IP350 and IP380 Appliance Installation Guide and IP380 Appliance Installation Guide 11 About this...
-
Upload
truonghuong -
Category
Documents
-
view
225 -
download
1
Transcript of IP350 and IP380 Appliance Installation Guide and IP380 Appliance Installation Guide 11 About this...
IP350 and IP380Appliance Installation
Guide
Part No. N450709003 Rev A
Published September 2004
COPYRIGHT
©2003 Nokia Corporation. All rights reserved.Rights reserved under the copyright laws of the United States.
RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013. Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
IMPORTANT NOTE TO USERS
This software and hardware is provided by Nokia Corporation as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. Nokia reserves the right to make changes without further notice to any products herein.
TRADEMARKS
Nokia is a registered trademark of Nokia Corporation. Other products mentioned in this document are trademarks or registered trademarks of their respective holders.
2 IP350 and IP380 Appliance Installation Guide
Nokia Contact Information
Corporate Headquarters
Regional Contact Information
Nokia Customer Support
Web Site http://www.nokia.com
Telephone 1-888-477-4566 or 1-650-625-2000
Fax 1-650-691-2170
Mail Address
Nokia Inc.313 Fairchild DriveMountain View, California94043-2215 USA
Americas Nokia Internet Communications313 Fairchild DriveMountain View, CA 94043-2215USA
Tel: 1-877-997-9199Outside USA and Canada: +1 512-437-7089email: [email protected]
Europe, Middle East, and Africa
Nokia House, Summit AvenueSouthwood, FarnboroughHampshire GU14 ONG UK
Tel: UK: +44 161 601 8908Tel: France: +33 170 708 166email: [email protected]
Asia-Pacific 438B Alexandra Road#07-00 Alexandra TechnoparkSingapore 119968
Tel: +65 6588 3364email: [email protected]
Web Site: https://support.nokia.com/
Email: [email protected]
Americas Europe
Voice: 1-888-361-5030 or 1-613-271-6721
Voice: +44 (0) 125-286-8900
Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666
Asia-Pacific
Voice: +65-67232999
Fax: +65-67232897
021216
IP350 and IP380 Appliance Installation Guide 3
4 IP350 and IP380 Appliance Installation Guide
Contents
About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
In This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Conventions This Guide Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Command-Line Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About the Nokia IP350 and IP380 IP Security Appliances . . . . . . . 17Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Encryption Acceleration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Managing the IP350 and IP380 Appliance . . . . . . . . . . . . . . . . . . . 18Appliance Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Ethernet Management Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Built-in Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Built-in AUX Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Site Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2 Installing the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Rack Mounting the Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Connecting Power and Turning the Power On. . . . . . . . . . . . . . . . 29Connecting Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
IP350 and IP380 Appliance Installation Guide 5
3 Performing the Initial Configuration . . . . . . . . . . . . . . . . . . . . . 33
Using a Console Connection to Perform the Initial Configuration . 34Accessing Nokia Network Voyager . . . . . . . . . . . . . . . . . . . . . . . . 36
Accessing Voyager Reference Information . . . . . . . . . . . . . . . . . 37Using Voyager to Monitor an IP350 or 380 Appliance . . . . . . . . 38
Using Nokia Horizon Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4 Installing and Replacing Network Interface Cards . . . . . . . . . 39
Deactivating Configured Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 40Removing, Installing, and Replacing NICs. . . . . . . . . . . . . . . . . . . 40Configuring and Activating Interfaces . . . . . . . . . . . . . . . . . . . . . . 46Monitoring Network Interface Cards. . . . . . . . . . . . . . . . . . . . . . . . 47
5 Connecting PMC Network Interface Cards . . . . . . . . . . . . . . . . 49
Dual-Port 10/100 Ethernet Interface, PMC . . . . . . . . . . . . . . . . . . 49Ethernet PMC NIC Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Ethernet NIC Connectors and Cables . . . . . . . . . . . . . . . . . . . . . 50
6 Installing and Replacing Other Components . . . . . . . . . . . . . . 53
Installing a PCMCIA Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Replacing a Hard-Disk Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Replacing or Upgrading Memory . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Adding or Replacing DIMMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Installing an Encryption Accelerator Card . . . . . . . . . . . . . . . . . . . 66Before You Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Installing the Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Configuring Software to Use Hardware Acceleration . . . . . . . . . 71
7 Using the Boot Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Viewing the Variables and Other System Parameters . . . . . . . . 76
6 IP350 and IP380 Appliance Installation Guide
Setting the Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Other commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Booting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Using the Boot Manager to Install IPSO. . . . . . . . . . . . . . . . . . . . . 82Protecting the Boot Manager with a Password . . . . . . . . . . . . . . . 83Installing the Boot Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Upgrading the Boot Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
8 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
General Troubleshooting Information. . . . . . . . . . . . . . . . . . . . . . . 87Troubleshooting Routing Problems . . . . . . . . . . . . . . . . . . . . . . . . 97
A Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Physical Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103NIC Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
B Compliance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Declaration of Conformity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106Compliance Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108FCC Notice (US) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
IP350 and IP380 Appliance Installation Guide 7
8 IP350 and IP380 Appliance Installation Guide
Figures
Figure 1 Component Locations Front View . . . . . . . . . . . . . . . . . 19
Figure 2 Component Locations Rear View . . . . . . . . . . . . . . . . . 20
Figure 3 Ethernet Management Ports Details . . . . . . . . . . . . . . . 20
Figure 4 Pin Assignments for Console Connection . . . . . . . . . . . 22
Figure 5 Pin Assignments for Modem Connection . . . . . . . . . . . 23
Figure 6 Appliance Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . 24
Figure 7 Mounting Screws Location . . . . . . . . . . . . . . . . . . . . . . 28
Figure 8 Adjustable Mounting Brackets . . . . . . . . . . . . . . . . . . . . 28
Figure 9 Back Panel Power Switch . . . . . . . . . . . . . . . . . . . . . . . 29
Figure 10 Voyager Reference Access Points . . . . . . . . . . . . . . . 37
Figure 11 Dual-Port Ethernet NIC Front Panel Details . . . . . . . . 50
Figure 12 Output Connector for the Ethernet Cable . . . . . . . . . . 51
Figure 13 Ethernet Crossover-Cable Pin Connections . . . . . . . . 52
Figure 14 Hard-Disk Drive Location . . . . . . . . . . . . . . . . . . . . . . 55
Figure 15 DIMM Socket Locations . . . . . . . . . . . . . . . . . . . . . . . 60
IP350 and IP380 Appliance Installation Guide 9
10 IP350 and IP380 Appliance Installation Guide
About this Guide
This manual provides information for the installation and use of the Nokia IP350 and IP380 appliance. Installation and maintenance should be performed by experienced technicians or Nokia-approved service providers only.
This preface provides the following information:
� In This Guide
� Conventions This Guide Uses
� Related Documentation
In This GuideThis guide is organized into the following chapters and appendixes:
� Chapter 1, “Overview” presents a general overview of the IP350 and IP380 appliances.
� Chapter 2, “Installing the Appliance” explains how to rack-mount the appliance and how to physically connect it to a network and power.
� Chapter 3, “Performing the Initial Configuration” explains how to make the appliance available on the network.
� Chapter 4, “Installing and Replacing Network Interface Cards” explains how to install, monitor, and replace network interface cards (NICs).
� Chapter 5, “Connecting PMC Network Interface Cards” explains how to connect to and use each of the supported NICs.
IP350 and IP380 Appliance Installation Guide 11
� Chapter 6, “Installing and Replacing Other Components” explains how to install or replace PCMCIA modems, memory, the hard-disk drive, and an encryption accelerator card (IP380 only).
� Chapter 7, “Using the Boot Manager” explains how to use the boot manager, which is part of the IPSO software.
� Chapter 8, “Troubleshooting” discusses problems you might encounter and proposes solutions to these problems.
� Appendix A, “Technical Specifications” gives technical specifications such as interface characteristics.
� Appendix B, “Warranty and Software License” contains Nokia warranty and software license information.
� Appendix C, “General Public Licensed Software” provides information about publicly licensed software that comes with the appliance.
� Appendix B, “Compliance Information” includes compliance and regulatory information.
� Appendix E, “Glossary” provides a glossary of acronyms used in this document.
Conventions This Guide UsesThe following sections describe the conventions this guide uses, including notices, text conventions, and command-line conventions.
Notices
WarningWarnings advise the user that bodily injury might occur because of a physical hazard.
12 IP350 and IP380 Appliance Installation Guide
Conventions This Guide Uses
CautionCautions indicate potential equipment damage, equipment malfunction, loss of performance, loss of data, or interruption of service.
NoteNotes provide information of special interest or recommendations.
Command-Line ConventionsThis section defines the elements of commands that are available in Nokia Internet Communications products. You might encounter one or more of the following elements on a command-line path.
Table 1 Command-Line Conventions
Convention Description
command This required element is usually the product name or other short word that invokes the product or calls the compiler or preprocessor script for a compiled Nokia product. It might appear alone or precede one or more options. You must spell a command exactly as shown and use lowercase letters.
Italics Indicates a variable in a command that you must supply. For example:
delete interface if_name
Supply an interface name in place of the variable. For example:
delete interface nic1
IP350 and IP380 Appliance Installation Guide 13
angle brackets < > Indicates arguments for which you must supply a value:
retry-limit <1–100>
Supply a value. For example:
retry-limit 60
Square brackets [ ] Indicates optional arguments.
delete [slot slot_num]
For example:
delete slot 3
Vertical bars, also called a pipe (|)
Separates alternative, mutually exclusive elements.
framing <sonet | sdh>
To complete the command, supply the value. For example:
framing sonet
or
framing sdh
-flag A flag is usually an abbreviation for a function, menu, or option name, or for a compiler or preprocessor argument. You must enter a flag exactly as shown, including the preceding hyphen.
.ext A filename extension, such as .ext, might follow a variable that represents a filename. Type this extension exactly as shown, immediately after the name of the file. The extension might be optional in certain products.
Table 1 Command-Line Conventions (continued)
Convention Description
14 IP350 and IP380 Appliance Installation Guide
Conventions This Guide Uses
Text ConventionsTable 2 describes the text conventions this guide uses.
( . , ; + * - / ) Punctuation and mathematical notations are literal symbols that you must enter exactly as shown.
' ' Single quotation marks are literal symbols that you must enter as shown.
Table 1 Command-Line Conventions (continued)
Convention Description
Table 2 Text Conventions
Convention Description
monospace font Indicates command syntax, or represents computer or screen output, for example:
Log error 12453
bold monospace font Indicates text you enter or type, for example:
# configure nat
Key names Keys that you press simultaneously are linked by a plus sign (+):
Press Ctrl + Alt + Del.
Menu commands Menu commands are separated by a greater than sign (>):
Choose File > Open.
IP350 and IP380 Appliance Installation Guide 15
Related DocumentationThe IP350 and IP380 documentation set consists of Release Notes for the Nokia software release you are running, the IP350 and IP380 Appliance Installation Guide (this document), a Voyager inline help feature, and the Voyager Reference Guide (online).
You can find the IP350 and IP380 Appliance Installation Guide in PDF on the World Wide Web support site (https://support.nokia.com/).
You can access inline help and the Voyager Reference Guide from Voyager.
To access inline help for a specific subject, click the Help button next to the subject.
Access the Voyager Reference Guide for tasks, examples, and more information by clicking the Doc button.
You can order Check Point documentation from Nokia or download it from the Nokia support site at https://support.nokia.com/.
The words enter and type Enter indicates you type something and then press the Return or Enter key.
Do not press the Return or Enter key when an instruction says type.
Italics • Emphasizes a point or denotes new terms at the place where they are defined in the text.
• Indicates an external book title reference.• Indicates a variable in a command:
delete interface if_name
Table 2 Text Conventions (continued)
Convention Description
16 IP350 and IP380 Appliance Installation Guide
1 Overview
This chapter provides an overview of the IP350 and IP380 appliances and the requirements for using those appliances. The following topics are covered:
� About the Nokia IP350 and IP380 IP Security Appliances
� Managing the IP350 and IP380 Appliance
� Site Requirements
� Software Requirements
� Managing the IP350 and IP380 Appliance
About the Nokia IP350 and IP380 IP Security Appliances
The Nokia IP350 and IP380 IP security appliances combine the power of Nokia IPSO software with your choice of firewall, VPN, and intrusion detection security applications. Both platforms share the same one-rack unit (1 RU) size and support the same selection of network interface cards.
MemoryThe IP350 appliance supports from 256 MB to 512 MB of memory.
The IP380 appliance supports from 256 MB to 1 GB of memory and provides approximately twice the throughput of the IP350.
IP350 and IP380 Appliance Installation Guide 17
1 Overview
Encryption AccelerationBoth the IP350 and IP380 appliances provide built-in hardware-based encryption acceleration. The IP380 appliance also supports an optional encryption accelerator card to further enhance VPN performance.
This guide provides documentation for both the IP350 and IP380 appliances. Most of the information for how to use these two appliances is the same. Where differences exist, they are noted in the documentation.
The Nokia IP350 and IP380 appliances are ideally suited for growing companies and satellite offices that want high-performance IP routing combined with the industry-leading Check Point VPN-1/FireWall-1 enterprise security suite. The small size of the IP350 and IP380 appliance makes them ideal for installations that need to conserve space.
As network devices, the IP350 and IP380 appliances support a comprehensive suite of IP-routing functions and protocols, including RIPv1/RIPv2, IGRP, OSPF and BGP4 for unicast traffic, and DVMRP for multicast traffic. The integrated router functionality eliminates the need for separate intranet and access routers in security applications.
Managing the IP350 and IP380 ApplianceYou can manage the IP350 and IP380 appliances by using one of the following interfaces:
� Nokia Network Voyager—an SSL-secured, Web-based element management interface to Nokia IP security platforms. Voyager is preinstalled on the IP350 and IP380 appliance and enabled through the IPSO operating system. With Voyager, you can manage, monitor, and configure the IP350 and IP380 appliance from any authorized location within the network by using a standard Web browser.
For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
� The IPSO command-line interface (CLI)—an SSHv2-secured interface that enables you to easily configure Nokia IP security platforms
18 IP350 and IP380 Appliance Installation Guide
Appliance Overview
from the command line. Everything that you can accomplish with Voyager—manage, monitor, and configure the IP350 and IP380 appliance—you can also do with the CLI.
For information about how to access the CLI, see the Nokia CLI Reference Guide for IPSO v3.6 or later.
� Nokia Horizon Manager—a secure GUI-based software image management application. With Horizon Manager, you can securely install and upgrade the Nokia proprietary IPSO operating system, plus hardware and third-party applications such as Check Point FireWall-1 and RealSecure for Nokia. Horizon Manager can perform installations and upgrades on up to 2,500 Nokia IP security platforms, offering administrators the most rapid and dependable upgrade to Check Point NG.
For information about how to obtain Horizon Manager, see “Nokia Contact Information” on page 3.
Appliance OverviewThe following figures show component locations for the IP350 and IP380.
Figure 1 Component Locations Front View
00248a
Built-in Ethernet ports(10/100 Mbps)
PMC interfaces
Status LEDs Modem (AUX) port
PCMCIA slotsReset switch Console port
IP350 and IP380 Appliance Installation Guide 19
1 Overview
Figure 2 Component Locations Rear View
Ethernet Management PortsThe Ethernet management ports are located on the front of the appliance. Figure 3 shows the layout of the Ethernet management ports and link LEDs.
NoteThe Ethernet management ports are intended for management purposes. These ports do not provide the same performance as Ethernet cards in the PMC slots.
Figure 3 Ethernet Management Ports Details
CautionCables that connect to the Ethernet ports must be IEEE 802.3 compliant to prevent potential data loss.
00249
Power plugPower switch
00120
Activity LED (yellow)
Link LED (green)
RJ-45 connectors
20 IP350 and IP380 Appliance Installation Guide
Appliance Overview
The IP350 and IP380 appliances include two PMC (PCI mezzanine cards) expansion slots for Nokia supported network interface cards. For information about using this LAN card, see page 49.
The IP350 and IP380 appliances also include a PCMCIA slot that supports PCMCIA modems. See “Installing a PCMCIA Modem” on page 54.
NoteNokia products only support NICs purchased from Nokia Corporation or Nokia-approved resellers. The Nokia Global Support Services group can only provide support for Nokia products that use Nokia-approved accessories. For sales or reseller information, contact a Nokia service provider listed in the “Nokia Contact Information” on page 3.
Built-in Console PortUse the built-in console port, shown in Figure 1 to supply the information that makes the appliance available on the network. Figure 4 provides pin assignment information for console connections.
IP350 and IP380 Appliance Installation Guide 21
1 Overview
Figure 4 Pin Assignments for Console Connection
7000016 9
51
Pin# Assignment Input/Output
1 DCD Input
2 RXD Input
3 TXD Output
4 DTR Output
5 GND
6 DSR Input
7 RTS Output
8 CTS Input
9 DTR Output
22 IP350 and IP380 Appliance Installation Guide
Appliance Overview
Built-in AUX PortUse can use the AUX port, shown in Figure 1, to establish a modem connection for managing the appliance. Figure 5 provides pin assignment information for modem connections.
Figure 5 Pin Assignments for Modem Connection
700001
6 9
51
Pin Input/OutputTo DB25 Cable Out
To DB9 Cable Out
1 (DCD) Input 8 (DCD) 7 (RTS)8 (CTS)
2 (RXD) Input 2 (TXD) 3 (TXD)
3 (TXD) Output 3 (RXD) 2 (RXD
4 (DTR) Output 20 (DTR) 6 (DSR)9 (RI)
5 (GND) 7 (GND) 5 (GND)
6 (DSR) Input 6 (DSR) 4 (DTR)
7 (RTS) Output 4 (RTS) 1 (DCD)
8 (CTS) Input 5 (CTS) 1 (DCD)
9 (RI) Output 22 (RI) 4 (DTR)
IP350 and IP380 Appliance Installation Guide 23
1 Overview
Status LEDsYou can monitor the basic operation of IP350 and IP380 appliances and network interface cards (NICs) by checking their status LEDs. The system status LEDs are located on the front panel of the appliance, as Figure 6 shows.
Figure 6 Appliance Status LEDs
Table 3 Appliance Status LEDs
Status Indication ExplanationLED Front Panel Symbol
Solid Power on
Solid Unit is experiencing an internal Voltage problem
Blinking The unit is experiencing a temperature problem
Solid red One or more fans are not operating properly, or a 5V, 3.3V, or 12V fuse is blown
Power-status
Fan problemVoltage
!
!
24 IP350 and IP380 Appliance Installation Guide
Site Requirements
The location and meaning of the status LEDs for network interface cards are explained in Chapter 5, “Connecting PMC Network Interface Cards.”
� For information on the built-in Ethernet interface LEDs, see “Ethernet Management Ports” on page 20.
� For information on the Dual port Ethernet card LEDs, see “Dual-Port 10/100 Ethernet Interface, PMC” on page 49.
Site RequirementsBefore you install an IP350 or IP380 appliance, ensure that your computer room or wiring closet conforms to the environmental specifications listed in Appendix A, “Technical Specifications.”
WarningHazardous radiation exposure can occur if you use controls, make performance adjustments, or follow procedures that are not described in this document.
WarningAn explosion can occur if the battery is incorrectly placed. Replace only with the same or equivalent type battery recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.
WarningTo reduce the risk of fire, electric shock, and injury when you use telephone equipment, follow basic safety precautions. Do not use the product near water.
IP350 and IP380 Appliance Installation Guide 25
1 Overview
CautionDo not place objects over the ventilation holes on the IP350 or IP380 appliance. The components might overheat and become damaged.
CautionFor IP350 or IP380 appliances intended for shipment outside of the United States, the cord might be optional. If a cord is not provided, use a power cord rated at 6A, 250V, maximum 15 feet long, made of HAR cordage and IEC fittings approved by the country of end use.
Software RequirementsIP350 and IP380 appliances support the following operating system and applications when this guide was published.
� Operating System Requirements—IPSO v 3.5.1, 3.7 and later.
� Firewall and VPN Software Requirements—Check Point NG VPN-1/FW-1 FP2 or higher.
� Intrusion Detection Software Requirements—ISS RealSecure version 6.5 or 7.0.
For information about changes to the software requirements or additional applications that have become available since this guide was published, contact your Nokia service provider, as listed in “Nokia Contact Information” on page 3.
26 IP350 and IP380 Appliance Installation Guide
2 Installing the Appliance
This chapter describes how to install the Nokia IP350 and IP380 appliances. The following topics are covered:
� Rack Mounting the Appliance
� Connecting Power and Turning the Power On
� Connecting Network Interfaces
CautionProtect your IP350 and IP380 appliance and other electronic equipment from static discharge by making sure you are properly grounded before you touch any electronic components.
NoteThe operating temperature range for the IP350 and IP380 appliance is 0° C to 45° C.
Rack Mounting the ApplianceThe IP350 and IP380 appliances mount in a standard 19-inch rack with four mounting screws as Figure 7 shows.
IP350 and IP380 Appliance Installation Guide 27
2 Installing the Appliance
NoteTo avoid damaging your equipment, Nokia recommends that you use all four rack-mounting bolts when you install your appliance on the rack.
Figure 7 Mounting Screws Location
You can relocate the mounting brackets as Figure 8 shows so that the unit is 2 inches forward of the rack.
Figure 8 Adjustable Mounting Brackets
Two mounting positions are available allowing you to mount the unit either flush with the rack, or two inches forward of the rack.
00248aMounting Screws
00251a
28 IP350 and IP380 Appliance Installation Guide
Connecting Power and Turning the Power On
CautionBlocking ventilation openings during installation may result in damage to the appliance.
Connecting Power and Turning the Power OnThe power plug and power switch for the IP350 and IP380 appliances are located on the back of the appliance as Figure 9 shows.
NoteThe IP350 and IP380 appliance power supplies automatically detect the input voltage (115VAC [90 to 132] or 220VAC [180 to 264]) and configure themselves appropriately.
Figure 9 Back Panel Power Switch
To connect the power supply
1. Connect the power cord securely into the power socket on the back of the appliance.
2. Plug the other end of the cord into a three-wire grounded power strip or wall outlet.
3. Press the power supply switch to the “on” position to activate the IP350 and IP380 appliance.
00249
Power plugPower switch
IP350 and IP380 Appliance Installation Guide 29
2 Installing the Appliance
The fan unit on the power supply turns on when you press the power switch. Verify that the fans are running after you press the switch.
Check the power LED on the front panel of the appliance (the Nokia logo) to ensure that the power supply is operating correctly. The power LED should be illuminated. For more information about the system status LEDs, see “Status LEDs” on page 24.
If the power supply fans are not running, or if the power LED is not illuminated:
� Check the power supply cord to make sure it is properly connected.
� Make sure the power supply switch is on.
� Make sure the chassis assembly is pushed all the way in from the front of the platform.
� Make sure that power is turned on to the power strip or wall receptacle you plugged the appliance in to.
If the fans are still not running, or if the power LED does not illuminate, contact your Nokia service provider as listed in “Nokia Contact Information” on page 3 for technical support.
Connecting Network InterfacesConnect at least one network interface to the network to use as the Voyager system management interface. This interface is configured during the system startup procedure, which is described in Chapter 3, “Performing the Initial Configuration.”
You can also connect the remaining LAN interface wires at this point, although you are not required to do so.
To connect Ethernet devices:
� Use a straight-through RJ-45 cable to connect to a 10-Mbps or 100-Mbps hub.
� Use a crossover RJ-45 cable to connect directly to a host.
For details, see “Ethernet NIC Connectors and Cables” on page 50.
30 IP350 and IP380 Appliance Installation Guide
Connecting Network Interfaces
After you connect the network interfaces, continue with Chapter 3, “Performing the Initial Configuration.”.
IP350 and IP380 Appliance Installation Guide 31
2 Installing the Appliance
32 IP350 and IP380 Appliance Installation Guide
3 Performing the Initial Configuration
The first time you turn power on to a Nokia IP350 and IP380 appliance, the initial configuration process begins. This process enables you to configure the network settings and provides access to the admin account.
You can perform the initial configuration in two ways.
� You can configure a DHCP server to provide the initial configuration information the first time the appliance is started.
� You can perform the initial configuration manually by using a console connection.
This chapter describes how to perform the initial configuration manually by using a console connection. It includes the following sections:
� Using a Console Connection to Perform the Initial Configuration
� Accessing Nokia Network Voyager
� Using Nokia Horizon Manager
For information about how to use the DHCP client for initial configuration, see the Read Me First document included with the appliance.
IP350 and IP380 Appliance Installation Guide 33
3 Performing the Initial Configuration
Using a Console Connection to Perform the Initial Configuration
If you do not use DHCP to perform the initial configuration of your IP350 and IP380 appliance, you must use a serial console connection (cable included). After you perform the initial configuration, the console connection is no longer required.
You can use any standard VT100-compatible terminal with an RS-232 data terminal equipment (DTE) interface or terminal-emulation program configured with the following settings for the console:
� 9600 bps
� 8 data bits
� No parity
� 1 stop bit
To connect to the console
1. Connect the supplied null-modem cable (console cable) to the console port on the front panel of the IP350 and IP380 appliance.
Use only the DB9 port on the front panel labeled Console; the serial (AUX) port is an auxiliary modem port.
If you connect the console port to a data communications equipment (DCE) device, use a straight-through cable.
For cable pin assignments for the console connection, see “Built-in Console Port” on page 21.
00248a
Console port
34 IP350 and IP380 Appliance Installation Guide
Using a Console Connection to Perform the Initial Configuration
2. Connect the other end of the cable to the VT100 console or to a system running a terminal-emulation program.
To perform the initial configuration
1. Turn on the appliance.
At the console a series of startup messages appears, then the following prompt appears:
BOOTMGR[0]>
The prompt remains on the screen for about five seconds.
NoteFor information about using the boot manager, see Chapter 7, “Using the Boot Manager.”
After some miscellaneous output appears, the following prompt appears:
Hostname?
If the Hostname? prompt does not appear on the console, check the console port and console display connections to ensure that the serial cable is completely plugged in at both ends. If you verify the console connections and still do not see either the BOOTMGR> or Hostname? prompts, verify that the terminal or terminal emulator program settings are correct. If the settings are correct, contact your Nokia service provider as listed in “Nokia Contact Information” on page 3.
2. Respond to the Hostname? prompt within 30 seconds to prevent the DHCP client from starting.
If the DHCP client starts, it might configure the appliance with an incorrect host name and IP address (this could happen if a DHCP server on your network is configured to respond to any request). To reset the incorrect host name and IP address:
a. Establish a console connection to the system.
b. Enter the following:
IP350 and IP380 Appliance Installation Guide 35
3 Performing the Initial Configuration
rm /config/active
or
mv /config/active /config/active.old
c. Reboot the appliance.
d. Respond to the Hostname? prompt within 30 seconds to prevent the DHCP client from restarting.
3. At each subsequent prompt, type the requested configuration information and then press Enter.
For more information about how to respond to the prompts during the initial configuration process, see the release notes for the Nokia software release you are running.
4. After you complete the initial configuration, you can use Voyager to configure the remaining network ports.
Accessing Nokia Network VoyagerYou can use Voyager to configure the remaining network ports on your IP350 and IP380 appliance.
To open Voyager
1. Start Netscape Navigator or Microsoft Internet Explorer on the host you want to use to complete the configuration.
2. In the Location or Address field, enter the IP address of the initial interface you configured on the appliance.
You are prompted to enter the admin username and the password you entered when performing the initial configuration.
NoteIf the username popup menu does not appear, you might not have a network connection between the host and your IP350 and IP380
36 IP350 and IP380 Appliance Installation Guide
Accessing Nokia Network Voyager
appliance. Confirm the information you entered during the initial configuration and check that all cables are firmly connected.
Accessing Voyager Reference InformationAs you use Voyager, the Voyager Reference Guide and Voyager inline help are available for you to use.
You can access both information sources from the Voyager interface, as Figure 10 shows.
Figure 10 Voyager Reference Access Points
Voyager Reference GuideThe Voyager Reference Guide is the reference source for Voyager. To access this source, click Doc.
Links to Inline Help (Context Sensitive)
Link to Online Help (Voyager Reference
IP350 and IP380 Appliance Installation Guide 37
3 Performing the Initial Configuration
You can also access the Voyager Reference Guide at the Nokia support site (https://support.nokia.com) or on the CD that was delivered with your IP350 and IP380 appliance (doc\voyager_guide.pdf).
Alternatively, you can order a printed copy.
Voyager Inline HelpYou can access inline help when you use Voyager. Inline help is the context-sensitive information source for Voyager.
To enable inline help for a specific subject, click the Help icon next to the subject. You can also click Help at the top of the Voyager window to get inline help for the entire Voyager window. To turn off inline help, click Close.
Using Voyager to Monitor an IP350 or 380 ApplianceAfter you install and configure your IP350 and IP380 appliance, you can use Voyager to monitor its operation. Click Monitor from the Voyager home page to access the monitoring functions.
After you finish configuring the network interfaces with Voyager, the appliance is ready for routing and application configuration.
Use Voyager to configure the routing performed by the appliance. For information about how to access Voyager, see “To open Voyager” on page 36.
Use the documentation provided with your security application to configure firewall, VPN, and intrusion detection software.
Using Nokia Horizon ManagerYou can use Horizon Manager to install and upgrade the Nokia proprietary IPSO operating system. For information about how to obtain Horizon Manager, see the “Nokia Contact Information” on page 3.
38 IP350 and IP380 Appliance Installation Guide
4 Installing and Replacing Network Interface Cards
Your IP350 and IP380 appliances come with any network interface cards (NICs) you ordered already installed. This chapter describes how to remove, add, or replace NICs later if it becomes necessary.
The following topics are covered:
� Deactivating Configured Interfaces
� Removing, Installing, and Replacing NICs
� Configuring and Activating Interfaces
� Monitoring Network Interface Cards
For detailed information on specific network interface cards, see Chapter 5, “Connecting PMC Network Interface Cards.”.
CautionYou should have a working knowledge of networking equipment before attempting to service an IP350 or IP380 appliance. Limit service of the unit to the procedures described in this chapter.
IP350 and IP380 Appliance Installation Guide 39
4 Installing and Replacing Network Interface Cards
CautionProtect your IP350 or IP380 appliance and other electronic equipment from electrostatic discharge (ESD) by making sure you are properly grounded before touching any electronic components.
Deactivating Configured InterfacesIf you are removing or replacing an installed network interface card, use Voyager to deactivate any configured ports on the NIC before removing it.
� Deactivate all of the logical interfaces on the NIC.
� Deactivate all of the physical interfaces on the NIC.
If you do not deactivate the interfaces before removing the NIC, you may have to reinstall the NIC to deactivate its logical and physical interfaces in Voyager.
For information about how to access Voyager, see “Accessing Nokia Network Voyager” on page 36.
Removing, Installing, and Replacing NICs
NoteBefore removing a configured network interface card with these instructions, you must deactivate the NIC in Voyager. See “Deactivating Configured Interfaces” for additional information.
Use these instructions to remove, install, or replace a NIC in IP350 and IP380 appliances. Some steps are not applicable to all procedures. The instructions point out steps appropriate to each procedure.
40 IP350 and IP380 Appliance Installation Guide
Removing, Installing, and Replacing NICs
To remove, install, or replace a network interface card
NoteBecause power to IP350 and IP380 appliances is automatically disconnected when the chassis assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis assembly fully removed from the appliance. Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.
1. Use Network Voyager to shut the system down.
For information about how to access Voyager, see “Accessing Nokia Network Voyager” on page 36.
2. Use your fingers or a screwdriver to loosen the thumbscrews that hold the chassis assembly.
00248a
Chassis assembly thumbscrews
IP350 and IP380 Appliance Installation Guide 41
4 Installing and Replacing Network Interface Cards
3. Gently pull the chassis assembly forward to expose the NIC connectors. Be careful not to pull the chassis assembly entirely out of the appliance.
4. From underneath the chassis assembly, remove the bezel retaining screws.
If you are installing a NIC in an unoccupied slot, remove the blank bezel that occupies the space in the appliance front panel, retain it for future use, and proceed to step 7.
00252a
00254b
42 IP350 and IP380 Appliance Installation Guide
Removing, Installing, and Replacing NICs
5. From above the chassis assembly, remove the NIC retaining screws from the back of the NIC.
6. Remove the NIC by lifting the back of the NIC away from the chassis assembly and pulling the NIC gently away from the front panel.
7. Insert the new NIC or blank bezel.
00255a
00
IP350 and IP380 Appliance Installation Guide 43
4 Installing and Replacing Network Interface Cards
If you are removing a NIC without installing another NIC:
a. Insert a blank bezel into the front panel slot formerly occupied by the NIC and push it gently into place.
Make sure that the bezel is completely seated into the front panel and that the screw holes on the bottom of the bezel align with those in the front panel.
b. Proceed to step 9.
If you are installing or replacing a NIC, insert the NIC.
a. Insert the NIC bezel into the front panel.
b. Gently push the back of the NIC down toward the chassis assembly.
Make sure that the NIC edge is completely seated into the connectors on the chassis assembly.
00256a
44 IP350 and IP380 Appliance Installation Guide
Removing, Installing, and Replacing NICs
8. From the top of the chassis assembly, screw the NIC retaining screws into the standoffs on the back of the NIC.
9. From beneath the chassis assembly, screw in the bezel retaining screws.
00255b
00254a
IP350 and IP380 Appliance Installation Guide 45
4 Installing and Replacing Network Interface Cards
10. Close the chassis assembly until it clicks into place.
11. Tighten the thumbscrews that hold the chassis assembly.
The system automatically restarts when the chassis assembly clicks into place.
Configuring and Activating InterfacesThe IP350 or IP380 appliance automatically detects any new NIC when the system is restarted. Use Voyager to configure and activate the logical and physical interfaces on the NIC.
For information about how to access Voyager and the related reference materials, see “To open Voyager” on page 36.
00252c
00248a
Chassis assembly thumbscrews
46 IP350 and IP380 Appliance Installation Guide
Monitoring Network Interface Cards
Monitoring Network Interface CardsYou can asses the general operating condition of the NICs in your appliance by looking at the LED status indicators on the NICs. The status indicators for each NIC are explained in the NIC reference chapter.
� For the status indicator information for the built-in Ethernet ports or the dual-port Ethernet NIC, see “Dual-Port 10/100 Ethernet Interface, PMC” on page 49.
Use Voyager to access detailed port information. For information about accessing Voyager, see “Accessing Nokia Network Voyager” on page 36.
You can also use the IPSO tcpdump command to examine the track on a specific port.
IP350 and IP380 Appliance Installation Guide 47
4 Installing and Replacing Network Interface Cards
48 IP350 and IP380 Appliance Installation Guide
5 Connecting PMC Network Interface Cards
This chapter describes the PMC NICs available for the IP350 and IP380 appliances and explains how to connect those NICs to your network. The following NICs are covered:
� Dual-Port 10/100 Ethernet Interface, PMC
For instructions on adding or replacing interface cards, see Chapter 4, “Installing and Replacing Network Interface Cards”
CautionProtect your IP350 or IP380 appliance and other electronic equipment from electrostatic discharge (ESD) damage by making sure you are properly grounded before you touch any electronic component.
Dual-Port 10/100 Ethernet Interface, PMCEvery IP350 and IP380 appliance has four built-in dual-mode 10-Mbps and 100-Mbps ports. Additionally, the appliance supports Nokia-approved, dual-port UTP5 dual-mode 10-Mbps and 100-Mbps Ethernet NICs.
When you purchase an Ethernet NIC with your IP350 and IP380 appliance, the NIC is installed before the appliance is delivered to you. For information
IP350 and IP380 Appliance Installation Guide 49
5 Connecting PMC Network Interface Cards
on how to add or replace a NIC later if it become necessary, see Chapter 4, “Installing and Replacing Network Interface Cards.”
Ethernet PMC NIC FeaturesThe Ethernet PMC NIC supports tracing through tcpdump.
You can configure and monitor Ethernet interfaces with Voyager. Specifically, you set the port speed and full-duplex or half-duplex mode by using Voyager.
For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
Figure 11 shows the front panel layout of the dual-port Ethernet NIC.
Figure 11 Dual-Port Ethernet NIC Front Panel Details
After the power is turned on, the Ethernet link LEDs on the appliance and on the remote equipment illuminate to indicate the connection. As data is transmitted, the activity LEDs on the appliance light up.
Ethernet NIC Connectors and CablesThe connectors on the Ethernet NIC are RJ-45 connectors:
� To connect to a 10-Mbps or 100-Mbps hub, use a straight-through RJ-45 cable.
� To connect directly to a host, use an RJ-45 crossover cable.
00258
NO
KIA
10/1
00
RJ-45 connectors
Link LEDs (green)
Activity LEDs (yellow)
50 IP350 and IP380 Appliance Installation Guide
Dual-Port 10/100 Ethernet Interface, PMC
Use IEEE 802.3 10BASE-T, 100BASE-TX unshielded twisted-pair, full-duplex or half-duplex cable.
CautionCables that connect to the Ethernet card must be IEEE 802.3 compliant to prevent potential data loss.
You can order appropriate adapter cables separately. You can order additional cables from a cable vendor of your choice.
Figure 12 shows the pin assignments for the cable. The RJ-45 cable output connector is numbered from right to left, with the copper tabs facing up and toward you.
Figure 12 Output Connector for the Ethernet Cable
Figure 13 shows the pin assignments for the RJ-45 cross-over cable.
00113b
Pin# Assignment
1 TX
2 TX
3 RX
4
5
6 RX
7
8
8 1
IP350 and IP380 Appliance Installation Guide 51
5 Connecting PMC Network Interface Cards
Figure 13 Ethernet Crossover-Cable Pin Connections
00017
52 IP350 and IP380 Appliance Installation Guide
6 Installing and Replacing Other Components
This chapter provides information on how to add or replace user serviceable items other than network interface cards in your IP350 and IP380 appliance. The following topics are covered:
� Installing a PCMCIA Modem
� Replacing a Hard-Disk Drive
� Replacing or Upgrading Memory
� Installing an Encryption Accelerator Card
For instructions on adding or replacing interface cards, see Chapter 4, “Installing and Replacing Network Interface Cards”
CautionYou should have a working knowledge of networking equipment before attempting to service an IP350 or IP380 appliance. Limit service of the appliance to the procedures described in this chapter.
CautionProtect your IP350 or IP380 appliance and other electronic equipment from electrostatic discharge (ESD) damage by making sure you are properly grounded before you touch any component.
IP350 and IP380 Appliance Installation Guide 53
6 Installing and Replacing Other Components
Installing a PCMCIA ModemThe IP350 and IP380 appliances support a PCMCIA modem card that allows you to set the country code through Voyager. For information about the country codes, see the Voyager Reference Guide.
NoteThe IP350 and IP380 support Ositech Five of Clubs and Ositech Five of Clubs II PCMCIA modems. Nokia recommends that you purchase your modem only from Nokia or authorized resellers. For further information, contact the appropriate Nokia customer support site listed “Nokia Contact Information” on page 3.
To use a modem with an IP350 or IP380 appliance
1. If the modem is not already installed, insert the PCMCIA modem into either the top or bottom PCMCIA slot until the modem clicks into place.
The modem and the ejector tab on the left of the slot protrude from the unit. The appliance automatically recognizes the modem.
2. Connect the modem to a phone line.
Use the appropriate cable for the modem and telephone system in the country in which the device is used.
To configure IPSO to allow logins through the modem, click Config on the Home page in Voyager and then click on the Network Access and Services link in the Security and Access Configuration section.
00248a
PCMCIA Slots
54 IP350 and IP380 Appliance Installation Guide
Replacing a Hard-Disk Drive
For information about accessing Voyager and the related reference materials, see “Using Voyager to Configure the Network Interfaces” on page 67.
Replacing a Hard-Disk DriveThe IP350 and IP380 appliances include one hard-disk drive unit, which you can remove and replace. The following figure shows the location of the hard-disk drive on the motherboard.
NoteBack up your hard-drive files to a remote system on a regular basis. For back up and restore procedures, see the IPSO release notes.
Figure 14 Hard-Disk Drive Location
NoteThe disk drive must contain the IPSO partitions and boot loader before installation. For further information, contact the appropriate Nokia customer support site as listed in “Nokia Contact Information” on page 3.
00253
Hard-disk drive
IP350 and IP380 Appliance Installation Guide 55
6 Installing and Replacing Other Components
To replace a hard-disk drive
1. Use Voyager to shut the system down.
For information about how to access Voyager, see “Accessing Nokia Network Voyager” on page 36.
2. Loosen the thumbscrews that hold the chassis assembly.
3. Gently slide the chassis assembly forward to remove the tray from the appliance so you can access the hard-disk drive retaining screws from the bottom of the tray.
NoteBecause power to a IP350 or IP380 is automatically disconnected when the chassis assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis assembly fully removed from the appliance. Power is still active in the chassis body
00248a
Chassis assembly thumbscrews
00252a
56 IP350 and IP380 Appliance Installation Guide
Replacing a Hard-Disk Drive
and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.
4. From the bottom of the chassis assembly, remove the retaining screws that hold the hard-disk drive unit.
5. Gently remove the hard-disk drive from the motherboard, taking care not to damage the connector.
6. Insert the new hard-disk drive unit.
00261
00262
IP350 and IP380 Appliance Installation Guide 57
6 Installing and Replacing Other Components
NotePush the disk gently into place. Take care to align the connectors correctly as the connectors are not keyed.
7. Tighten the retaining screws that holds the hard-disk drive into place.
8. Slide the chassis assembly back into the appliance until it clicks into place.
00261
00252c
58 IP350 and IP380 Appliance Installation Guide
Replacing or Upgrading Memory
9. Tighten the thumbscrews that hold the chassis assembly.
The system automatically restarts when the chassis assembly clicks into place.
Replacing or Upgrading MemoryThe IP350 and IP380 appliances have two dual inline memory-module (DIMM) sockets. This section explains how to upgrade or replace the memory for either platform by using a Nokia-approved memory upgrade kit.
� The IP350 comes with 256 MB of memory in one DIMM and can be upgraded to 512 MB by adding a second 256 MB DIMM.
CautionThe IP350 appliance cannot function with more than 512 MB of memory. If more than 512 MB of memory is installed in an IP350, the system displays a warning message and shuts down.
� The IP380 appliance comes with 256 MB of memory in one DIMM and can be upgraded to 512 MB by adding a second 256 MB DIMM, or upgraded to 1 GB by replacing the 256 MB DIMM with two (2) 512 MB DIMMs.
00248a
Chassis assembly thumbscrews
IP350 and IP380 Appliance Installation Guide 59
6 Installing and Replacing Other Components
NoteNokia recommends that you obtain memory kits only from Nokia or authorized resellers. For further information, contact the appropriate Nokia customer support site listed “Nokia Contact Information” on page 3.
The DIMM sockets are located at the right of the motherboard, as you look at the appliance from the front, as Figure 15 shows.
Figure 15 DIMM Socket Locations
Before You StartTo upgrade or replace the memory in your appliance, you need the following:
� Physical access to the appliance
� Nokia memory upgrade kit and accompanying documentation
� Access to the appliance through Voyager or Lynx
00253
DIMM sockets
60 IP350 and IP380 Appliance Installation Guide
Replacing or Upgrading Memory
CautionTo protect the IP350 or IP380 appliance and the memory modules from electrostatic discharge (ESD), make sure you are properly grounded before you touch these components.
NoteBecause power to a IP350 or IP380 appliance is automatically disconnected when the chassis assembly is opened, you do not need to manually disconnect the power for this procedure. Any servicing of the unit, however, should be completed with the chassis assembly fully removed from the appliance. Power is still active in the chassis body and care should be taken when working on the power supply or power supply wiring without disconnecting the power cord.
Adding or Replacing DIMMs
To add or replace DIMMs
1. Use Voyager or Lynx to perform an orderly shutdown of the IP350 or IP380 appliance.
For information about accessing Voyager, see “Accessing Nokia Network Voyager” on page 36.
IP350 and IP380 Appliance Installation Guide 61
6 Installing and Replacing Other Components
2. Loosen the two front panel thumbscrews.
3. Slide the chassis assembly forward to expose the DIMM sockets
Be careful not to pull the chassis assembly entirely out of the appliance.
00248a
Chassis assembly thumbscrews
00252a
62 IP350 and IP380 Appliance Installation Guide
Replacing or Upgrading Memory
4. Remove any memory module necessary by pressing the two retaining clips outward and carefully pulling each DIMM upward as the following figure shows.
You might need to pull opposite ends of the DIMM alternately to gradually free it from the contact pins.
5. The memory DIMMs are keyed to prevent improper insertion. Press the new DIMM into the socket until it clicks into place.
00263
IP350 and IP380 Appliance Installation Guide 63
6 Installing and Replacing Other Components
The top of the DIMM is smooth. The bottom edge has three different length sets of contacts, which mate with the slots on the socket. Be sure the contacts and slots are properly aligned before you insert the DIMM.
The retaining clips move into the lock position as you press the DIMM into place.
6. Slide the chassis assembly back into the appliance until it clicks into place.
00264
00252c
64 IP350 and IP380 Appliance Installation Guide
Replacing or Upgrading Memory
7. Resecure the two thumbscrews.
The appliance automatically recognizes the new memory configuration. You can verify this from the Voyager or Lynx interface.
00248a
Chassis assembly thumbscrews
IP350 and IP380 Appliance Installation Guide 65
6 Installing and Replacing Other Components
Installing an Encryption Accelerator Card
NoteThe IP350 does not support the optional encryption accelerator card.
This section contains information about the Nokia encryption accelerator card for the IP380 appliance. The card provides high-speed cryptographic processing that enhances VPN performance.
Both the IP350 and IP380 appliances provide built-in hardware-based encryption acceleration. The IP380 also supports an optional encryption accelerator card to further enhance VPN performance.
No hardware configuration is required for the encryption accelerators. The built-in hardware encryption accelerators are enabled by default on both appliances. Installing the optional encryption accelerator card on the IP380 automatically disables the built-in accelerator and enables the card. Removing the card reverses the process.
You must, however, use Voyager to configure your software applications (IPsec or Checkpoint VPN) to make use of the available hardware accelerator. For details, see “Configuring Software to Use Hardware Acceleration” on page 71.
When you order an accelerator card with the appliance, the card is installed before the appliance is delivered. This section provides instructions for installing or replacing the card at a later time.
The IP380 appliances use a PMC format accelerator card. The accelerator card has no external connections and requires no cables.
The accelerator card software package is part of IPSO, so the appliance automatically detects and configures the card.
For tasks related to installing the encryption accelerator card, see the following topics:
� “Installing an Encryption Accelerator Card” on page 66
� “Configuring Software to Use Hardware Acceleration” on page 71
66 IP350 and IP380 Appliance Installation Guide
Installing an Encryption Accelerator Card
Before You StartBefore you install the card, you need:
� Physical access to the unit
� A Phillips-head screwdriver
� Four screws (included in packaging)
� A disposable wrist strap (included in packaging)
WarningTo help guard against electrostatic discharge damage, follow the instructions on the wrist strap envelope before you handle the accelerator card or open the appliance.
Installing the Card1. Use Voyager or Lynx to shut down the appliance.
2. Loosen the two front-panel thumbscrews.
00248a
Chassis assembly thumbscrews
IP350 and IP380 Appliance Installation Guide 67
6 Installing and Replacing Other Components
3. Slide the chassis assembly forward to expose the motherboard components, as the following figure shows.
4. Locate the PMC connectors on the rear of the motherboard.
CautionMake sure you locate the correct connectors for the VPN acceleration card. Do not use the PMC connectors located at the front of the motherboard, those connectors are for NICs.
00252a
68 IP350 and IP380 Appliance Installation Guide
Installing an Encryption Accelerator Card
5. Position the male PMC connectors on the card over the female PMC connectors on the motherboard. The two sets of connectors should be aligned with each other. The four screw holes and four standoffs should also be aligned with one another.
6. Push down on the card until it is properly seated on the motherboard.
00267
A B
Standoffs
Insert the VPN card into connectors. Screw card into standoffs.
PMC connectorsfor VPN card
IP350 and IP380 Appliance Installation Guide 69
6 Installing and Replacing Other Components
7. Place the screws through the standoff holes on the card and into the standoffs on the motherboard.
8. Turn each screw clockwise so that the card is attached to the standoffs.
Do not tighten completely.
9. Make sure that all four standoff connections are properly aligned.
10. To secure the connections, tighten the screws firmly, but do not overtighten.
11. Slide the chassis assembly back into the appliance and resecure the two thumbscrews.
Reseating the chassis assembly automatically restores power to the appliance.
Screw
Accelerator card
Standoff hole
Motherboard standoff
00248a
Chassis assembly thumbscrews
70 IP350 and IP380 Appliance Installation Guide
Installing an Encryption Accelerator Card
12. Configure your software to use hardware acceleration. For more information, see “Configuring Software to Use Hardware Acceleration” on page 71.
Configuring Software to Use Hardware Acceleration
Use Voyager to configure virtual private network (VPN) tunnels to use hardware acceleration. This step is necessary for both the built-in hardware accelerators and for the optional encryption accelerator card on the IP380.
The way you enable the software depends on whether you create VPN tunnels with Voyager or with Check Point software. If you use Voyager to create a VPN tunnel, see “To configure IPsec.” If you use Check Point software to create a VPN tunnel, see “To configure Check Point VPN.”
To configure IPsec
1. Start Nokia Network Voyager for your appliance.
2. On the Voyager home page, click Config.
3. Under Interfaces, click IPSec.
4. Scroll down and click IPSec Advanced Configuration.
5. At Hardware Device Configuration, click On.
6. Click Apply to enable the card.
To configure Check Point VPN
1. Start Nokia Network Voyager for your appliance.
2. On the Voyager home page, click Config.
3. Scroll down to Security and Access Configuration and click Cryptographic Hardware Acceleration.
4. At Hardware Device Configuration, click On.
5. Click Apply to enable the card.
IP350 and IP380 Appliance Installation Guide 71
6 Installing and Replacing Other Components
You can also monitor Nokia encryption accelerator card interfaces with Voyager. For more information about accessing Voyager and locating relevant reference materials, see the Voyager Reference Guide.
72 IP350 and IP380 Appliance Installation Guide
7 Using the Boot Manager
This chapter describes using the IPSO boot manager. The following topics are discussed in this chapter:
� Variables
� Booting the System
� Using the Boot Manager to Install IPSO
� Protecting the Boot Manager with a Password
� Installing the Boot Manager
� Upgrading the Boot Manager
The IP350 and IP380 platforms incorporate a boot manager on disk to control the boot-up process. The boot manager allows you to perform a number of tasks, including the following:
� Booting from alternate kernels, which might reside on nondefault devices or directories
� Installing new versions of IPSO (the operating system)
� Obtaining system information
� Performing various housekeeping tasks
When you first receive your IP350 or IP380 appliance, the boot manager uses factory-default parameters (kernel, boot device, and so on) for the boot process. The factory defaults cause the appliance to bypass the boot manager prompt after a five-second wait. You can change these defaults to reflect your own needs, or you can use different parameters in the command line at boot time. The boot manager maintains the default values of these parameters on
IP350 and IP380 Appliance Installation Guide 73
7 Using the Boot Manager
the hard-disk drive. You can set these values by using boot manager commands.
This chapter describes the boot manager commands.
VariablesA number of variables are stored by the boot manager in nonvolatile memory. You can set and view most variables from the boot manager prompt. The following sections describe how to view and set the variables. The variables are:
Table 4 Boot manager variables
Variable Description
boot manager revision
The version number of the boot manager. This variable cannot be set from the command line.
autoboot If autoboot is set to no, the IP350 or IP380 appliance stops at the boot manager command line during the boot process.If autoboot is set to yes, the IP350 or IP380 appliance does not stop at the boot manager command line during a boot up. It does wait for the amount of time specified in bootwait for input from the keyboard. If input is received, the boot manager goes to the command line; otherwise, it proceeds with the boot up.Factory default: yes.
bootwait The amount of time, in seconds, that the boot manager waits for input during a boot up when autoboot is set to yes. Factory default: five seconds.
74 IP350 and IP380 Appliance Installation Guide
Variables
The following table shows possible boot flags.
boot-device: This is the device from which the boot-file loads.
Factory default: wd0.
Options: wd0 (hard disk).
boot-file The name of the operating system kernel file.Factory default: /image/current/kernel.
boot-flags The string of flags passed to the kernel.Factory default: -x.
Flag Meaning
-d Debug Mode: Enters the kernel debugger as soon as possible in the kernel initialization.
-s Single-User Mode: If the console is marked as insecure, you must enter the root password to access the manager.
-v Verbose Mode: Verbose during device probing and thereafter.
Table 4 Boot manager variables
Variable Description
IP350 and IP380 Appliance Installation Guide 75
7 Using the Boot Manager
Viewing the Variables and Other System Parameters
printenvUse the printenv command to view the values of variables currently stored in the boot manager nonvolatile memory. The command has the following syntax:
printenv
For example:
BOOTMGR[93]> printenv
Bootmgr Revision: 3.3,base kernel=3.5.1- 06.12.2002-080000
autoboot: YES
testboot: NO
bootwait: 0
boot-file:
boot-flags:
boot-device:
vendor: Nokia
model: IP
76 IP350 and IP380 Appliance Installation Guide
Variables
sysinfoUse the sysinfo command to view system information such as CPU speed, memory size, and so forth. The command has the following syntax:
sysinfo
For example:
CPU 0: 700 MHz Pentium-III w ATC
Memory: 268435456 (256M bytes)
Disk Devices:
IO port 0x1f0 wdc0: unit 0 (wd0): <IBM-DJSA-205> 5000MB (9767520 sectors), 608 cyls, 255 heads, 63 S/T, 512 B/S
Network Interfaces:
loop0: flags=10b<UP,LINK,LOOPBACK,PRESENT>
soverf0: flags=2923<UP,LINK,MULTICAST,PRESENT,IPV6ONLY>
stof0: flags=2903<UP,LINK,PRESENT,IPV6ONLY>
tun0: flags=107<UP,LINK,POINTOPOINT,PRESENT>
eth1: flags=131<LINK,BROADCAST,MULTICAST,PRESENT>
ether 0:20:30:0:11:4 speed 10M full duplex
eth2: flags=130<BROADCAST,MULTICAST,PRESENT>
ether 0:20:30:0:11:5 speed 10M full duplex
eth3: flags=130<BROADCAST,MULTICAST,PRESENT>
ether 0:20:30:0:11:6 speed 10M full duplex
eth4: flags=130<BROADCAST,MULTICAST,PRESENT>
ether 0:20:30:0:11:7 speed 10M full duplex
IP350 and IP380 Appliance Installation Guide 77
7 Using the Boot Manager
lsUse the ls command to view the contents of directories on the devices in your IP350 or IP380 appliance. The command has the following syntax:
ls device directory
where device is the device containing the directory you want to look at, and directory is the directory on that device. Both device and directory are optional. The default directory is /image on the wd0 device.
For example:
BOOTMGR[2]> ls wd0 /image/current
.description bootmgr etc kernel.debug usr
VERSION cdrom ipso.tgz mnt web
bin dev kernel sbin
Setting the Variables
setenvUse the setenv command to set a particular variable. The command has the following syntax:
setenv name value
where name is the name of the variable, and value is the new value you want the variable to assume.
For example:
BOOTMGR[2]> setenv autoboot yes
sets the value of autoboot to be yes.
78 IP350 and IP380 Appliance Installation Guide
Variables
unsetenvUse the unsetenv command to clear a particular variable. The command has the following syntax:
unsetenv name
where name is the name of the variable to be cleared.
For example, the following command clears the boot-file variable:
BOOTMGR[2]> unsetenv boot-file
NoteThis command sets the autoboot variable to no, and the bootwait variable to zero.
set-defaultsUse the set-defaults command to set variables to their factory-default values. The command has the following syntax:
set-defaults name
where name is the name of the variable to be set to its factory default. If name is not specified, all variables are set to their factory defaults.
For example, the following command sets the value of autoboot to be yes, the factory default:
BOOTMGR[2]> set-defaults autoboot
setaliasUse the setalias command to set an alias. The command has the following syntax:
setalias name device
where name is the alias name, and device the device for which name is the alias.
IP350 and IP380 Appliance Installation Guide 79
7 Using the Boot Manager
For example, the following command sets the alias disk to have the value of wd0:
BOOTMGR[2]> setalias disk wd0
You can have a maximum of eight aliases set at one time.
unsetaliasUse the unsetalias command to clear an alias. The command has the following syntax:
unsetalias name
where name is the name of the alias to be cleared.
For example, the following command deletes the disk alias from the list of aliases:
BOOTMGR[2]> unsetalias disk
Other commands
haltUse the halt command to halt the system. The command has the following syntax:
halt
helpUse the help command to display a list of the available commands. The command has the following syntax:
help or ?
80 IP350 and IP380 Appliance Installation Guide
Booting the System
Booting the SystemThe boot command lets you boot up the operating system (IPSO). It allows you to set the boot device, boot file, and boot flags from the command line.
The command has the following syntax:
boot boot-device boot-file boot-flags
where boot-device is the storage device from which the operating system loads at boot up, and boot-file is the operating system kernel. The boot-flags control the operation of the command. Refer to the boot flag table in “Variables” on page 74.
For example, at the boot manager command prompt enter the following:
BOOTMGR[0]> boot wd0 /image/current/mykernel -vd
This command boots mykernel from disk wd0 in verbose and debug mode.
You can supply all, any, or none of the arguments. If you do not supply an argument, the boot manager uses its default. It first searches its nonvolatile memory to see if the corresponding default argument is specified there. If so, it uses that value; if not, it defaults to the values in the following table:
Argument Default
boot-device wd0 (the hard-disk drive)
boot-file /image/current/kernel
boot-flags -x
IP350 and IP380 Appliance Installation Guide 81
7 Using the Boot Manager
Using the Boot Manager to Install IPSOUse the install command to install IPSO. The syntax of the command is:
install
For complete installation procedures, refer to the appropriate version of release notes.
NoteA full installation using the install command deletes the existing IPSO image on the IP350 or IP380 appliance.
To install a new copy of the IPSO kernel
1. At the boot manager command prompt, enter:
BOOTMGR[0]>install
If you used the passwd command to protect this command with a password, the boot manager prompts you for your password before allowing you to execute the install command.
2. Enter the information the install command requests (your system IP address, the server IP address, and other information).
3. Reboot the IP350 or IP380 appliance.
82 IP350 and IP380 Appliance Installation Guide
Protecting the Boot Manager with a Password
Protecting the Boot Manager with a PasswordTo prevent accidental or unauthorized access to your IP350 or IP380 appliance hard disk, you can require that the user enter a password to access the boot manager install command. Use the password command to set the password.
NoteThe password you enter gives you access to the install command in boot manager, not access to IPSO.
To set a password
1. At the boot manager command prompt enter:
BOOTMGR[0]> passwd
The passwd program prompts you for your current password.
2. If the appliance is protected by a password, enter your current password.
The program prompts you for the new password.
3. Enter the new password.
The program prompts you to re-enter the new password for verification.
4. Enter the new password again.
NoteIf you forget your install password, contact the appropriate Nokia Customer Support site as listed in “Nokia Contact Information” on page 3 for information on how to set a new one.
IP350 and IP380 Appliance Installation Guide 83
7 Using the Boot Manager
Installing the Boot ManagerThe boot manager is installed at the factory; you should not need to re-install it. If you should need to re-install the boot manager, contact the appropriate Nokia customer support site listed in the Nokia Contact Information section at the front of this guide for instructions and a new boot manager.
The command to install the boot manager has the following syntax:
install_bootmgr boot-device boot-file
where boot-device is the storage device to which you write the new boot manager image and from which boot manager image loads at boot up. Boot-file is the new boot manager. The new boot manager options are cpipflash, cpvpnflash, nkipflash, and nkvpnflash. Execute the install_bootmgr command from IPSO (the operating system), not from the boot manager.
NoteTo install the new boot manager, you must be in single-user mode.
To install the new boot manager
1. Start the appliance in single-user mode.
2. At the IPSO command prompt, enter:
/etc/install_bootmgr wd0 /image/current/bootmgr/nkipflash
The command installs the new boot manager image (nkipflash) into the flash device (wd0). The installation takes some time to complete. Do not interrupt the installation process.
84 IP350 and IP380 Appliance Installation Guide
Upgrading the Boot Manager
Upgrading the Boot ManagerThe command to upgrade your boot manager has the following syntax:
upgrade_bootmgr boot-device boot-file
where boot-device is the storage device from which the boot manager loads at boot up and boot-file is the new boot manager image. The new boot manager options are cpipflash, cpvpnflash, nkipflash, and nkvpnflash. Execute the upgrade_bootmgr command from IPSO (the operating system), not from the boot manager.
For complete upgrade procedures, refer to the appropriate version of release notes.
NoteTo install the new boot manager, you must be in single user mode.
To upgrade the boot manager
1. Get the upgraded boot manager image from the appropriate Nokia customer support site as listed in the Nokia Contact Information section at the front of this guide.
2. Start the IP350 or IP380 appliance in single-user mode.
3. At the IPSO command prompt, enter:
/etc/upgrade_bootmgr wd0 /etc/nkipflash
The command upgrades the boot manager with the new image (nkipflash), writing it into the hard disk dirve (wd0). The upgrade takes some time to complete. Do not interrupt the upgrade process.
IP350 and IP380 Appliance Installation Guide 85
7 Using the Boot Manager
86 IP350 and IP380 Appliance Installation Guide
8 Troubleshooting
This chapter provides troubleshooting tips, problems, and solutions related to IP350 and IP380 appliance installations.
For information about how to reinstall the operating system (IPSO) on to your appliance, see Chapter 7, “Using the Boot Manager.”
General Troubleshooting InformationThe information in this section relates to non-routing problems. For information about how to troubleshoot routing problems, see “Troubleshooting Routing Problems” on page 97.
Unable to Log in to the Console Port—No Error Message
Two laptop computers (using terminal emulation programs) or terminals should be able to communicate back to back in the same way that the terminal communicates with the IP350 and IP380 appliance. If this is not possible using your laptop computer or terminal, the problem is with the terminal or cable and not the appliance.
IP350 and IP380 Appliance Installation Guide 87
8 Troubleshooting
Problem You do not have a console connection to the IP350 and IP380 appliance.
Solution For information about how to create a console connection, see “Using a Console Connection to Perform the Initial Configuration” on page 34.
Problem Not connected with a null-modem cable.
Solution Verify that you are using a null-modem cable. For pinout information, see “Using a Console Connection to Perform the Initial Configuration” on page 34.
Problem Wrong terminal settings.
Solution Verify terminal settings: 8 data, 1 stop, no parity, 9600 bps.
Problem Terminal set for flow control.
Solution The IP350 and IP380 appliance does not use flow control. The terminal should be set for no flow control.
Problem Defective IP350 and IP380 appliance or file system.
Solution Contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.
Problem Database is corrupt.
Solution Return to default settings according to the instructions included in the instructions for resetting the default password, or contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.
Login Prompt Appears, But Password Not Accepted
Problem Entered wrong password.
Solution Obtain a valid password or set the password to a default value.
88 IP350 and IP380 Appliance Installation Guide
General Troubleshooting Information
To reset the admin password to a default value
NoteYou must have local serial access to your appliance console to perform this procedure. With a keyboard and monitor directly connected to the appliance, the boot: prompt does not appear, and you cannot perform this procedure.
1. Boot up the appliance in single-user mode by restarting or power cycling the appliance.
When the boot: prompt appears, enter -s before the appliance goes into multiuser mode; you have about 10 seconds to do this.
2. After the appliance boots up, the following text appears:
Enter pathname of shell or RETURN for sh:
Press Enter.
3. Type /etc/overpw at the # prompt.
When the response asks if you want to continue, type y.
4. The admin password defaults to no password for admin.
Continue to boot to multiuser mode.
5. Reconfigure the password as you normally would in Lynx.
NoteBlank passwords are not accepted in Voyager or Lynx. In such cases, enter the following command to reset the password from the command line using a blank password:dbpasswd admin newpassword ""The two double quotation marks at the end of the command properly indicate a blank password.After you execute this command, the system reports that the password was not successfully changed. However, the password is changed and is now newpassword.
IP350 and IP380 Appliance Installation Guide 89
8 Troubleshooting
Finally, return the entire database to its default settings and bring up the new system-startup procedure. The new system-startup procedure is described in Chapter 3, “Performing the Initial Configuration”.
To reset the default database settings
1. Log in to the IP350 and IP380 appliance as admin by using Voyager.
For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
2. Under Configuration Database Management (Config > System Configuration > Manage Configuration Sets), choose the option to create a new factory default configuration.
3. Create the new default configuration.
Do Not Get a Login Prompt—Error Messages Appear
Problem The IP350 and IP380 appliance is defective, or the file system on the IP350 and IP380 appliance is defective.
Solution Contact the Nokia customer support site listed in “Nokia Contact Information” on page 3.
NoteUse the full installation procedure to install a new system. The new system completely replaces the contents of the drive and might be needed to restore or reload an IP350 and IP380 appliance. This procedure erases any configuration database on the appliance. For information about how to complete the full installation procedure, see the current release notes. The release notes are located on the Nokia customer support Web site as listed in the “Nokia Contact Information” on page 3.
90 IP350 and IP380 Appliance Installation Guide
General Troubleshooting Information
Not Able to Connect to Voyager Using the Ethernet Port, But Console Access Works
Problem Using the wrong Ethernet cable.
Solution Use a crossover Ethernet cable if you are connecting directly to the computer. Use a straight-through cable if you are connecting to a hub. For cabling information, see “Dual-Port 10/100 Ethernet Interface, PMC” on page 49.
Problem Port is not configured as active.
Solution View the port in Voyager, or from Lynx, and verify that the interface is configured as active.
Problem Host port configuration is incorrect.
Solution Check host Ethernet port settings. Verify that IP address and netmask settings are correct for the IP350 and IP380 appliance configuration.
Problem Wrong link speed.
Solution Verify that the port on the host and the port on the IP350 and IP380 appliance are set for the same speed (10 Mbps or 100 Mbps). An unblinking data and activity LED on a port is a good indication that there is a speed mismatch.
Problem Duplex setting is wrong.
Solution Correct duplex setting.
Do Not See Interfaces that Should be Present
Problem Local IP350 and IP380 appliance ports do not appear.
Solution Your NIC might be defective. Contact the appropriate Nokia customer support site as listed in “Nokia Contact Information” on page 3.
IP350 and IP380 Appliance Installation Guide 91
8 Troubleshooting
NoteThe problem could be with the slot on the PMC card carrier. Try installing the NIC in another slot.
Common Ethernet Problems—Connectivity with Attached Device
Problem No link light.
Solution You might have used the wrong cable. Use a crossover cable between an IP350 and IP380 appliance and a host, and a straight-through cable between an appliance and a hub.
Problem Solid data and activity LED.
Solution You might have set the wrong speed. Verify that the speeds match on each end of the Ethernet connection (10 Mbps or 100Mbps).
Problem Port not enabled.
Solution Verify from the Interface page in Voyager that the interface port is configured as active.
Problem High collision rate on the hub.
Solution Disconnect connections one at a time until the problem is localized to one computer and troubleshoot further.
Unable to Ping Through Appliance—No Connectivity Between Ports
This section covers connectivity issues that are isolated within an IP350 and IP380 appliance or network.
92 IP350 and IP380 Appliance Installation Guide
General Troubleshooting Information
Localize the problem by issuing pings to various network interfaces. Use tcpdump to help isolate the problem. Use tcpdump to verify that a packet is leaving or entering a port.
Problem Interfaces not up.
Solution Ensure that all interfaces are up and active, as described in Chapter 3, “Performing the Initial Configuration.”
Problem No route to network.
Solution Check the routing table to see if a route exists to the network where the interface is located. If no route exists, see “Troubleshooting Routing Problems” on page 97.
Problem Attached device does not have proper default route or routing information.
Solution If a local computer is unable to ping through an attached appliance, the computer might contain either an invalid default route or invalid routing information.
If you are using default routes from a computer, ensure that the local interface is the default route for that computer.
Problem The ARP table has old information.
Solution If the ARP table has an old or invalid entry for the device associated with the IP address you are attempting to ping, use Voyager to delete the invalid entry.
For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
To delete the invalid entry
1. Click Config.
2. Click ARP in the Interfaces section.
IP350 and IP380 Appliance Installation Guide 93
8 Troubleshooting
3. Click Display or Remove Dynamic ARP Entries.
4. Click Delete for the entry you want to delete.
5. Click Apply.
Problems with Multicast
Use tcpdump to view packets. To display packets for a specific interface, use the following command: tcpdump -i interface proto igmp. For more information about how to use the tcpdump command, see the Voyager Reference Guide.
Under Routing Options in the Routing Configuration section in Voyager, you can also enable several types of trace options for DVMRP. These traces are logged into /var/tmp/ipsrd.log.
For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
Problem No IP connectivity.
Solution Verify that you have IP connectivity; ping various hosts on each network.
Problem DVMRP is not enabled on the interfaces.
Solution Verify that DVMRP is enabled on the interfaces in use.
Problem Exceeding TTL on clients.
Solution Verify that the client is set up for the proper TTL number. Many clients are set to receive local traffic only one hop away.
94 IP350 and IP380 Appliance Installation Guide
General Troubleshooting Information
Problems Interfacing to 1483 Devices (Classical IP)
Problem Remote and local devices are not configured for the same VC and VP value.
Solution Set remote and local devices to the same VC and VP values. Consult your 1483 device documentation.
Problem Remote and local devices are not in the supported VC range of the network interface card.
Solution Use ipsctl to determine the VC range. Enter the following command:
ipsctl ifphys:logical interface:max_rxlabel
Problem Encapsulation is not set to LLC/SNAP.
Solution Set encapsulation to LLC/SNAP. Consult your 1483 device documentation.
Problem The MTU size is not 1500.
Solution The MTU size must be 1500. Nokia does not support larger MTU sizes.
Appliance Not Receiving Power
Problem Power cord is not properly plugged in.
Solution Check cord. Make sure it is properly seated at both ends.
Problem Power supply not providing power.
Solution Check power source. If there is no power at the source, take appropriate action such as inserting a new fuse or resetting circuit breaker.
IP350 and IP380 Appliance Installation Guide 95
8 Troubleshooting
Appliance Does Not Recognize New Memory Configuration
Problem DIMMs are not properly seated in DIMM sockets.
Solution Repeat memory installation procedures. Make sure DIMMs are fully seated in sockets. Be sure DIMMs click into place.
Appliance locks up after you upgrade IPSO with a console connection. No error messages appear, but the appliance stops responding to console and network.
Problem During the upgrade process, some of the environment variables might not have updated correctly.
Solution You can verify what the current boot manager settings are by issuing a printenv command at the boot manager prompt, as shown in this example:
Loading boot manager ..
BOOTMGR[0]> printenv
Bootmgr Revision: 3.3,base kernel=3.5.1-fcs1
02.12-2001-102644
autoboot: NO
bootwait: 5
boot-file:
boot-flags:
boot-device:
No referenced boot-file or boot-device appears.
Setting the boot manager to defaults causes the boot manager to determine that no environment variables are set, and it responds by importing the defaults from the binary file. To set the boot manager to defaults, issue the set-defaults command at the boot manager prompt as shown in this example:
BOOTMGR> set-defaults
96 IP350 and IP380 Appliance Installation Guide
Troubleshooting Routing Problems
If you issue the printenv command again, the boot-file and boot-device entries are present, as shown in this example:
BOOTMGR[2]> printenv
Bootmgr Revision: 3.3,base kernel=3.5.1-fcs1
02.12.2001-102644
autoboot: YES
bootwait: 5
boot-file: /image/current/kernel
boot-flags:
boot-device: wd0
Issue the halt command to restart your appliance.
BOOTMGR> halt
Troubleshooting Routing Problems Several useful tools are available to troubleshoot routing problems. The first tool is available from the Monitor page in Voyager, from which you display routing statistics and errors. You can access this information from the command-line interface using the ICLID (IPSRD command-line interface daemon) command. An example use of the ICLID command is shown below.
For information about the ICLID command, see the Voyager Reference Guide. For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
IP350 and IP380 Appliance Installation Guide 97
8 Troubleshooting
NoteAdding a question mark (?) after any command provides additional command options. Typing a question mark (?) at a prompt provides a list of available commands.
hostname[admin]# iclid
hostname | IP address>
hostname | IP address> ?
exit get help quit show
hostname | IP address>
hostname | IP address> show ?
address bgp igmp iphelper mfc ripvrrp bootpgw igrp krt ospf route inbound-filter dvmrp interface memory resource version
hostname | IP address> show route ?
aggregate bgp igrp ospf static
all direct inactive rip summary
hostname | IP address> show route ospf
Codes: C - connected, S - static, I - IGRP, R - RIP,
B - BGP, O - OSPF, E - OSPF external, A - Aggregate,
K - Kernel Remnant, H - Hidden, S - Suppressed
The response to the preceding ICLID command is as follows:
0 172.16/16 via 10.1.1.225, eith-sp4p1c0,cost 3, age 3111
In addition, several trace options are available. You can enable these options under the routing options in Voyager. When a trace is enabled the output appears in /var/tmp/ipsrd.log.
98 IP350 and IP380 Appliance Installation Guide
Troubleshooting Routing Problems
Common Problems with OSPF
Use tcpdump to view routing information. Use the following command display routing updates for that interface:
tcpdump -i interface proto ospf
For more information about how to use the tcpdump command, see the Voyager Reference Guide.
Under routing options in Voyager, you can also enable several types of trace options for OSPF. These traces are logged in /var/tmp/ipsrd.log.
For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
Problem OSPF is not configured.
Solution Verify that OSPF is properly configured for all interfaces that are involved in OSPF routing. For more information, see Configuring OSPF from the Configuring Routing document page in Voyager. You can access the document page by pressing Doc.
Problem OSPF hello and dead timers are not the same on each interface for a given link.
Solution Verify that the settings at the end of each link are identical.
Problem Attached devices do not support OSPF.
Solution Ensure that the attached IP350 and IP380 appliance supports OSPF. If the attached appliance does not support OSPF, configure it with a protocol that the appliance supports and exchange routes with OSPF, or set a default or static route.
NoteYou can also use ICLID to display OSPF details.
IP350 and IP380 Appliance Installation Guide 99
8 Troubleshooting
Common Problems with RIP
Use tcpdump to view routing information. Use the following command to display routing updates for a specific interface:
tcpdump -i interface proto rip
For more information about how to use the tcpdump command, see the Voyager Reference Guide.
Under routing options in Voyager, you can also enable several types of trace options for routing information protocol (RIP). These traces are logged in /var/tmp/ipsrd.log.
For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
Problem Inconsistent subnet mask (netmask does not match the class of IP address for RIP v1).
Solution RIP version 1 must use consistent subnet masks; change to RIP version 2 or OSPF to use inconsistent subnet masks.
Problem Number of networks exceeds the RIP limit.
Solution RIP can span up to 16 networks. Verify that your network topology does not exceed this limit.
Common Problems Exchanging Routes
Always enter a metric value if you are exporting routes from OSPF to RIP.
Problem Exchanging routes are not configured correctly.
Solution Exchanging routes involves several configuration steps. Follow the tasks in the Voyager Reference Guide (online documentation) to ensure that you follow all steps.
For information about how to access Voyager and the related reference materials, see “Accessing Nokia Network Voyager” on page 36.
100 IP350 and IP380 Appliance Installation Guide
Troubleshooting Routing Problems
Problem Routing protocol is not functioning properly.
Solution to ensure that each routing protocol is functioning properly, see “Common Problems with OSPF” on page 99 and “Common Problems with RIP” on page 100.
IP350 and IP380 Appliance Installation Guide 101
8 Troubleshooting
102 IP350 and IP380 Appliance Installation Guide
A Technical Specifications
Physical Dimensions
Space RequirementsThe IP350 and IP380 are designed for front-screw mounting in a 19-inch rack. Each IP350 and IP380 requires the following space in a rack:
� 1.75 inches (4.45 centimeters) of vertical space
� 18 inches (46 centimeters) behind the front-panel of the rack
� 6 inches (15 centimeters) behind the IP350 or IP380 appliance to allow the back exit fan to move air through the appliances
Dimensions Height: 1.75 in. (4.45 cm)
Width: 17 in. (44 cm)19 in. (48 cm) rack mountable
Depth: 16.12 in. (40.94 cm)
Weight 17 lbs. (7.7 kg) base system
IP350 and IP380 Appliance Installation Guide 103
A Technical Specifications
CautionDo not place objects over the ventilation holes on the IP350 or IP380 appliance. The appliance might overheat and become damaged.
NIC Interfaces
Cable TypeCable Output Connector
Ethernet IEEE 802.3 10BASE-T, 100BASE-TX unshielded twisted pair, full-duplex or half-duplex
RJ-45
104 IP350 and IP380 Appliance Installation Guide
B Compliance Information
This appendix contains the following compliance information:
� Declaration of Conformity
� Compliance Statements
� FCC Notice (US)
IP350 and IP380 Appliance Installation Guide 105
B Compliance Information
Declaration of Conformity
According to ISO/IEC Guide 22 and EN 45014:
declares that the product:
conforms to the following standards:
Manufacturer’s Name: Nokia Inc.
Manufacturer’s Address: 313 Fairchild DriveMountain View, CA 94043-2215USA
Product Name: IP350, IP380
Model Number: IP0380
Product Options: All
Serial Number: 1 to 100,000
Date First Applied: 2002
Safety: EN60950:1992, A1,A2:1993, A3:1995, A4:1997, A11:1998 with Japanese National Deviations
EMC: EN55024 1998, EN55022A 1998, EN61000-3-2, EN61000-3-3
106 IP350 and IP380 Appliance Installation Guide
Declaration of Conformity
Supplementary Information:
Pursuant to directive 1999/5/EC this product complies with the requirements of the Low Voltage Directive 73/23/EEC and the EMC Directive 89/336/EEC with Amendment 93/68/EEC.
Alan HutchinsonManager Regulatory Compliance EngineeringMountain View, CaliforniaAugust 2002
IP350 and IP380 Appliance Installation Guide 107
B Compliance Information
Compliance StatementsThis hardware complies with the standards listed in this section.
Emissions Standards
FCC Part 15 Subpart B Class A US/CanadaEN55022 (CISPR 22 Class A) European Community (CE)
Immunity Standards
EN50024: European Community (CE)EN61000-4-2EN61000-4-3EN61000-4-4EN61000-4-5EN61000-4-6EN61000-4-8EN61000-4-11ENV50204
Harmonics and Voltage Fluctuation
EN61000-3-2 European Community (CE)EN61000-3-3 European Community (CE)
Safety Standards
UL60950 USCan/CSA-C22.2 No. 950 Canada
108 IP350 and IP380 Appliance Installation Guide
FCC Notice (US)
FCC Notice (US)This device has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this device does cause harmful interference to radio or television reception, the user is encouraged to try to correct the interference by one or more of the following measures:
� Reorient or relocate the receiving antenna.
� Increase the separation between the computer and receiver.
� Connect the computer into an outlet on a circuit different from that to which the receiver is connected.
� Consult the dealer or an experienced radio/TV technician for help.
CautionAny changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment.
IP350 and IP380 Appliance Installation Guide 109
B Compliance Information
110 IP350 and IP380 Appliance Installation Guide
Index
Aaccelerator card 66accessing and removing DIMMs 61appliance components 19arguments 81attaching accelerator card to motherboard 70autoboot variable 74
Bboot command 81boot manager 73
booting the system 81installing 84installing IPSO using 74, 82password protection for 83upgrading 85variables used by 74, 81
boot manager revision variable 74boot-device variable 75boot-file variable 75boot-flags variable 75bootwait variable 74
Ccommands
halt 80help 80ICLID 97install 82
IP350 and IP380 Appliance Installation Guide
ls 78printenv 76setalias 79set-defaults 79setenv 78sysinfo 77unsetalias 80unsetenv 79
configuringwith Voyager 36
connectionsEthernet network interface cards 50modem 23power 29
connector pin assignmentsEthernet network interface cards 51
connectors forEthernet network interface cards 50
console cable 34
Ddata communications equipment device 34deactivating, network interface cards 40DIMMs
accessing and removing 61adding 61socket locations 60
documentationstructure 11
dual-port Ethernet network interface card 50
Index - 111
Eencryption accelerator card 66Ethernet cable output connector 51Ethernet crossover-cable pin connections 52Ethernet management ports 20Ethernet network interface cards
cable pin assignments 51connecting to 50connectors 50
Hhalt command 80hard disk drive, replacing 55help command 80
IICLID command 97install command 82installing
network interface cards 40PCMCIA modem 54
interfacesspecifications 104
IP350 appliances, monitoring 24IP380 appliances, monitoring 24IPSO, booting 81
Lls command 78
Mmanagement ports 20memory
capacity 59upgrading 59
modems, PMCIA 21
monitoring IP350 and IP380 appliances 24
Nnetwork interface cards
deactivating 40dual-port Ethernet 50front panel location 19installing 39, 40types supported 21
NICdeactivating 40
null-modem cable 34
Oopening Voyager 36output connector
for the Ethernet cable 51
PPCMCIA modem, installing 54PCMCIA modems, slot for 21pin assignments for modem connections 22, 23
power connections 29printenv command 76
Rreplacing, hard disk drive 55reset switch 19RJ-45 connector 50, 51
Ssecondary status LEDs 25setalias command 79set-defaults command 79setenv command 78
Index - 112 IP350 and IP380 Appliance Installation Guide
setting variables 78space requirements 103specifications
interfaces 104specifications, technical 103static discharge 61sysinfo command 77
Ttechnical specifications 103troubleshooting 87
Uunsetalias command 80unsetenv command 79upgrading memory 59
Vvariables
autoboot 74boot flag 75boot manager 74boot-device 75boot-file 75bootwait 74setting 78viewing 76
Voyageropening 36
IP350 and IP380 Appliance Installation Guide Index - 113
Index - 114 IP350 and IP380 Appliance Installation Guide