Voluntary Control Council for Interference (VCCI) for information technology equipment. If this equipment is used in a domestic environment, radio disturbance may arise.
Regulatory Information and Safety Precautions Exporter: Nortel Networks, 4655 Great America Parkway, Santa Clara, CA 95054 USA. Importer: Nortel Networks de México, S.A. de C.V. Avenida Insurgentes Sur #1605 Piso 30, Oficina Col. San Jose Insurgentes Deleg-Benito Juarez México D.F. 03900 Tel: Fax: 52 5 480 2100 52 5 480 2199 Input: Model SNAS 4070 AC Redundant Power Supply – 835W Input: 100-127 VAC 10.
Notices 9 National Environmental Statements of Compliance The WEEE Directive 2002/96/EC and RoHS (Restriction of Hazardous Substances) Directive 2002/95/EC sets collection, recycling and recovery targets for various categories of electrical products and their waste.
Regulatory Information and Safety Precautions CAUTION Caution notices provide information about how to avoid possible service disruption or damage to Nortel products. WARNING Warning notices provide information about how to avoid personal injury when working with Nortel products. DANGER Danger — High Voltage notices provide information about how to avoid a situation or condition that can cause serious personal injury or death from high voltage or electric shock.
Trademarks 11 CAUTION To reduce the risk of fire, use only number 26 AWG or larger UL Listed or CSA Certified Telecommunication Line Cord for all network connections. WARNING Before working on this equipment be aware of good safety practices and the hazards involved with electrical circuits. Trademarks *Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks. Adobe and Adobe Reader are trademarks of Adobe Systems Incorporated.
Regulatory Information and Safety Precautions Nortel Secure Network Access Installation — Quick Start Switch 4070 NN47230-303 01.01 Standard 2.0 28 July 2008 Copyright © 2008, Nortel Networks .
Software license This section contains the Nortel Networks software license. Nortel Networks software license agreement This Software License Agreement ("License Agreement") is between you, the end-user ("Customer") and Nortel Networks Corporation and its subsidiaries and affiliates ("Nortel Networks"). PLEASE READ THE FOLLOWING CAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT.
Software license as expressly authorized; b) reverse assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expressly authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneficiaries of this provision.
Nortel Networks software license agreement 15 documentation are governed by Nortel Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities). b. Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer fails to comply with the terms and conditions of this license.
Software license Nortel Secure Network Access Installation — Quick Start Switch 4070 NN47230-303 01.01 Standard 2.0 28 July 2008 Copyright © 2008, Nortel Networks .
New in this release The following sections detail what’s new in Nortel Secure Network Access Installation — Quick Start Switch 4070 (NN47230-303) for Release 2.0. • "Features" (page 17) • "Other changes" (page 17) Features This is the first standard release of the document. Other changes None. Nortel Secure Network Access Installation — Quick Start Switch 4070 NN47230-303 01.01 Standard 2.0 28 July 2008 Copyright © 2008, Nortel Networks .
New in this release Nortel Secure Network Access Installation — Quick Start Switch 4070 NN47230-303 01.01 Standard 2.0 28 July 2008 Copyright © 2008, Nortel Networks .
Introduction The Nortel Secure Network Access Switch (NSNA) 4070 Quick Start Guide provides basic instructions about installing the hardware and performing basic configuration and management of the network. The Nortel Secure Network Access Solution (Nortel SNAS) is a clientless solution that provides seamless, secure access to the corporate network from inside or outside the network.
Introduction Nortel Secure Network Access Installation — Quick Start Switch 4070 NN47230-303 01.01 Standard 2.0 28 July 2008 Copyright © 2008, Nortel Networks .
Installation preparation This section provides basic information about the Nortel Secure Network Access Switch (NSNA) 4070 and the checklist of the shipped accessories. Navigation • "Safety precautions" (page 21) • "Installation checklist" (page 23) Safety precautions This section describes the safety precautions, which are vital for handling and installation of the NSNA.
Installation preparation • To promote proper air circulation, ensure the device vents are not blocked or obstructed by cables, panels, server rack frames, or other materials. A minimum of 15 centimeters (6 inches) of space provides proper airflow. • To prevent damage to server components, always install a blank filler panel to cover the open space and ensure proper air circulation. • Install the device only in a server rack with perforated doors.
Installation checklist 23 Installation checklist This checklist represents the high-level tasks that must be performed to successfully install the Nortel Secure Network Access Switch. Device installation involves the following steps: Procedure steps Step Action 1 Choose a suitable location to install the device.
Installation preparation Nortel Secure Network Access Installation — Quick Start Switch 4070 NN47230-303 01.01 Standard 2.0 28 July 2008 Copyright © 2008, Nortel Networks .
Installation This chapter contains installation instructions for the Nortel Secure Network Access Switch (NSNA). Navigation • "Unpacking the device" (page 25) • "Installing an NSNA device into a rack" (page 26) • "Cabling the device" (page 30) Unpacking the device Unpack the shipping container to ensure the device and all accessories are included and undamaged. Procedure steps Step Action 1 Remove the equipment from the shipping container and place the device on antistatic material.
Installation Check Accessory Use to copper network interface card Connect the network cables. Console cable Establish a console connection to the device. —End— Installing an NSNA device into a rack Install an NSNA in a standard equipment rack. Prerequisites for installing an NSNA into a rack • Do not install the device in the network equipment racks The following procedure describes how to rack-mount the device. Observe all safety and precautionary warnings in this procedure.
Installing an NSNA device into a rack 2 27 Align the slide rail with the front mounting flange by aligning the score mark on the slide rail (1) with the score mark on the rail between the upper and lower U. Push outward on the slide rail latch to close to the latch and secure the slide rail. Do the same for the other front of the slide rail. Align the slide rail with the rear mounting flange and close the latches for the rear of the slide rail to secure it.
Installation 3 Extend the slide rails fully from the server rack until they lock. Align the tabs on the slide rails with the matching inserts on the device (1) and lower the server onto the slide rails. Ensure that each slide rail tab is inserted in the matching insert on the server and that the server is resting on the top edge of the slide rail. 4 Carefully slide the device along the slide rails approximately 2.54 centimeters (1 inch) toward the server rack to lock the device on the slide rails.
Installing an NSNA device into a rack 29 5 Lift the locking levers (1) on the slide rails and slide the device into the server rack until it extends approximately 10.16 centimeters (4 inches) from the rack. 6 Slide the device into the server rack cabinet until the release latches (1) lock into place. To slide the device out of the rack, press on the release latches.
Installation —End— ATTENTION To remove the device, reverse these instructions. Cabling the device This section describes about cabling the device for network and console connections. Cabling the device navigation • "Connecting network cables" (page 30) • "Connecting serial cables" (page 30) Connecting network cables The Nortel Secure Network Access Switch 4070 contains copper network interface card running at Intel Dual LAN 10/100/1000.
Cabling the device Procedure steps Step Action 1 Prepare either an ASCII terminal or a computer running terminal emulation software to serve as the command device. 2 Configure the terminal or computer with the following parameters: Serial connection parameters Parameter Value Baud Rate 9600 Data Bits 8 Parity None Stop Bits 1 Flow Control None 3 Connect one end of the serial cable to the terminal or computer.
Installation Nortel Secure Network Access Installation — Quick Start Switch 4070 NN47230-303 01.01 Standard 2.0 28 July 2008 Copyright © 2008, Nortel Networks .
Configuration This chapter contains configuration instructions for commissioning the Nortel Secure Network Access Switch. Navigation • "Creating a new cluster" (page 33) • "Joining an SNAS to an existing cluster" (page 36) • "Enabling the browser-based interface" (page 38) • "Applying the Nortel SNAS license" (page 40) Creating a new cluster This section describes how to create a new cluster. Nortel Secure Network Access Switch (Nortel SNAS) is member of a cluster.
Configuration 3 To initiate the system connection process, press ENTER on the terminal. 4 At the login prompt, log in as user: admin. 5 At the password prompt, enter the administrator password. The default administrator password is admin. ATTENTION To ensure continuing system security, change the default password to the password of your choice after you successfully configure the switch. 6 After password verification, when the device is booted for the first time, the Setup menu is displayed.
Creating a new cluster 35 Enter network mask [255.255.255.0]: Specify the desired network mask or accept the suggested value by pressing ENTER. If a connected router or switch attaches VLAN tag IDs to incoming packets, specify the VLAN tag ID used. 10 Setup a two armed configuration. Setup a two armed configuration (yes/no): 11 Enter a default gateway address.
Configuration Generate new SSH host keys (yes/no) [yes]: This may take a few seconds...ok Enter a password for the "admin" user: Re-enter to confirm: To maintain a high level of security while using an SSH connection, accept the default choice to generate new SSH host keys. 15 If you like to go through setup. Run NSNAS quick setup wizard [yes/no] [yes] 16 Cluster creation is complete. Login using the admin user to continue with configuration.
Joining an SNAS to an existing cluster 37 Procedure steps Step Action 1 Choose join from the Setup menu to add an SNAS to an existing cluster. 2 Specify the port to be used for network connectivity. Enter port number for the management interface [1-3]: This port is automatically assigned to Interface 1. This interface can be used for both management traffic (coming from the private intranet) and client traffic (coming from the public Internet).
Configuration 6 Enter the Management IP address (MIP) of the existing cluster. Provide the Management IP address of the cluster to which you want to join the new SNAS. To check the Management IP of an existing cluster, connect to the cluster and use the /cfg/sys/cur command. 7 Provide the correct admin user password. —End— The SNAS that is joined to the cluster automatically picks up all configuration data from an installed SNAS in the cluster. Wait until the Setup utility gets finished.
Enabling the browser-based interface 39 To enable the BBI, perform the following procedure: Procedure steps Step Action 1 Establish a console connection or Telnet session with the device. 2 Log into the switch with an administrative user name and password. 3 From the main Command Line Interface (CLI) prompt, enter the Administrative Applications menu with the /cfg/sys/adm command.
Configuration >> Administrative Applications# https 9 (Optional) From the HTTPS access menu, designate a port for HTTPS access using the port command. >> HTTPS# port Using a port other than 4443 requires the user to designate the port when accessing the BBI. For example, if the device IP address is 192.168.0.3 and the designated port is 465, the device is accessed from the browser as: https://192.168.0.3:465.
Applying the Nortel SNAS license 41 Part Number Description EB1639183 Secure Network Access License - Add 2000 concurrent endpoints EB1639184 Secure Network Access License - Add 5000 concurrent endpoints Procedure steps Step Action 1 Contact Nortel Customer Support and purchase part number. In North America, Nortel Customer Support can be contacted at 1-800-4NORTEL (1-800-466-7835). For phone numbers outside of North America, refer to http://www.nortel.com/callus.
Configuration —End— Through CLI Procedure steps Step Action 1 Enter the command /cfg/sys/host /license. 2 Enter the keycode. >> Main# /cfg/sys/host /license 3 Press Enter on the keyboard to create a new line and type three periods (...). 4 Press Enter to input the keycode. 5 Use the apply command to save the license and enable the feature. >> Cluster Host 1# apply The SNAS is now enabled to support additional authenticated user sessions.
Nortel Secure Network Access Installation — Quick Start Switch 4070 Copyright © 2008, Nortel Networks All Rights Reserved. Publication: NN47230-303 Document status: Standard Document version: 01.01 Document date: 28 July 2008 To provide feedback or report a problem in this document, go to http://www.nortel.com/documentfeedback.
