Manuale d’uso / di manutenzione del prodotto 5000 del fabbricante Juniper Networks
Vai alla pagina of 66
N ET S CREEN -5000 S ERIES User’s Guide Version 5.0 P/N 093-1698-000 Rev. D.
Copyright Notice Copyright © 2006 Juniper Networks , Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, Ne tScreen Techn ologies, GigaScr een, and the Ne tScreen log o are registered trademarks of Juniper Netw orks, Inc.
NetScreen-5000 Series iii Table of Contents Preface .............................. .............................. .............................................. ......... vii Guide Organization ........... .............. .............. .............. .
Table of Conten ts iv User’s Guide NetScreen-5400 Interfaces ......................................................... ................... 24 Configurable Interfaces .................................... ............................... ............. 24 Performing Initial Connection and Config uration .
NetScreen-5000 Series v EMI Certifications ..................... .............. .............. .............. ................ ...... A-III Connectors .......... .............. .............. .............. ........... .............. .............. ..
Table of Conten ts vi User’s Guide.
NetScreen-5000 Series vii Preface The Juniper Networks NetScreen-5 000 Series consists of purp ose-built, hi gh-performance security systems that provide IPSec VPN and firewall services fo r large-scale carrier, enterprise, and data-cent er networks.
Preface viii User’s Guide C OMMAND L INE I NTERFACE (CLI) C ONVENTIONS The following conventions are used when pr esenting the syntax of a command line interface (CLI) comman d: • Anything inside square brackets [ ] is optional. • Anything insi de braces { } is required.
NetScreen-5000 Series 1 1 Chapter 1 Overview This chapter prov ides detailed d escriptions of the NetScree n-5000 Serie s, modules, power supplies, and fan assemb lies.
Chapter 1 Overview 2 User’s Guide N ET S CREEN -5000 S ERIES This section describes the NetScreen-5000 Series, whic h currently includes the NetScreen-5200 and t he NetScreen-5400. NetScreen-5200 The NetScreen-5200 is a chassi s-based, two-slot network securi ty device with a 2U (rack unit) chassis.
Power Supplies NetScreen-5000 Series 3 P OWER S UPPLIES The NetScreen-5000 Series can us e two kinds of power supplies: • Direct Current (DC) Power Supply • Alternating Current (AC) Power Supply The slots for these power supplies are locate d in the back of the NetScreen-5200 and on the front of the NetScre en-5400.
Chapter 1 Overview 4 User’s Guide The DC Power Supply The DC power supply weighs about three poun ds. The faceplate contains a power LED, a power switch, a cooling fan vent, and three DC power terminal blocks that connect to power cables. The figure below shows the NetScreen-5200 DC power supply .
Fan Modules NetScreen-5000 Series 5 F AN M ODULES The NetScreen-5200 has a three-f an module and th e NetScreen-5 400 has a two- fan module. You can access the fan mod ule from the l eft front side of ea ch chassis.
Chapter 1 Overview 6 User’s Guide Management Modules The management mod ule provides general-purpose CPU delivery, and contains dedicated High Availabili ty (HA) and manageme nt interf aces. It handles tasks such as management access, session setup and term ination, and Internet Key Ex change (IKE) negotiation.
NetScreen-5000 Modules NetScreen-5000 Series 7 The 5000-M2 Management Module The 5000-M2 management module is based a r ound powerful, dual 1GHz PowerPC CPUs, which assist o ther system elements, primarily with n on-flow related tasks. The 5000 -M2 management module provides ov erall management and control of the system.
Chapter 1 Overview 8 User’s Guide Secure Port Modules Secure Port Modules (SPMs) perform general packet proces s ing and device connection tasks for devices that communicate with the NetScreen -5000 Series. These modules are based around the GigaScreen-II ASIC.
NetScreen-5000 Modules NetScreen-5000 Series 9 The 5000-2G24FE SPM The 5000-2G24FE SPM provides two 1-Gi gabit Ethernet ports and 24 Fast Ethernet (FE) ports with up to 2 Gbps of firewal l and up to 1 Gbps of VPN proces s capacity. This module is capable of supporti ng a total of six aggr egate interfaces.
Chapter 1 Overview 10 User’s Guide The 5000-8G2 SPM The 5000-8G2 SPM provides eight 1- Gigabit mini-GBIC Ethernet ports using hot-swappable transcei vers.
NetScreen-5000 Modules NetScreen-5000 Series 11 The 5000-2XGE SPM The 5000-2XGE SPM provides two 10-Gigabi t mini-GBIC Ethernet ports using hot-swappable tra nsceivers. The 5000-2XGE SPM delivers up to 1 0 Gbps of firewall and up to 5 Gbps of VPN capacity.
Chapter 1 Overview 12 User’s Guide.
NetScreen-5000 Series 13 2 Chapter 2 Installing the Device This chapter describes how to install a Ne tScreen-5000 Series in an equipme n t rack or on a desktop and how to co nfigure the d evice on a netwo rk.
Chapter 2 Installing the Device 14 User’s Guide G ENERAL I NSTALLATION G UIDELINES Observing the following pre cautions can p r event injuries, equi p ment failur es, and shutdowns: • Never assume that the power su pply is disconnected from a power source.
Mounting the NetScreen-5000 Series NetScreen-5000 Series 15 There are two ways to rack mount the NetScreen-5200: • Rear and front mount • Mid-mount You can only front-mo unt the NetScreen-5400. M OUNTING THE N ET S CREEN -5000 S ERIES The following sections describe how to rack mount the Ne tScreen-5000 Series.
Chapter 2 Installing the Device 16 User’s Guide NetScreen-5200 Mid-Mount To mid-mount the NetScreen-5200, you n eed four fitted screws, a Phillips-head screwdriver, and brackets. To mid-mount the NetScreen-5200: 1. Screw the left and right brackets to th e middle of each si de of the chassis.
Installing and Connecting the AC Power Supply NetScreen-5000 Series 17 I NSTALLING AND C ONNECTING THE AC P OWER S UPPLY To install and connect the AC power supply to the NetScreen-5000 Series: 1. On the NetScreen-520 0, slide the po wer supply into one of the power compartments in the back of the system.
Chapter 2 Installing the Device 18 User’s Guide The DC power supply, pow er switch, ground ing screw, and terminal blocks, are located on the faceplate of the power supply unit. To connect the DC power supply to a grou nding point at your site: 1. Remove the hex nut on the grounding screw.
Establishing an HA Connection NetScreen-5000 Series 19 E STABLISHING AN HA C ONNECTION To assure continuous traffic flow in the ev ent of a system failure, you can cable and configure two NetScreen devices in a redundan t cluster, with one device acting as a master and the other as its backup.
Chapter 2 Installing the Device 20 User’s Guide.
NetScreen-5000 Series 21 3 Chapter 3 Configuring the Device This chapter describes how to perform initia l configuration on the NetScreen-5000 Series once you have mounted it in a rack or de sktop, plugged in the necessary cables, and turned the power on.
Chapter 3 Configuring the Device 22 User’s Guide O PERATIONAL M ODES The NetScreen-5000 Series supports two oper at ional modes: Transpare nt and Route. The default mode is Route. Transparent Mode In Transparent mode, a NetScreen- 5000 Series systems operates as a Layer-2 bridge.
The NetScreen-5000 Interfaces NetScreen-5000 Series 23 T HE N ET S CREEN -5000 I NTERFACES Each Secure Port Module (SPM) for the NetScreen-5000 Series sy stem provides 2, 8, or 26 physical ethernet ports. Each of these ports can serve as a physical interface.
Chapter 3 Configuring the Device 24 User’s Guide NetScreen-5400 Interfaces A NetScreen-5400 contains one management modu l e ( i n s l o t 1 ) a n d u p t o t h r e e S P M s . Y o u can use a 5000-M or a 5000 -M2 management modu le in slot 1. In the illustra tions below , the device contains three 5000 -8G SPMs.
Performing Initial Connection and Configuration NetScreen-5000 Series 25 P ERFORMING I NITIAL C ONNECTION AND C ONFIGURATION To establish the first console session with the NetScreen-5000 Series system, use a v t100 terminal emulator progra m through the pr ovided RJ-45/ DB9 serial port c onnector.
Chapter 3 Configuring the Device 26 User’s Guide Upgrading the Firmware Du ring the Boot Process 1. Connect your computer to the NetScreen-5000 Series system: a. Using a serial cable, con nect the se rial port on your computer to the console port on the NetScreen-5000 Se ries system .
Performing Initial Connection and Configuration NetScreen-5000 Series 27 Changing Your Admin Name and Password Because all NetScreen products use the same admin name and password ( netscr een ), it is highly advisable to change your admin name and password immediately.
Chapter 3 Configuring the Device 28 User’s Guide For example, to set the IP address and subnet mask of the MGT interface to 10.100.2.183 and 16, respecti vely: set interface mgt ip 10.
Configuring the Device for Telnet and WebUI Sessions NetScreen-5000 Series 29 3. Set the IP address an d subnet mask by executing the following command: set interface ethernet2/3 ip ip_ad dr / mask where ip_addr is the IP address and mask is the subnet mask .
Chapter 3 Configuring the Device 30 User’s Guide For example, if the MGT interface has an address of 10.100.2.183 , then enter: telnet 10.100.2.183 3. At the Userna me prompt, ty pe your user name (default is netscreen ). 4. At the Password prompt, type your password (default is netscreen ).
Configuring the Chassis Alarm NetScreen-5000 Series 31 For example, if you assigned the MGT interface an IP address of 10.100.2.183 /16, then enter: http://10.100.2.183 The NetScreen WebUI software displays the login prompt. 3. Enter netscreen in both the Admin Name and Password fields, and then click Login .
Chapter 3 Configuring the Device 32 User’s Guide C ONFIGURING J UMBO F RAMES The 5000-8G2 and 5000-2 XGE SPMs support jumbo frames that are up to 9,830 bytes. To set jumbo frames, use the set environment max-frame-si ze=9830 CLI command. You must reboot the system before this feature can take effect.
Using CLI Commands to Reset the Device NetScreen-5000 Series 33 4. (Optional) To see the updated port list and detail s about the new aggregate interface: get interface get interface aggregate1 Notice that the listing contains aggregate1 , an aggregate interface comprised of ethernet2/1 and ethernet2/2.
Chapter 3 Configuring the Device 34 User’s Guide 3. Press the y key. The following message appears: !! Reconfirm Lost Password Reset !! If you continue, the entire configuration of the device will be erased. In addition, a permanent coun ter will be incremented to signify that this device has been reset.
NetScreen-5000 Series 35 4 Chapter 4 Servicing the Device This chapter deta ils service and mainte nance of various components in your NetScreen-5000 Series system.
Chapter 4 Servicing the Device 36 User’s Guide R EMOVING AND R ESEATING M ODULES Although NetScreen-500 0 Series modules are pr e-installed before shipping, you may find it necessary to remove or reseat modules to suit the special security ne eds of your network.
Replacing an AC Power Supply NetScreen-5000 Series 37 R EPLACING AN AC P OWER S UPPLY To replace an AC power supply : 1. Turn off the pow er supply. 2. Lift the AC power cord retainer clip. 3. Unplug the cord fr om the power supply. 4. Turn the thumbscrew counterclockw ise to release the power supply.
Chapter 4 Servicing the Device 38 User’s Guide NetScreen-5200 Fan Module To remove the fan modu le on a NetScreen-5200: 1. Pull the fan l ever until it i s fully extende d. 2. Grip the sides, then gently slide the assembly straight out. 3. Insert the new fan module in the fa n bay, then push it straight in.
Replacing the Fan Module NetScreen-5000 Series 39 NetScreen-5200 Fan Tray Filter Before you replace the fan tray filter, make sure you have the f ollowing tools: • Flashlight or other light source • 18-inch wooden ruler To replace the fan tray filter: 1.
Chapter 4 Servicing the Device 40 User’s Guide 7. Once the filter is f ully inserted, push the wooden ruler against the filters surface several times to insure that the filter is secure against the chassis wall. 8. Insert the fan tray into the chassis.
Replacing the Fan Module NetScreen-5000 Series 41 3. Align the new fan mod ule in the fan bay, a nd then push it straight in . 4. Secure the fan module i n place by tightening the thum bscrews clockwise.
Chapter 4 Servicing the Device 42 User’s Guide NetScreen-5400 Fan Tray Filter To replace the fan tray filter: 1. Remove the fan tray (See “NetScreen-5400 Fan Module” on page 40 ). 2. Lay the fan tray filter up. 3. Pull the filter fro m the Velcro ba cking.
Connecting and Disconnecting Gigabit Ethernet Cables NetScreen-5000 Series 43 C ONNECTING AND D ISCONNECTING G IGABIT E THERNET C ABLES To connect a Gigabit Ethernet cable to a mini-GBIC connect or transceiver port: 1.
Chapter 4 Servicing the Device 44 User’s Guide.
NetScreen-5000 Series I A Appendix A Specifications This appendix provid es general system specificatio ns for the NetScreen-5000 Series. • “NetScreen-5200 Attributes” on page A-II • “NetScr.
Appendix A Specifications II User’s Guide N ET S CREEN -5200 A TTRIBUTES Height: 3.4 inches (8.6 cm) Depth: 19.5 inches (49.5 cm) Width: 17.5 inches (44.5 cm) Weight: 32 pounds (without power supply) (1 5 kg) N ET S CREEN -5400 A TTRIBUTES Height: 8.
NetScreen-5000 Series III NEBS C ERTIFICATIONS Level 3 NetScreen-5200 with DC power supply. GR-63-Core: NEBS, Environment al Testing GR-1089-Core: EMC an d Electrical Safety for Ne twork Telecommunica.
Appendix A Specifications IV User’s Guide The following table show s the 10-Gigabit media types and di stances for the different types of connect ors used with the NetScreen-5000 Series systems. Standard Media Type Mhz/Km Rating Maximu m Distance 1000 Base-SR 62.
NetScreen-5000 Series I B Appendix B Port Descriptions and LED Status This appendix provid es detail on port des criptions and LED status for th e NetScreen-5000 Series modules.
Appendix B Port Descri ptions and LED Status II User’s Guide M ODULE P ORT D ESCRIPTIONS The following table describes th e ports on the 5000-M and 5000-M2 management modules. The following table describes th e ports on the 5000-8G Secure Port Module (SPM).
NetScreen-5000 Series III The following table detail s th e ports on the 5000-8G2 SPM. The following table detail s th e ports on the 5000-2XGE SPM. M ODULE LED D ESCRIPTIONS This section provides descriptions of the LEDs on NetScre en-5000 Series modules.
Appendix B Port Descri ptions and LED Status IV User’s Guide S TATUS LED S TATES This section describes Status LED states on all modules. Interpreting Status LE Ds for the Management Modules The Status LEDs indicate whether the mana gement module is op erating properl y.
NetScreen-5000 Series V Interpreting Status LEDs for the Secure Port Module The Status LEDs indicate whether the Secure Port Module is operating properly .
Appendix B Port Descri ptions and LED Status VI User’s Guide P OWER S UPPLY LED S The following tables describe LED behavi ors on the 5000-M and 5000-M2 for different combinations of functioning p ower supplies.
NetScreen-5000 Series VII F AN LED The following table describes th e Fan LED on both the NetScreen-5200 and NetScreen-5400 chassis. LED Color Meaning of the LED green Fans are operating.
Appendix B Port Descri ptions and LED Status VIII User’s Guide.
Index NetScreen-5000 Series IX-I Index Numerics 5000-2G24FE, description 9 5000-2XGE, description 11 5000-8G description 8 figure 8 port status LEDs V system status LEDs V 5000-8G2 description 10 figu.
Index IX-II User’s Guide 5000-8G 8 5000-8G2 10, 11 5000-M 6 5000-M2 7 allowable slots 5 installing 5 management module 6 secure port modules 7 mounting mid-mount rack installation 16 rear and front .
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Juniper Networks 5000 è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Juniper Networks 5000 - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Juniper Networks 5000 imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Juniper Networks 5000 ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Juniper Networks 5000, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Juniper Networks 5000.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Juniper Networks 5000. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Juniper Networks 5000 insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.