Scribd
Upload
2K views12 pages

Arbor Edge Defense 8100 CI Installation Guide

Uploaded by

masterlinh2008
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views12 pages

Arbor Edge Defense 8100 CI Installation Guide

Uploaded by

masterlinh2008
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Installation Guide

Arbor Edge Defense


AED 8100 Appliance
This guide provides instructions for the connection and initial configuration of your AED
8100 appliance. These procedures represent the minimum required setup.

Components
Your AED 8100 package includes the following items:
n AED 8100 appliance
n 2 Ethernet patch cables
n 2 AC power cords or 2 DC connector assemblies
n 1 rail kit with extensions
n Legal documentation

Interface Configurations
The AED 8100 supports quad-port network interface cards (NICs) in the following
configurations:
n One 1 GbE
n Two1 GbE
n Three 1 GbE
n One10 GbE
n Two 10 GbE

Note
The NICs that AED supports are bypass capable.

For the interface placement in the appliance slots and the port numbering sequences for
these configurations, see the “Supported Configurations” on page 6 .

Before You Begin


First, decide whether to place the appliance inline (inline mode) or out-of-line through a
span port or network tap (monitor mode). Also, decide which deployment scenario is best
for your network.

For more information, see the section about the AED deployment scenarios in the Arbor
Edge Defense User Guide . You can obtain this guide and other product documentation
from the Arbor Technical Assistance Center web site at
https://support.arbornetworks.com/

© 2021 NETSCOUT SYSTEMS, INC. All rights reserved. www.netscout.com


AED-IG-8100-CI-2021/04 Part Number: 293-2978 Rev. A
15 April, 2021 ®
AED 8100 Appliance Installation Guide

Appliance Specifications
The following list describes the specifications for the AED 8100 appliance.

Power Options
The AED 8100 appliance has two 850 W AC or DC hot-swap, redundant power supplies:
AC: 100 to 240 VAC, 50 to 60 Hz, 12/6 A max
DC: -40 to -72 VDC, 28/14 A max

Physical Dimensions
Chassis: 2U rack
Height: 3.45 in (8.76 cm)
Width: 17.14 in (43.53 cm)
Depth: 20 in (50.8 cm)
Weight: 36.95 lb (16.76 kg)

Environmental
Temperature, operating: 41ºF to 104ºF (5ºC to 40ºC)
Humidity, operating: 5% to 85%, non-condensing, at temperatures of 73ºF to 95ºF (23ºC
to 35ºC). Designed to meet or exceed Telcordia GR-63 and ETSI EN 300 019 humidity
requirements for operating, transport, and storage environments.
Temperature, non-operating: -40ºF to 158ºF (-40ºC to 70ºC)
Humidity, non-operating: 95%, non-condensing, at temperatures of 73ºF to 104ºF (23ºC
to 40ºC)
Airflow direction: Front to back. For proper airflow, ensure that the air intake is
positioned in a cold aisle and the air exhaust is positioned in a hot aisle.
Heat dissipation: 1075 BTU/hr @ 315 W

Compatibility: monitoring
This appliance integrates with management consoles that support SNMPv2 or SNMPv3.

2 NETSCOUT SYSTEMS, INC. Confidential and Proprietary


AED 8100 Appliance Installation Guide

Collecting Information for the Installation


Collect the following information for your appliance:

Information to
collect Description
Administrative The user name and password for administrative access to the
username and device. The default user name is admin and the default
password password is arbor. To use the software, you must change the
default password.

System hostname The unique name that identifies this device on the network.

IP address and The IP address and the subnet mask of the device’s management
subnet mask interface.

Default gateway IP The IP address for the default gateway that the management
address and other interface uses and any additional routes that are required for the
IP routing device to access the management interface.

NTP server The IP address for the server that synchronizes the network time.
(optional)

Physical The switch or router port mappings to connect to the protection


connections interfaces. See “About the Protection Interfaces” on page 7.

Network The method that you plan to use to connect the device within
connectivity mode your network (inline or out-of-line through a span port or
network tap).

DNS server The IP address for the server that translates domain names for
(optional) your network.

License file Obtain your license file by following the instructions in the email
that you received from NETSCOUT when you purchased the
appliance. The license file includes both the throughput license
and the AIF license. See “About the AED license installation” on
page 11.

NETSCOUT SYSTEMS, INC. Confidential and Proprietary 3


AED 8100 Appliance Installation Guide

Front Panel
The following diagram shows the front panel of the AED 8100 appliance. The arrow
indicates the RJ45 serial console port.

The following diagram shows the port, buttons, and LEDs on the front panel of the
appliance.

1 2 3 4 5 6 13

7 8 9 10 11 12

1. Power button 8. Chassis ID button


2. System reset button 9. mgt0 /mgt1 activity LED
3. Chassis information LED 10. Hard drive activity LED
4. Fan status LED 11. Power alarm LED
5. Critical alarm LED 12. Minor alarm LED
6. Major alarm LED 13. RJ45 serial console port
7. NMI (non-maskable interrupt) button

An alarm LED that is blinking green, solid amber, or solid red indicates an error condition.
To determine the cause of an error, review the Active Alerts section on the Summary page
in the AED UI.

4 NETSCOUT SYSTEMS, INC. Confidential and Proprietary


AED 8100 Appliance Installation Guide

Back Panel
Refer to the following back panel diagram when you connect the appliance.

The diagram shows the back panel of the AED 8100 appliance.

Note
Both types of power supplies are shown for illustration purposes only. Each appliance
has either two AC power supplies or two DC power supplies.

6 1
ext0 int0 ext1 int1 ext2 int2 ext3 int3
7 2
ext4 int4 ext5 int5

5 4 3

1 2 3 4 5 6 7 8 9 10

1. VGA connector 8. Two ground studs for DC-input system


2. USB1 (top) and USB0 (bottom) 9. Power supply 2 (DC module is shown)
3. (Not supported) Remote Management NIC DC connector pinout:
4. USB2 (top) and USB3 (bottom) l Pin 3 (top): Return
5. mgt0: GbE NIC 1 connector l Pin 2 (middle): DC
6. mgt1: GbE NIC 2 connector l Pin 1 (bottom): Ground
7. Protection ports (10 GbE ports are shown): You must assemble the DC power cables using
the connector assemblies that come with the
l Slots 6 and 1: one or two 1 GbE or one or
DC power supplies.
two 10 GbE
10. Power supply 1 (AC module is shown)
l Slot 7: available for third 1 GbE only
l Slot 2: unused
For slot placement, see "Supported
Configurations" on the next page.

NETSCOUT SYSTEMS, INC. Confidential and Proprietary 5


AED 8100 Appliance Installation Guide

Supported Configurations
The following sections show the interface configurations that the AED 8100 appliance
supports, the interface placement in the appliance slots, and the port numbering
sequences for those configurations.

1 GbE NICs
The supported configurations for the 1 GbE quad-port NICs are as follows:

n One 1 GbE
n Two 1 GbE
n Three 1 GbE

The 1 GbE NICs are available in copper and fiber (LX or SX).

The slot placement and the port numbering sequences for 1 GbE NICs are as follows:

ext0 int0 ext1 int1 ext2 int2 ext3 int3

ext4 int4 ext5 int5

Slot 6 — 1 GbE Slot 1 — 1 GbE (optional)


ext0 | int0 | ext1 | int1 ext2 | int2 | ext3 | int3

Slot 7 — 1 GbE (optional) Slot 2


ext4 | int4 | ext5 | int5 Not used

10 GbE NICs
The supported configurations for the 10 GbE quad-port NICs are as follows:

n One 10 GbE
n Two 10 GbE

The 10 GbE NICs are available in fiber (LR or SR).

The slot placement and the port numbering sequences for the 10 GbE NICs are as follows:

ext0 int0 ext1 int1 ext2 int2 ext3 int3

Slot 6 — 10 GbE Slot 1 — 10 GbE (optional)


ext0 | int0 | ext1 | int1 ext2 | int2 | ext3 | int3

Slot 7 Slot 2
Not used Not used

6 NETSCOUT SYSTEMS, INC. Confidential and Proprietary


AED 8100 Appliance Installation Guide

About the Protection Interfaces


You can connect a network path to any two like-numbered interfaces (for example, ext0
and int0). The “ext” interface always faces an external internet connection and the “int”
interface always faces your internal network.

n In an inline deployment, AED acts as a physical cable between the internet and your
protected network. Connect the upstream network equipment to an “ext” interface on
AED. Connect the matching “int” interface on AED to your downstream network
equipment.
n Do not send outbound traffic from your internal network to an “ext” interface on AED.
AED treats all traffic on “ext” interfaces as external.
n In monitor mode, AED is deployed out-of-line through a span port or network tap.
Connect the monitor port that receives internet traffic to an “ext” interface on AED. You
can connect the matching “int” interface on AED to the monitor port that sends traffic to
the internet, but this connection is not required.
n AED expects the first protection interfaces (ext0 and int0 in inline mode or ext0 in
monitor mode) to be connected. If they are not connected, then AED generates system
alerts in the UI. For example, if you connect to interfaces ext2 and int2, then the system
alerts will indicate that interfaces ext0 and int0 are down. You can disable alerting for
the ext0 and int0 interface pair in the UI.
n If you connect more than one pair of protection interfaces, we recommend that you
balance the traffic that AED processes across the physical NICs. For example, if you
need to connect two pairs of protection interfaces, connect ext0/int0 and ext2/int2
because they are on different NICs.

Important
If you connect AED to interfaces that do not support Auto MDI selection, then use the
correct combination of straight-through or crossover cables. It is important that you
maintain the link through an inline AED when bypass mode is engaged.

Connecting the Appliance


Warning
Read all of the installation instructions and safety-related warnings before you connect
the system to its power source.

Refer to the following appliance panel diagrams as you complete the connection tasks:
n “Front Panel” on page 4
n “Back Panel” on page 5

Connect the power


1. On the back panel, connect the power cords to the two redundant power supplies.
2. Connect the power cords to separate facility power circuits.

Note
The appliance can operate with one power cord connected. However, by connecting to
two separate power circuits, the appliance can operate if one circuit loses power.

NETSCOUT SYSTEMS, INC. Confidential and Proprietary 7


AED 8100 Appliance Installation Guide

Connect management and mitigation interfaces


1. Plug one end of an Ethernet patch cable into an Ethernet switch.
2. On the back panel, plug the other end of the Ethernet patch cable into the
management port mgt0.
Do not plug the patch cable into the port labeled MNGT on the back panel.
3. (Optional) Repeat the previous steps to connect to the management port mgt1.
4. For each protection interface pair that you plan to connect, complete the following
steps:
a. Plug one end of an Ethernet patch cable into an “ext” protection interface on the
appliance. Plug the other end of the Ethernet patch cable into your upstream
network equipment or to a span port or network tap that receives traffic from the
internet.
b. Plug one end of an Ethernet patch cable into the matching “int” interface on the
appliance. Plug the other end of the Ethernet patch cable into your downstream
equipment or to a span port or network tap that sends the traffic to the internet.
Note
To balance the traffic, we recommend that you connect protection interface pairs
that are on different physical NICs.

Connect to the appliance for configuration


Use one of the following methods to connect to the appliance for configuration:

Cable connection steps

Serial Console VGA


1. Plug the RJ45 end of an Ethernet patch 1. Connect a VGA monitor to the
cable into the serial console port on the VGA connector on the appliance.
front of the appliance. 2. Connect a keyboard to one of the
2. Connect the other end of the Ethernet USB ports on the appliance.
patch cable to a serial console server or
computer.
3. Configure your console server or
computer with the following settings:
l Baud rate: 9,600
l Data bits: 8
l Stop bits: 1
l Parity: None
l Flow control: None

8 NETSCOUT SYSTEMS, INC. Confidential and Proprietary


AED 8100 Appliance Installation Guide

Installing the AED Software


The installation script prompts you to enter the information that is required to install AED.
To respond to the prompts, type the requested information and press ENTER. To accept a
default entry, which is displayed in brackets, press ENTER without typing a response.

If the installation script does not appear or if you need to reinstall AED, then see the
instructions for installing and reinstalling AED in the Arbor Edge Defense User Guide .

After you complete the installation script, you configure additional settings by using the
command line interface (CLI). The following syntax represents the CLI commands.

Command syntax Description


command Items that you must type as shown.

variable A placeholder for which you must supply a value.

{option1 | option2} A set of choices, one of which is required. Do not type the
vertical bar or the braces.

Installing AED
The AED 8100 appliance requires a locally-managed flexible license. You install the license
after you complete the software installation, not during the installation. See “About the
AED license installation” on page 11.
1. Turn on the AED appliance.
n If you connect to the appliance through a serial console, the installation starts. Skip
to Step 6.
n Otherwise, go to the next step.
2. When the Press any key to continue prompt appears, press a key within five
seconds.
Important
If the system continues before you can press a key, then turn off the appliance and
start over.
3. At the GRUB menu, press the up arrow key or down arrow key to stop the 10-second
countdown.
Important
If the system continues before you can stop the countdown, then turn off the
appliance and start over.
4. Select the following option on the GRUB menu and then press ENTER:
(re)install from on-board flash (Serial)
5. Enter y in response to the following prompt:
Do you want to begin the install process?
This will remove all current data and configuration [n]
The script initializes the system, installs the software, and builds the databases. These
processes take some time.
6. When the installation processes finish, respond to the prompts as follows:

NETSCOUT SYSTEMS, INC. Confidential and Proprietary 9


AED 8100 Appliance Installation Guide

Prompt Description
Enable FIPS mode? Enter n. The AED 8100 does not support FIPS mode.
Are you sure you want
to permanently enable
FIPS mode?

System hostname? Enter the host name for the AED appliance as a
simple host name or a fully qualified domain name.
For example: system1 or system1.example.net.

Set admin password? To change the administrator password, enter y. At


the password prompts, enter the new password.
Important
To use AED, you must change the default
password.

IP address for Enter the IP address for this management port. For
interface mgt0 example: 198.51.100.2 or 2001:DB8::2

Netmask for interface (IPv4 addresses only) Enter the netmask in dotted-
mgt0 quad format. For example: 255.255.255.0

Prefix for interface (IPv6 addresses only) Enter the prefix length for this
mgt0 management port’s address. For example: /64

IP address for Respond to the prompts to configure mgt1 or press


interface mgt1 ENTER to skip the configuration.

Default route Enter the IP address for the default gateway. For
example: 198.51.100.1 or 2001:DB8::1

{https | ping | At each of these prompts, enter the address range


cloudsignal | ssh} from which you want to allow communications to a
access from which service. For example: 198.51.100.0/24 or
network? 2001:DB8::/32
To skip a prompt, press ENTER.
For security reasons, AED does not allow IP access
rules that specify numeric ports. If you enter an IP
access rule for 0.0.0.0/0 or ::/0, then AED displays a
warning message and prompts you to confirm the
entry.
Caution
We strongly recommend that you do not use
0.0.0.0/0 or ::/0, because these address ranges
allow unrestricted access to a service. To restrict
access, specify the narrowest address range that
you can.
After you pass through these prompts, the system
generates a new SSH host key file.

10 NETSCOUT SYSTEMS, INC. Confidential and Proprietary


AED 8100 Appliance Installation Guide

Prompt Description
DNS server IP address Enter the IP address for your DNS server or press
ENTER to skip this prompt.

Current time and date Accept the default values or enter a new time and
date in the format mmddHHMMyyyy.SS (month, day,
hour, minutes, year, seconds).

NTP server IP address Enter the IP address for your NTP server or press
ENTER to skip this prompt.

Important
When the system restarts, do not press a key or respond to any other prompts until the
login prompt appears.
7. At the login prompt, enter the default username of admin.
8. At the password prompt, enter the admin password that you set in the installation
script.

9. Enter / services aed mode set {inline | monitor}


{inline | monitor} = If you placed the appliance inline in your network, enter
inline. If you placed the appliance out-of-line through a span port or network
tap, enter monitor.
10. To save the configuration changes, enter / config write
Important
Do not skip this step.
11. Enter / reload
Important
You must reload AED before you can start AED services.
12. Enter / services aed start
13. To complete the installation and log out of the CLI, enter the following commands,
one at a time:
/ config write
/ exit

About the AED license installation


After you install the AED software, you install the license that allows AED to process and
forward traffic.

The AED 8100 appliance requires a locally-managed flexible license. With locally-managed
flexible licensing, you download a license file from the license portal and install the file on
an appliance. The license file includes both the throughput license and the AIF license.
Each appliance requires its own license file. The appliance model on which you install the
license must match the model that is specified in the license.

For license installation instructions, see “Installing a Locally-Managed Flexible License” in


the Arbor Edge Defense User Guide .

NETSCOUT SYSTEMS, INC. Confidential and Proprietary 11


AED 8100 Appliance Installation Guide

Finishing the Configuration


You complete the AED configuration in the AED UI. For information about configuring the
AED settings, see the Arbor Edge Defense User Guide .

12 NETSCOUT SYSTEMS, INC. Confidential and Proprietary

You might also like