Nokia IP1200 Series Installation Manual
  1. Manuals
  2. Brands
  3. Nokia Manuals
  4. Security System
  5. IP1200 Series
  6. Installation manual
Nokia IP1200 Series Installation Manual

Nokia IP1200 Series Installation Manual

Security platform
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Nokia IP1200 Series
Security Platform
Installation Guide
Part No. N450897003 Rev B
Published May 2004

Advertisement

Table of Contents
loading

Related Manuals for Nokia IP1200 Series

Summary of Contents for Nokia IP1200 Series

  • Page 1 Nokia IP1200 Series Security Platform Installation Guide Part No. N450897003 Rev B Published May 2004...
  • Page 2 Rights clause at FAR 52.227-19. IMPORTANT NOTE TO USERS This software and hardware is provided by Nokia Inc. as is and any express or implied warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Nokia, or its affiliates, subsidiaries or suppliers be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services;...
  • Page 3 Singapore 119968 Nokia Customer Support Web Site: https://support.nokia.com/ Email: tac.support@nokia.com Americas Europe Voice: 1-888-361-5030 or Voice: +44 (0) 125-286-8900 1-613-271-6721 Fax: 1-613-271-8782 Fax: +44 (0) 125-286-5666 Asia-Pacific Voice: +65-67232999 Fax: +65-67232897 031014 Nokia IP1200 Series Security Platform Installation Guide...
  • Page 4 Nokia IP1200 Series Security Platform Installation Guide...

  • Page 5: Table Of Contents

    Overview ......... . . 19 About the Nokia IP1200 Series Security Platform ... . . 19 Managing the Nokia IP1200 Series Security Platform .
  • Page 6 Platform ..........50 Using Nokia Horizon Manager ......51 Installing the Nokia IP1200 Series Security Platform .
  • Page 7 ..........106 Nokia IP1200 Series Security Platform Installation Guide...
  • Page 8 Booting the System ........106 Using the Boot Manager to Install Nokia IPSO ....107 Protecting the Boot Manager with a Password .
  • Page 9 Index ..........153 Nokia IP1200 Series Security Platform Installation Guide...
  • Page 10 Nokia IP1200 Series Security Platform Installation Guide...
  • Page 11 Figure 4 Pin Assignments for Modem Connection ... 27 Figure 5 Nokia IP1200 Series Security Platform System Status LEDs ....... . 28 Figure 6 Hard-Disk Drive Front Panel .
  • Page 12 Figure 31 Location of Hard Disk Drives ....120 Figure 32 DIMM Socket Locations ..... . 129 Nokia IP1200 Series Security Platform Installation Guide...
  • Page 13 Table 1 Text Conventions ......17 Table 2 Nokia IP1200 Series Security Platform Specifics ..20 Table 3 PMC Expansion Slots .
  • Page 14 Nokia IP1200 Series Security Platform Installation Guide...

  • Page 15: About This Guide

    About this Guide This manual provides information for the installation and use of the Nokia IP1200 Series Security Platforms. Installation and maintenance should be performed by experienced technicians or Nokia-approved service providers only. This preface provides the following information: In This Guide...

  • Page 16: Conventions This Guide Uses

    Caution Cautions indicate potential equipment damage, equipment malfunction, loss of performance, loss of data, or interruption of service. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 17: Text Conventions

    • Emphasizes a point or denotes new terms at the place where Italics they are defined in the text. • Indicates an external book title reference. • Indicates a variable in a command: delete interface if_name Nokia IP1200 Series Security Platform Installation Guide...

  • Page 18: Related Documentation

    About this Guide Related Documentation You can find this guide in PDF on the Nokia support Web site (https:// support.nokia.com/) and on the Nokia IPSO Operating System CD-ROM issued with your Nokia IP1200 Series Security Platform. In addition to this guide, documentation for this product includes the...

  • Page 19: Overview

    Software Requirements About the Nokia IP1200 Series Security Platform The Nokia IP1200 Series Security Platform combines the power of the Nokia IPSO operating system with the Nokia Secure Access System and firewall applications. The Nokia IP1260 Security Platform is a high-end, multi port security platform that is ideally suited for the enterprise data center.

  • Page 20: Table 2 Nokia Ip1200 Series Security Platform Specifics

    Application Intelligence R55 The IP1200 Series is a two-rack unit appliance that incorporates a serviceable slide-out tray into the chassis design. The front panel of the IP1200 Series has two I/O slots that support hot-swapping operations. A PMC carrier is provided for the I/O slots.

  • Page 21: Managing The Nokia Ip1200 Series Security Platform

    Managing the Nokia IP1200 Series Security Platform provides redundant power supplies, N + 1 cooling, and hot swapping from the storage and PMC NIC slots. As a network device, the IP1200 Series supports a comprehensive suite of IP- routing functions and protocols, including: RIPv1/RIPv2...
  • Page 22 Overview Voyager—manage, monitor, and configure the IP1200 Series—you can also do with the CLI. For information about how to access the CLI, see the Nokia CLI Reference Guide for IPSO v3.6 or later. Nokia Horizon Manager—a secure GUI-based software image management application.

  • Page 23: Nokia Ip1200 Series Security Platform Overview

    Nokia IP1200 Series Security Platform Overview Nokia IP1200 Series Security Platform Overview Figure 1 shows the component locations for the Nokia IP1200 Series Security Platform. Figure 1 Component Locations Front View System status LEDs Dual 6U PMC carrier expansion slots 1 and 2...

  • Page 24: Ethernet Management Ports

    Port 4 00120a RJ-45 connectors PMC Expansion Slots The IP1200 Series uses two 6U dual PMC carriers in slot 1 and slot 2 to provide up to four expansion subslots for the NICs listed in Table Note The Nokia IP security platforms are LAN devices that can also use Nokia NICs for wide area or out-of-band network connections.

  • Page 25: Table 3 Pmc Expansion Slots

    “Single-Port T1 NIC” page 91 Note Nokia products only support NICs purchased from Nokia or Nokia- approved resellers. The Nokia Global Support Services group can only provide support for Nokia products that use Nokia-approved accessories. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 26: Console Port

    Overview For sales or reseller information, contact a Nokia service provider listed in “Nokia Contact Information” on page 3. Console Port Use the built-in console port, shown in Figure 1, to supply information that makes the appliance available on the network.

  • Page 27: Serial (Aux) Port

    5 (GND) 7 (GND) 5 (GND) 6 (DSR) Input 6 (DSR) 4 (DTR) 7 (RTS) Output 4 (RTS) 1 (DCD) 8 (CTS) Input 5 (CTS) 1 (DCD) 9 (RI) Output 22 (RI) 4 (DTR) Nokia IP1200 Series Security Platform Installation Guide...

  • Page 28: System Status Leds

    Overview System Status LEDs You can visually monitor the status of the Nokia IP1200 Series Security Platform by checking the system status LEDs. The system status LEDs are located on the center of the front panel, as shown in Figure...

  • Page 29: Hard Disk Drives

    Disk Mirroring The Nokia disk-mirroring feature provides fault tolerance by allowing the IP1200 Series to continue working in the event of a disk failure. You can create mirror sets that consist of a source hard disk drive (which holds the active copy of the operating system) and mirror hard disk drive.

  • Page 30: Hard-Disk Drive Hot Swap Feature

    You can use Nokia Network Voyager, the command-line interface (CLI), or Lynx to create and delete mirror sets. Note If your IP1200 Series contains two hard disk drives when you receive it, the disk-mirroring feature is already enabled. For more information about disk mirroring, including configuration details, see the Nokia Network Voyager Reference Guide and the IPSO Release Notes and Getting Started Guide for the version of IPSO you are running.

  • Page 31: Figure 6 Hard-Disk Drive Front Panel

    To avoid damage to the ejection lever, loosen the two retaining screws before you remove the hard disk drive. Once screw is located behind the ejection lever, and the other screw is on the opposite side. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 32: Power Supplies And Fan Unit

    Do not remove the hard disk drive if the Status LED is blinking green. Power Supplies and Fan Unit The power supplies and fan unit are located at the rear of the IP1200 Series, as shown in Figure Nokia IP1200 Series Security Platform Installation Guide...

  • Page 33: Power Supplies

    Power switch Fan unit Power Supplies The Nokia IP1200 Series Security Platform supports up to two power supplies for power sharing and redundancy. The IP1260 comes with two power supplies as the standard package. The IP1220 comes with power supply; a second one is optional.

  • Page 34: Figure 8 Power Supply, Cooling Fan, And Power Switch

    Overview Caution The Nokia IP1200 Series power supply might be hot to the touch when the power supply unit is plugged in to an AC power source and the power supply is not turned on. This is because the internal...

  • Page 35: Fan Unit

    Fan Unit The IP1200 Series fan unit is a single unit made up of eight individual fans to provide the air flow required to maintain a proper operating temperature. The fan unit can provide proper airflow for a short time even if an individual fan fails.

  • Page 36: Site Requirements, Warnings, And Cautions

    Overview Site Requirements, Warnings, and Cautions Before you install an IP1200 Series, ensure that your computer room or wiring closet conforms to the environmental specifications listed in Appendix A, “Technical Specifications.” Warning Hazardous radiation exposure can occur if you use controls, make performance adjustments, or follow procedures that are not described in this document.

  • Page 37: Software Requirements

    Software Requirements Software Requirements The Nokia IP1260 Security Platform supports the following operating system and applications as of the publication date for this guide: Nokia operating system software requirements—IPSO v3.7 or later. Firewall and VPN software requirements—Check Point NG FP3 (hf2) VPN-1/FireWall-1 or later.
  • Page 38 Overview Nokia IP1200 Series Security Platform Installation Guide...

  • Page 39: Performing The Initial Configuration

    Performing the Initial Configuration The first time you turn on power to a Nokia IP1200 Series Security Platform, the initial configuration process begins. This process enables you to configure the network settings and provides access to the admin account. You can perform the initial configuration in two ways: Configure a DHCP server to provide the initial configuration information the first time the appliance is started.

  • Page 40: Using A Console Connection

    Replacing Other Components.” Using a Console Connection If you do not use DHCP to perform the initial configuration of your Nokia IP1200 Series Security Platform, you must use a serial console connection (cable included). After you perform the initial configuration, you no longer need the console connection.
  • Page 41 For cable pin assignments for the console connection, see “Console Port” on page 26. 2. Connect the other end of the cable to the VT100 console or to a system running a terminal-emulation program. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 42: Connecting Power And Turning The Power On

    Caution To avoid potential service interruptions from momentary facility power interruptions and potential power spikes that might damage your equipment, Nokia strongly recommends that you use an uninterruptible power supply (UPS) with surge protection with your IP1200 Series. To connect the power supply 1.
  • Page 43 (115 VAC or 220 VAC [85 to 264]) and configures itself appropriately. 4. Check the power LED (the Nokia logo) on the front panel of the appliance to ensure that the power supply is operating correctly. The power LED should be illuminated. For more information about the system status LEDs, see “System Status LEDs”...

  • Page 44: Performing The Initial Configuration

    Performing the Initial Configuration Performing the Initial Configuration If you do not use DHCP to perform the initial configuration of your Nokia IP1200 Series Security Platform, you must use a serial console connection (cable included). After you perform the initial configuration, you no longer need the console connection.
  • Page 45 Nokia software release you are running. 4. When you are prompted to select an interface, Nokia recommends that you select one of the Ethernet management interface ports. To select an interface, enter the number adjacent to the physical ID in the list of connected interfaces.

  • Page 46: Connecting Network Interfaces

    Voyager to configure the remaining network ports. Connecting Network Interfaces Connect at least one network interface to the network to use as the Nokia Network Voyager system-management interface. This interface is configured during the initial configuration process, which is described in Chapter 2, “Performing the Initial Configuration.”...

  • Page 47: Using Nokia Network Voyager To Manage Your Security Platform

    89. Using Nokia Network Voyager to Manage Your Security Platform Use Nokia Network Voyager to configure and monitor your IP1200 Series. For additional information about how to use Network Voyager, see “Accessing Nokia Network Voyager Reference Information” “Nokia Network Voyager Inline Help”...

  • Page 48: Accessing Nokia Network Voyager Reference Information

    Accessing Nokia Network Voyager Reference Information As you use Nokia Network Voyager, the Nokia Network Voyager Reference Guide and Voyager inline help are available for you to use. You can access both information sources from the Network Voyager interface, Figure 10 shows.

  • Page 49: Nokia Network Voyager Reference Guide

    CD that was delivered with your appliance (see the doc folder). Nokia Network Voyager Inline Help You can access inline help when you use Nokia Network Voyager. Inline help is the context-sensitive information source for Network Voyager. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 50: Using Nokia Network Voyager To Monitor A Nokia Ip1200 Series Security Platform

    CLI. clish For further information about establishing a connection with and invoking the CLI, see the Nokia CLI Reference Guide for IPSO-SX for the version of IPSO-SX you are using. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 51: Using Nokia Horizon Manager

    Using Nokia Horizon Manager Using Nokia Horizon Manager You can use Horizon Manager to install and upgrade the Nokia proprietary Nokia IPSO operating system. For information about how to obtain Horizon Manager, see the “Nokia Contact Information” on page 3.
  • Page 52 Performing the Initial Configuration Nokia IP1200 Series Security Platform Installation Guide...

  • Page 53: Installing The Nokia Ip1200 Series Security Platform

    Installing the Nokia IP1200 Series Security Platform This chapter describes how to install the Nokia IP1200 Series Security Platform. The following topic is discussed: Rack Mounting the Security Platform Before You Begin Caution To help guard against electrostatic discharge damage, make sure...

  • Page 54: Before You Begin

    Installing the Nokia IP1200 Series Security Platform Figure 11 Rack-Mounting Screw Locations 00307a.1 Rack-mounting screw locations Two rack-mounting positions allow you to mount the security platform either flush with the rack, or four inches forward of the equipment rack. If the space behind the rack is insufficient, the rack mounting brackets can be attached further back on the side of the appliance.
  • Page 55 Do not over tighten the nuts. 6. Attach the grounding cable to an earth ground or other grounding point to meet the specifications of your installation site. Nokia IP1200 Series Security Platform Installation Guide...
  • Page 56 Installing the Nokia IP1200 Series Security Platform To rack mount the security platform Caution The security platform is heavy. Use care when you remove it from the packaging. 1. Remove the appliance from the packaging. 2. Optionally, remove the fan unit from the back of the appliance.
  • Page 57 Slowly pull the fan unit out of the chassis toward the rear. 00318.1 3. Optionally, remove the power supplies from the rear of the appliance. a. Locate the power supply on the back of the IP1200 Series and the two screws that secure it. 00308a Power supplies b.
  • Page 58 Installing the Nokia IP1200 Series Security Platform d. Use the handles to gently pull the power supply out of the chassis. 00317.1 4. Optionally, remove the chassis assembly from the appliance. Caution To help guard against electrostatic discharge damage, make sure...
  • Page 59 Slide the chassis assembly forward and pull it entirely out of the appliance. 00326a.1 c. Place the chassis assembly on a properly grounded surface. 5. Adjust the mounting brackets on the side of the appliance if necessary. Nokia IP1200 Series Security Platform Installation Guide...
  • Page 60 Installing the Nokia IP1200 Series Security Platform 6. Mount the appliance into a standard 19-inch rack by using the mounting screws located on the mounting brackets. 7. Slide the chassis assembly back into the appliance until it clicks into place, and resecure the four chassis assembly retaining screws.

  • Page 61: Installing And Replacing Network Interface Cards

    The Nokia IP1200 Series Security Platform may come with one of the network interface cards (NICs) you ordered already installed. All NICs installed in the IP1200 Series are housed in a 6U PMC carrier. Network interface cards in the 6U PMC carrier are hot swappable.

  • Page 62: Removing, Installing, And Replacing Nics

    Removing, Installing, and Replacing NICs The IP1200 Series has two slots on the front of the appliance that hold two 6U PMC carriers. All NICs installed in the IP1200 Series are housed in the 6U PMC carrier.

  • Page 63: Before You Begin

    Removing, Installing, and Replacing NICs Note Because the IP1200 Series supports hot swapping of NICs, you do not have to turn off power from the system to remove, install, or replace a NIC. Before You Begin Before you install the card, make sure that the rubber gasket around the front of the card is installed properly.
  • Page 64 PMC carrier. The power LED on the front of the PMC carrier is extinguished when the power is removed. 4. Press or push the levers toward the outer edges of the IP1200 Series. Ejection and locking levers Push red...
  • Page 65 5. Continue to press or push the levers outward until the PMC carrier is released and extends slightly beyond the front panel of the IP1200 Series. 6. Gently pull the PMC carrier out from the slot and place it on a suitable, grounded work surface.
  • Page 66 00311 Note If you are installing a NIC in an unoccupied slot on the PMC carrier, remove the blank bezel that covers the slot and retain it for future use. Proceed to step Nokia IP1200 Series Security Platform Installation Guide...
  • Page 67 9. Locate and remove the two card retaining screws from the back of the NIC. 00312 10. Remove the NIC by lifting the back of the NIC away from the chassis assembly and pulling it gently away from the front panel. 00313 Nokia IP1200 Series Security Platform Installation Guide...
  • Page 68 PMC carrier and that the screw holes on the bottom of the bezel align with those on the bottom of the PMC carrier. Proceed to step Note The blank bezel is required for the IP1200 Series to meet emissions requirements during operation. Nokia IP1200 Series Security Platform Installation Guide...
  • Page 69 13. From the underside of the PMC carrier, screw in the bezel retaining screws. 00311 14. Insert the PMC carrier back into its original slot on the front of the IP1200 Series until it clicks into place. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 70: Configuring And Activating Interfaces

    The power indicator LED on the PMC carrier illuminates green. 00315.1 If you are replacing a NIC with a new NIC of the same type, the Nokia IPSO operating system automatically recognizes the NIC and applies the original configuration to the new NIC.

  • Page 71: Monitoring Network Interface Cards

    LED status indicators on each NIC. The status indicators for each NIC are explained in Chapter 5, “Connecting PMC Network Interface Cards.” Use Nokia Network Voyager to access detailed port information. For information about how to access Network Voyager, see “Accessing Nokia Network Voyager Reference Information”...
  • Page 72 Installing and Replacing Network Interface Cards Nokia IP1200 Series Security Platform Installation Guide...

  • Page 73: Connecting Pmc Network Interface Cards

    Connecting PMC Network Interface Cards This chapter describes the network interface cards available for the Nokia IP1200 Series Security Platform and how to connect those NICs to your network. The following NICs are described: Four-Port and Dual-Port 10/100 Ethernet NICs...

  • Page 74: Table 7 Nic Pci Frequency

    NIC installation to maximize data throughput on your appliance. Caution To protect the IP1200 Series and the memory modules from electrostatic discharge damage, make sure you are properly grounded before you touch these components. Use a grounding wrist strap and follow the instructions provided with the wrist strap before you handle the components or open the appliance.

  • Page 75: Four-Port And Dual-Port 10/100 Ethernet Nics

    The IP1200 Series supports Nokia-approved, four-port and dual-port UTP5 dual-mode (10-Mbps and 100-Mbps) Ethernet NICs installed in a 6U PMC carrier. When you purchase a 10/100 Ethernet NIC with your IP1200 Series, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing...

  • Page 76: Figure 12 Four-Port 10/100 Ethernet Nic Front Panel Details

    Activity LEDs (yellow) After the power is turned on and the cables are connected, the Ethernet link LEDs on both the IP1200 Series and on the remote equipment illuminate to indicate the connection. As data is transmitted, the activity LEDs on the appliance illuminate.

  • Page 77: Ethernet Nic Connectors And Cables

    Figure 14 Output Connector for the Ethernet Cable Assignment TX + TX - 00270 RX + RX - Nokia IP1200 Series Security Platform Installation Guide...

  • Page 78: Dual-Port Fiber-Optic Gigabit Ethernet Nic

    Ethernet NICs installed on a 6U PMC carrier. The IP1200 Series can accommodate up to four Gigabit Ethernet NICs. When you purchase a Gigabit Ethernet NIC with your IP1200 Series, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing...

  • Page 79: Fiber-Optic Gigabit Ethernet Nic Features

    Activity LED (yellow) After the power is turned on and the cables are connected, the Ethernet link LEDs on both the IP1200 Series and on the remote equipment illuminate to indicate the connection. As data is transmitted, the activity LEDs on the appliance illuminate.

  • Page 80: Fiber-Optic Gigabit Ethernet Nic Connectors And Cables

    Gigabit Ethernet NICs installed on a 6U PMC carrier. The IP1200 Series can accommodate up to four Gigabit Ethernet NICs. When you purchase a copper Gigabit Ethernet NIC with your IP1200 Series, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing...

  • Page 81: Copper Gigabit Ethernet Nic Features

    Gigabit Ethernet NICs access a separate PCI bus. For the IP1200 Series appliance, any two NICs installed on a single PMC carrier both operate at the PCI frequency of the least capable NIC installed.

  • Page 82: Dual-Port Copper Gigabit Ethernet Nic Connectors And Cables

    00386.1 Ports After the power is turned on and the cables are connected, the Ethernet link LEDs on both the IP1200 Series and on the remote equipment illuminate to indicate the connection. Note The Link LED on the NIC is bicolored. A green LED indicates a 1 Gbps link speed, and a yellow LED indicates a 10/100 Mbps link speed.
  • Page 83 Class B emissions requirements. Note Nokia copper Gigabit Ethernet NICs support cable autosensing. You can use a straight-through or crossover cable to connect the NIC to a gigabit hub or switch or to connect directly to a host.

  • Page 84: Figure 18 Ethernet Cable Connector Output Pin Assignments

    Figure 18 Ethernet Cable Connector Output Pin Assignments Gigabit Ethernet 10/100 Mbps Pin# Assignment Assignment BI_DA+ 00270 BI_DA- BI_DB+ BI_DC+ BI_DC- BI_DB- BI_DD+ BI_DD- To connect directly to a host, use an RJ-45 crossover cable wired as Figure 19 shows. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 85: Single-Port Isdn S/T Nic

    The Nokia IP1200 Series Security Platform supports Nokia-approved, single-port ISDN S/T NICs installed on a 6U PMC carrier. When you purchase an ISDN NIC with your IP1200 Series, the NIC is installed before the appliance is delivered to you. For information about how to add or replace a NIC, see Chapter 4, “Installing and Replacing Network...

  • Page 86: Single-Port Isdn S/T Nic Features

    One signaling channel at 16 Kbps Tracing through tcpdump PCI operation at 33 MHz and 66 MHz You can configure and monitor ISDN NIC interfaces with Nokia Network Voyager. For information about how to access Network Voyager and the related reference materials, see “Accessing Nokia Network Voyager...

  • Page 87: Single-Port V.35 Or X.21 Nic

    Assignment 00270 Single-Port V.35 or X.21 NIC The Nokia IP1200 Series Security Platform supports a Nokia-approved, single-port V.35 or X.21 NIC. The port type is automatically determined by the type of cable attached to the NIC. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 88: Single-Port V.35 Or X.21 Nic Features

    Connecting PMC Network Interface Cards When you purchase a single-port V.35 or X.21 NIC with your IP1200 Series, the NIC is installed before the appliance is delivered to you and the appliance arrives with the appropriate cable. When you order a NIC after you receive the appliance, the NIC arrives with the specified cable.

  • Page 89: V.35 And X.21 Nic Connectors And Cables

    The connector on the NIC is an Amp 50-pin CHAMP female connector. The cable shipped with the NIC has a 50-pin male connector on one end and the appropriate V.35 or X.21 connector on the other end. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 90: Figure 23 Output Connector For The V.35 Cable

    H Data Terminal Ready Received Data R P Transmitted Data Received Data T S Transmitted Data Receive Timing V U Terminal Timing Receive Timing X W Terminal Timing Y Transmit Timing AA Transmit Timing Nokia IP1200 Series Security Platform Installation Guide...

  • Page 91: Single-Port T1 Nic

    The IP1200 Series IP security platforms support Nokia-approved, single-port T1 cards. The Nokia IP1200 Series appliances can accommodate a maximum number of four cards. The Nokia T1 network interface card provide the following features: Built-in CSU/DSU for long and short-haul operations...
  • Page 92 Up to 24 channels per card (Nokia IPSO supports only fractional channels) Fractional T1 Support for hot-swapping of NICs when used in IP1200 Series appliances Tracing through tcpdump Conformance with RFC 1661 (PPP), 1662 (PPP in HDLC-like framing), 1332 (PPP-IPCP), 1490 (frame relay), and Cisco HDLC Compliance with ANSI T1.403...

  • Page 93: Connectors And Cables

    Warning Cables connecting to the T1 card must be a minimum of 26 AWG wire. Caution Remove the T1 cable before you work on any Nokia appliance. Caution Nokia requires that this equipment be installed by authorized, experienced service personnel who have the equipment installation instructions.

  • Page 94: Figure 26 T1 Network Interface Card Receptacle And Pin

    Figure 26 the RJ-48 connector is numbered from right to left, with the copper pins facing up and toward you. Figure 26 T1 Network Interface Card Receptacle and Pin Assignments Pin# Assignment 00270 Nokia IP1200 Series Security Platform Installation Guide...

  • Page 95: Single-Port E1 Nic

    Up to 32 channels per card Channels 0 and 16 can be used for inband signaling IPSO supports only fractional channels Fractional E1 Support for hot-swapping of NICs when used in IP1200 Series appliances Tracing through tcpdump Nokia IP1200 Series Security Platform Installation Guide...

  • Page 96: Connectors And Cables

    Conformance with RFC 1661 (PPP), 1662 (PPP in HDLC-like framing), 1332 (PPP-IPCP), and Cisco HDLC Compliance with ITUT G703 You can configure and monitor E1 interfaces by using Nokia Network Voyager, the Web-based element manager configuration and monitoring program for the Nokia IPSO operating system.
  • Page 97 Cables connecting to the E1 card must be a minimum of 26 AWG wire. Caution Remove the E1 cable before you work on any Nokia appliance. Caution Nokia requires that this equipment be installed by authorized, experienced service personnel who have the equipment installation instructions.

  • Page 98: Figure 29 E1 Network Interface Card Receptacle And Pin

    Connecting PMC Network Interface Cards Figure 29 E1 Network Interface Card Receptacle and Pin Assignments Pin# Assignment 00270 Figure 30 E1 Crossover Cable Connection Diagram 00018.1 Nokia IP1200 Series Security Platform Installation Guide...

  • Page 99: Using The Boot Manager

    Installing the Boot Manager Upgrading the Boot Manager When you first receive your Nokia IP1200 Series Security Platform, the boot manager uses factory-default parameters (such as kernel, and boot device) for the boot process. The factory defaults cause the appliance to bypass the boot manager prompt after a three-second wait.

  • Page 100: Variables

    If autoboot is set to no, the IP1200 Series stops at the boot manager command line during the boot process. If autoboot is set to yes, the IP1200 Series does not stop at the boot manager command line during a boot up. It does wait for the amount of time specified in bootwait for input from the keyboard.

  • Page 101: Viewing The Variables And Other System Parameters

    The command has the following syntax: printenv For example: BOOTMGR[93]> printenv NOKIA IPSO BOOTMGR VERSION=3.7 07.05.2003-130000 autoboot: YES testboot: NO bootwait: 3 boot-file: /image/current/kernel boot-flags: boot-device: wd0 vendor: Nokia model: IP bmslice: 4 Nokia IP1200 Series Security Platform Installation Guide...

  • Page 102: Sysinfo

    0:30:30:0:20:10 speed 10M full duplex eth-s3p2: flags=130<BROADCAST,MULTICAST,PRESENT> ether 0:30:30:0:20:11 speed 10M full duplex eth-s3p3: flags=130<BROADCAST,MULTICAST,PRESENT> ether 0:30:30:0:20:12 speed 10M full duplex eth-s3p4: flags=130<BROADCAST,MULTICAST,PRESENT> ether 0:30:30:0:20:13 speed 10M full duplex loop0: flags=10b<UP,LINK,LOOPBACK,PRESENT> soverf0: flags=2923<UP,LINK,MULTICAST,PRESENT,IPV6ONLY> stof0: flags=2903<UP,LINK,PRESENT,IPV6ONLY> tun0: flags=107<UP,LINK,POINTOPOINT,PRESENT> Nokia IP1200 Series Security Platform Installation Guide...

  • Page 103: Setting The Variables

    Variables Use the ls command to view the contents of directories on the devices in your IP1200 Series. The command has the following syntax: ls device directory where device is the device that contains the directory you want to look at, and directory is the directory on that device.

  • Page 104: Unsetenv

    The command has the following syntax: set-defaults name where name is the name of the variable to be set to its factory default. If name is not specified, all variables are set to their factory defaults. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 105: Setalias

    Use the unsetalias command to clear an alias. The command has the following syntax: unsetalias name where name is the name of the alias to be cleared. For example, the following command deletes the alias from the list of disk aliases: BOOTMGR[2]> unsetalias disk Nokia IP1200 Series Security Platform Installation Guide...

  • Page 106: Other Commands

    Booting the System The boot command lets you boot up the Nokia IPSO operating system. It allows you to set the boot device, boot file, and boot flags from the command line. The command has the following syntax:...

  • Page 107: Using The Boot Manager To Install Nokia Ipso

    (the hard disk drive) boot-file /image/current/kernel boot-flags Using the Boot Manager to Install Nokia IPSO Use the install command to install Nokia IPSO. The syntax of the command install For complete installation procedures, see the appropriate version of release notes. Note Using the install command to perform a full installation deletes the existing IPSO image on the IP1200 Series.

  • Page 108: Protecting The Boot Manager With A Password

    Using the Boot Manager Protecting the Boot Manager with a Password To prevent accidental or unauthorized access to the hard disk on your Nokia IP1200 Series Security Platform, you can require that the user enter a password to access the boot manager install command. Use the password command to set the password.

  • Page 109: Installing The Boot Manager

    Nokia IPSO (the operating system), not from the boot manager. To install the new boot manager, at the Nokia IPSO command prompt enter: /etc/install_bootmgr wd1 /image/current/bootmgr/nkipflash The command installs the new boot manager image (nkipflash) into the flash device (wd1).
  • Page 110 Nokia Customer Support site as listed in “Nokia Contact Information” page 3. 2. At the Nokia IPSO command prompt, enter: /etc/upgrade_bootmgr wd1 /etc/nkipflash The command upgrades the boot manager with the new image (nkipflash), writing it into the hard disk drive (wd0). The upgrade takes some time to complete.

  • Page 111: Troubleshooting

    Troubleshooting This chapter provides troubleshooting tips, problems, and solutions related to Nokia IP1200 Series Security Platform installations. For information about how to reinstall the Nokia IPSO operating system onto your appliance, see Chapter 6, “Using the Boot Manager.” General Troubleshooting Information The information in this section relates to problems you might encounter during the IP1200 Series installation.
  • Page 112 Troubleshooting communicates with the IP1200 Series. If this is not possible by using your laptop computer or terminal, the problem is with the terminal or cable and not with the appliance. Problem No console connection to the IP1200 Series. Solution For information about how to create a console connection, see “To connect to the console”...
  • Page 113 5. Enter the following command to reset the password from the command line by using a blank password: dbpasswd admin newpassword "" The two double quotation marks at the end of the command properly indicate a blank password. Nokia IP1200 Series Security Platform Installation Guide...
  • Page 114 Chapter 2, “Performing the Initial Configuration.” To reset the default database settings 1. Log in to the IP1200 Series as admin by using Nokia Network Voyager. For information about how to access Network Voyager and the related reference materials, see “To open Nokia Network Voyager”...
  • Page 115 IP1200 Series configuration. Problem Wrong link speed. Solution Verify that the port on the host and the port on the IP1200 Series are set for the same speed (10 Mbps or 100 Mbps). An unblinking data and activity LED on a port is a good indication of a speed mismatch.
  • Page 116 Device Problem No link light. Solution You might have used the wrong cable. Use a crossover cable between the IP1200 Series and a host, and a straight-through cable between an appliance and a hub. Problem Solid activity LED. Solution You might have set the wrong speed. Verify that the speeds match on each end of the Ethernet connection (10 Mbps, 100 Mbps, or 1000 Mbps).
  • Page 117 Problem The DIMMs are not properly seated in DIMM sockets. Solution Repeat memory installation procedures. Make sure DIMMs are fully seated in sockets. Be sure DIMMs click into place. Make sure DIMMs are seated in adjacent slots J5/J6 and/or J7/J8. Nokia IP1200 Series Security Platform Installation Guide...
  • Page 118 Troubleshooting Nokia IP1200 Series Security Platform Installation Guide...

  • Page 119: Installing And Replacing Other Components

    Chapter 4, “Installing and Replacing Network Interface Cards.” You should have a working knowledge of networking equipment before you attempt to service an IP1200 Series. Limit service of the appliance to the procedures described in this chapter. Caution To protect the IP1200 Series and the memory modules from electrostatic discharge damage, make sure you are properly grounded before you touch these components.

  • Page 120: Replacing A Hard Disk Drive

    Replacing a Hard Disk Drive The Nokia IP1200 Series Security Platform supports up to two hard disk drives with the disk mirroring feature in the Nokia IPSO operating system. If the appliance has only one hard disk drive installed, it is in the top slot (slot A).

  • Page 121: Hard Disk Drive Hot Swap Feature

    You can use Nokia Network Voyager, the command-line interface (CLI), or Lynx to create and delete mirror sets. Note If your IP1200 Series contains two hard disk drives when you receive it, the disk-mirroring feature is already enabled. For more information about disk mirroring, including configuration details, see the Nokia Network Voyager Reference Guide and the IPSO Release Notes and Getting Started Guide.

  • Page 122: Before You Begin

    • Disk mirroring is not enabled. • You press the hot swap button on the source hard disk drive. Before You Begin To upgrade or replace a Nokia IP1200 Series Security Platform hard disk drive, you need: Physical access to the appliance...
  • Page 123 Back up your hard disk drive files to a remote system on a regular basis. For backup and restore procedures, see the IPSO 3.7 Release Notes and Getting Started Guide or the Nokia Horizon Manager User Guide and online help. To replace a hard disk drive by using the hot-swap feature Note You must have disk mirroring implemented to use the hot swap feature.
  • Page 124 4. When the status LED stops blinking, use your thumb or forefinger to press the ejector and locking lever to eject the hard disk drive from the chassis. Push red button to disengage lock Release or lock into place 00320 Nokia IP1200 Series Security Platform Installation Guide...
  • Page 125 9. Press the recessed hot swap button again to restore power to the hard disk drive. The IP1200 Series recognizes the new hard disk drive. 10. Use Nokia Network Voyager, Lynx, or the CLI to implement disk mirroring. Nokia IP1200 Series Security Platform Installation Guide...
  • Page 126 2. Loosen the retaining screws on both sides of the hard disk drive. Caution To avoid damage to the ejection lever, loosen the retaining screw behind each ejection lever before you remove the hard disk drive. Nokia IP1200 Series Security Platform Installation Guide...
  • Page 127 3. Use your thumb or forefinger to press the ejector and locking lever on the hard disk drive that you are removing to eject the hard disk drive from the chassis. Push red button to disengage lock Release or lock into place 00320 Nokia IP1200 Series Security Platform Installation Guide...

  • Page 128: Replacing Or Upgrading Memory

    7. Press the hot swap button to restore power to the hard disk drive. The IP1200 Series recognizes the new hard disk drive. 8. Use Nokia Network Voyager, Lynx, or the CLI to implement disk mirroring. Replacing or Upgrading Memory The Nokia IP1200 Series Security Platform has four dual inline memory- module (DIMM) sockets.

  • Page 129: Figure 32 Dimm Socket Locations

    For further information, contact the appropriate Nokia customer support site listed in “Nokia Contact Information” on page 3. The DIMM sockets are located on the left rear of the IP1200 Series mother board, as you look at the appliance from the front, as Figure 32 shows.

  • Page 130: Before You Begin

    To add or replace DIMMs 1. Use Nokia Network Voyager or Lynx to perform an orderly shutdown of the IP1200 Series. For information about how to access Network Voyager and the related reference materials, see “To open Nokia Network Voyager”...
  • Page 131 2. Loosen the four front panel retaining screws. 00307a.1 Chassis assembly retaining screws 3. Slide the chassis assembly forward to expose the DIMM sockets on the IP1200 Series motherboard. 4. Pull the chassis assembly entirely out of the appliance. 00326a.1 Nokia IP1200 Series Security Platform Installation Guide...
  • Page 132 The top of the DIMM is smooth. The bottom edge has two different- length sets of contacts, which mate with the slots on the socket. Be sure the contacts and slots are properly aligned before you insert the DIMM. Nokia IP1200 Series Security Platform Installation Guide...
  • Page 133 The retaining clips move into the lock position as you press the DIMM into place. 7. Slide the chassis assembly back into the appliance until it clicks into place. 00326b.1 8. Resecure the four chassis assembly retaining screws. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 134: Installing A Nokia Encryption Accelerator Card

    IP1220, then the Nokia encryption accelerator card is installed before the appliance is delivered. The IP1200 Series uses a PMC format accelerator card. The accelerator card has no external connections and requires no cables. The accelerator card software package is part of IPSO, so the appliance automatically detects and configures the card.

  • Page 135: Before You Begin

    To install the accelerator card 1. Use Nokia Network Voyager or Lynx to shut down the IP1200 Series. For information about how to access Network Voyager and the related reference materials, see “To open Nokia Network Voyager”...
  • Page 136 Installing and Replacing Other Components 2. Loosen the four front-panel retaining screws. 00307a.1 Chassis assembly retaining screws 3. Slide the chassis assembly forward to expose the motherboard components. 00326a.1 4. Locate the PMC connectors on the motherboard. Nokia IP1200 Series Security Platform Installation Guide...
  • Page 137 Do not use the PMC connectors located at the front of the motherboard for the acceleration card. Those connectors are for the management card. 5. Position the three male PMC connectors on the card over the three female PMC connectors on the motherboard. Nokia IP1200 Series Security Platform Installation Guide...
  • Page 138 Reseating the chassis assembly automatically restores power to the appliance. 11. Configure your software to use hardware acceleration by following the instructions in “Configuring Software to Use Hardware Acceleration” page 139. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 139: Configuring Software To Use Hardware Acceleration

    Installing a Nokia Encryption Accelerator Card Configuring Software to Use Hardware Acceleration Use Nokia Network Voyager to configure virtual private network (VPN) tunnels to use hardware acceleration. This step is necessary for the optional encryption accelerator card on the IP1200 Series.

  • Page 140: Installing A Fan Unit

    To replace a fan unit 1. Locate the fan unit on the back of the IP1200 Series and the four retaining screws that secure it. 00308a Fan unit 2.

  • Page 141: Installing Or Replacing A Power Supply

    3. Slowly pull the fan unit out of the chassis toward the rear. 00318.1 4. If the IP1200 Series is running, immediately install a replacement fan unit by sliding it into the back of the appliance. 5. Tighten the four retaining screws on the new fan unit.
  • Page 142 In this situation, the power supply still meets all safety standards.This condition is normal and does not affect the performance of the Nokia IP1200 Series. To cool the power supply down, use the power supply switch to turn on power and activate the integrated cooling fan.

  • Page 143: Before You Begin

    5. Use the handles to gently pull the power supply out of the chassis. 00317.1 6. Insert the new power supply into the empty bay. 7. Replace the grounding lugs. 8. Reinstall the two retaining screws. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 144: Monitoring The Nokia Ip1200 Series Security Platform Power Supply

    Monitoring the Nokia IP1200 Series Security Platform Power Supply You can monitor the status of the Nokia IP1200 Series Security Platform power supply with Nokia Network Voyager. Similarly, you can also use the command-line interface (CLI). For information about the CLI, see the CLI Reference Guide.

  • Page 145: A Technical Specifications

    -5° C to +40° C (23° F to 104° F) Temperature Humidity 5% to 85% Short Term Operational -5° C to 50° C (23° F to 122° F) Temperature (not to Humidity 5% to 90% exceed 96 consecutive hours) Nokia IP1200 Series Security Platform Installation Guide...

  • Page 146: Space Requirements

    3.5 inches (8.89 centimeters) of vertical space 18 inches (46 centimeters) behind the front-panel of the rack 6 inches (15 centimeters) behind the IP1200 Series to allow the back exit fan to move air through the appliances Caution Do not block the ventilation holes on the IP1200 Series.

  • Page 147: B Compliance Information

    Compliance Information This appendix contains the following compliance information: Declaration of Conformity Compliance Statements FCC Notice (US) Equipment Attachment Regulations (Canada) Nokia IP1200 Series Security Platform Installation Guide...

  • Page 148: Declaration Of Conformity

    Product Options: Serial Number: 1 to 100,000 Date First Applied: 2003 conforms to the following standards: Safety: EN60950:1992, A1, A2:1993, A3:1995, A4:1997, A11:1998 with Japanese National Deviations EMC: EN55024 1998, EN55022A 1998, EN61000-3-2, EN61000-3-3 Nokia IP1200 Series Security Platform Installation Guide...
  • Page 149 Directive 89/336/EEC with Amendment 93/68/EEC. Alan Hutchinson Manager Regulatory Compliance Engineering Mountain View, California August 2002 European contact: Greg Shortell Nokia Telecommunications 2 Heathrow Blvd, 284 Bath Road Heathrow, Middlesex, UB7 ODQ England Nokia IP1200 Series Security Platform Installation Guide...

  • Page 150: Compliance Statements

    The Nokia IP security platforms are LAN devices that can also use Nokia NICs for wide area or out-of-band network connections. In the latter case this must be done with local country approval for Nokia T1, E1, ISDN, or other NICs. Refer to your reseller or distributor to determine if these NICs are approved for the desired country.

  • Page 151: Fcc Notice (Us)

    Consult the dealer or an experienced radio/TV technician for help. Caution Any changes or modifications not expressly approved by the grantee of this device could void the user’s authority to operate the equipment. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 152: Equipment Attachment Regulations (Canada)

    This precaution may be particularly important in rural areas. Caution Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or an electrician. Nokia IP1200 Series Security Platform Installation Guide...

  • Page 153: Index

    108 connections upgrading 109 Ethernet network interface cards 77, 80, 82 variables used by 100, 106 modem 27 boot manager revision variable 100 power 42 boot-device variable 100 Nokia IP1200 Series Security Platform Installation Guide Index - 153...
  • Page 154 Ethernet 25 hard disk drives dual-port fiber-optic Gigabit Ethernet 25 overview 29 dual-port network interface cards 89 replacing 120 status LEDs 30 help command 106 hot swap button 121 E1 95 Index - 154 Nokia IP1200 Series Security Platform Installation Guide...
  • Page 155 101 dual-port 10/100 Ethernet 76, 79, 82 dual-port Gigabit Ethernet 78 installing 61 list of available 73 rack space 20 monitoring 71 rack-mounting the appliance 56 removing 62 replacing Nokia IP1200 Series Security Platform Installation Guide Index - 155...
  • Page 156 X.21 network interface cards, connectors 89 sysinfo command 102 system status LEDs 28 technical specifications 145 text conventions 17 troubleshooting 111 unicast traffic 21 unsetalias command 105 unsetenv command 104 Index - 156 Nokia IP1200 Series Security Platform Installation Guide...

Table of Contents