Professional Documents
Culture Documents
TMS 2800 Quick Start Card 2018-10-22
TMS 2800 Quick Start Card 2018-10-22
This card provides instructions for the connection and initial Physical Dimensions
configuration of your TMS 2800 appliance. These procedures Chassis: 2U rack
represent the minimum required setup.
Height: 3.45 in (8.76 cm)
Width: 17.14 in (43.53 cm)
Package Contents Depth: 20 in (50.8 cm)
Verify that your package contains the following items: Weight: 36.95 lb (16.76 kg)
55
Item Environmental
TMS 2800 appliance Temperature, operating: 50º to 95ºF (10º to 35ºC)
2 Ethernet patch cables Humidity, operating: 95%, non-condensing, at temperatures of
2 power cords 73º to 95º F (23º to 35ºC). Designed to meet or exceed Telcordia
GR-63 and ETSI EN 300 019 humidity requirements for operating,
1 rail kit with extensions
transport, and storage environments.
License key on shipping box label Temperature, non-operating: -40º to 158ºF (-40º to 70ºC)
Legal documentation Humidity, non-operating: 95%, non-condensing, at temperatures of
Return shipping instructions 73º to 104ºF (23º to 40ºC)
Quick Start Card (this document) Airflow direction: Front to back. To ensure proper airflow, make sure
that the air intake is positioned in a cold aisle and the air exhaust is
All models have eight 10 GbE interfaces that you can configure with
up to eight SFP+ (SR or LR) fiber optic modules.
Collecting Information
Collect the information that applies to your appliance and document it on the following worksheet:
£ Appliance hostname The unique name that identifies the appliance on the network.
£ Administrative user name The user name and password for administrative access to the appliance. The
and password default user name is admin and the default password is arbor. Choose a
new password for the admin user.
Important: You must set the same zone secret on all Sightline and Threat
Mitigation System devices.
£ IP address and network The management IP address and the network mask of the management
mask interface for the TMS 2800 appliance.
£ Default gateway IP address The IP address of the default gateway that is used by the management
and other IP routing interface.
£ NTP Server (recommended) The IP address of the server that synchronizes network time.
£ DNS server (optional) The IP address of the server that translates domain names for your network.
1
6
mgt0 mgt1
5 4 3
1 2 3 4 5 6 7 8 9 10
Serial Console
• P
lug one end of an Ethernet patch cable into the RJ45 serial
console port on the front of the appliance.
• Connect the other end of the Ethernet patch cable to a serial
console server or computer.
• C
onfigure your console server or computer with the following
settings:
• Baud rate: 9600
• Data bits: 8
• Stop bits: 1
Connecting the Appliance • Parity: None
To connect the appliance, refer to the appliance back panel diagram • Flow control: None
as you perform the following steps:
VGA
1. On the back panel, connect the power cords to the two • Connect a VGA monitor to the VGA connector on the appliance.
redundant power supplies. • Connect a keyboard to one of the USB ports on the appliance.
3. On the front panel, press the power button to turn on the Configuring the appliance automatically using ZTP
appliance, and then start your computer.
ZTP is supported with TMS software 8.2 or later. To configure a TMS
4. Plug one end of an Ethernet patch cable into an Ethernet switch. 2800 appliance automatically using ZTP, power up the appliance.
On the back panel, plug the other end of the Ethernet patch cable
into the management port mgt0 or mgt1. On boot, ZTP sends a DHCP request on the management interfaces.
If a DHCP server replies with the location of a network configuration
Note: Do not plug the patch cable into the port labeled MNGT on
file for the appliance, ZTP downloads that configuration file.
the back panel.
If ZTP cannot configure the TMS appliance, the boot-up finishes
5. For each mitigation port that you will connect, follow these steps:
normally. Then, you can either configure the appliance manually, or,
Important: For best performance, distribute mitigation port
fix the ZTP issue and reboot the appliance to try ZTP again.
connections as evenly as possible between the two NICs. For
example, if you connect five mitigation ports, connect three ports For more information about ZTP, see “Automatically Configuring
on one NIC and two on the other. a TMS Model for the Management Network” in the Sightline and
• Obtain a 10 GbE Ethernet SFP+ (SR or LR) optical transceiver Threat Mitigation System Advanced Configuration Guide. You can
module and a 10 GbE fiber optic cable. You can purchase the download this guide from the Arbor Technical Assistance Center
SFP+ modules from Arbor. (https://support.arbornetworks.com).
• On the back panel, plug the SFP+ module into one of the eight
10 GbE mitigation ports tms0-tms7.
• Plug one end of the fiber optic cable into the SFP+ module.
Configuring the appliance manually in the CLI 11. Enter / services tms bootstrap leader_IP zone_secret
leader_IP = the IP address of the Sightline leader appliance
Command Syntax Description
zone_secret = the word or phrase that is used by all of the
command Enter the text as shown. appliances in the system for internal communication
variable Enter a value for this placeholder. 12. Perform this step only if you enabled ssh on the appliance in
{kwd1 | kwd2} Enter a keyword as shown. Choose one only. step 4:
Enter / services ssh key generate
To configure a TMS 2800 appliance manually, access the CLI for the Enter / services ssh start
TMS appliance through the serial console or computer, and then
13. To use NTP, enter / services ntp server add IP_address
enter the following commands:
IP_address = the IP address of your NTP server
1. Log in as admin with the password arbor Tip: To view the NTP server configuration, enter / services ntp
2. At the CLI prompt, enter ip interfaces ifconfig {mgt0 | mgt1} show.
IP_address netmask up 14. Enter / services tms start
{mgt0 | mgt1} = the name of the management interface that you
15. To commit the configuration changes, enter config write
connected
IP_address = the IP address of the management interface 16. To log out, enter the exit command.
(including the prefix length if you type an IPv6 address)
netmask = the netmask for the IPv4 address (in dotted-quad Adding the Appliance to the Leader
format)
To add the TMS appliance to the leader:
Tip: To view the connected interfaces, enter / ip interfaces show
1. Log in to the UI of the Sightline leader.
3. Enter / ip route add default IP_address
IP_address = the IP address of the default route gateway 2. On the Configure Appliances page (Administration > Appliances),
add an appliance.
Tip: To view the routes, enter / ip route show
3. On the Add Appliance page, configure the settings for the
4. Enter / ip access add service {name | all} CIDR
TMS appliance on the Appliance tab so that Sightline can
service = ssh (for remote CLI), ping, snmp, or telnet communicate with the appliance.
{name | all} = the name of the management interface on which
you want to exclusively apply a service, or all if you want to apply For instructions, see the Sightline and Threat Mitigation System User
the access rule to all interfaces Guide.
CIDR = the address range from which you want to use a service
Configuring Administrative Settings for
5. Repeat the previous step for each service that you want to add.
Tip: To view services, enter / ip access show
the Appliance
Tip: Before you begin, get the appliance license key from the
6. To commit the access configuration, enter / ip access commit shipping box label. Or, contact the Arbor Technical Assistance Center
7. Enter / services aaa local password admin interactive and provide the serial number shown on the appliance label or in the
output of the / system hardware CLI command.
8. Enter the new password twice.
Configure administrative settings for the TMS appliance on the
9. Enter / system name set hostname Sightline leader as follows:
hostname = the hostname of the appliance
1. Log in to the UI of the SIghtline leader.
10. (Optional) Enter / services dns server add IP_address
2. On the Configure Appliances page (Administration > Appliances),
IP_address = the IP address of the DNS server
click the name of this appliance and complete its configuration.
Tip: To view the DNS server configuration, enter / services dns
show. For more information, see the Sightline and Threat Mitigation System
User Guide.