Quick Start Card

Arbor Threat Mitigation System (TMS)

TMS 2800 Appliance

This card provides instructions for the connection and initial Physical Dimensions
configuration of your TMS 2800 appliance. These procedures Chassis: 2U rack
represent the minimum required setup.
Height: 3.45 in (8.76 cm)
Width: 17.14 in (43.53 cm)
Package Contents Depth: 20 in (50.8 cm)
Verify that your package contains the following items: Weight: 36.95 lb (16.76 kg)

55
Item Environmental
……
TMS 2800 appliance Temperature, operating: 50º to 95ºF (10º to 35ºC)
……
2 Ethernet patch cables Humidity, operating: 95%, non-condensing, at temperatures of
……
2 power cords 73º to 95º F (23º to 35ºC). Designed to meet or exceed Telcordia
GR-63 and ETSI EN 300 019 humidity requirements for operating,
……
1 rail kit with extensions
transport, and storage environments.
……
License key on shipping box label Temperature, non-operating: -40º to 158ºF (-40º to 70ºC)
……
Legal documentation Humidity, non-operating: 95%, non-condensing, at temperatures of
……
Return shipping instructions 73º to 104ºF (23º to 40ºC)
……
Quick Start Card (this document) Airflow direction: Front to back. To ensure proper airflow, make sure
that the air intake is positioned in a cold aisle and the air exhaust is

Models and Configurations positioned in a hot aisle.

Heat dissipation: 1109 BTU/hr @325 Watts
This Quick Start Card applies to the following licensed models:
Compatibility: Monitoring
Model License
Integrates with management consoles that support SNMPv2 or
TMS-2800-10G, -20G, or -30G 10, 20, or 30 Gbps bandwidth limit; SNMPv3
all countermeasures

TMS-2800-40G No bandwidth limit; Before You Begin

all countermeasures Before you configure this or any other TMS appliance, complete the
TMS-2800-10G-V, -20G-V, or 10, 20, or 30 Gbps bandwidth limit; following tasks:
-30G-V volumetric countermeasures only
1. Decide which deployment scenario is best for your network. See
TMS-2800-40G-V No bandwidth limit; “TMS Appliance Deployment Scenarios” in the Sightline and Threat
volumetric countermeasures only Mitigation System User Guide.
You can get this guide and other product documentation
from the Arbor Technical Assistance Center at
Appliance Specifications https://support.arbornetworks.com.
The following list describes the physical space and other 2. For new deployments, configure the Sightline™ leader appliance
specifications for the TMS 2800 appliance: and the leader’s license key, and then commit the configuration.
For instructions, see the Quick Start Card for the SIghtline leader
Power Options
appliance.
850 W AC or DC hot-swap, redundant power supplies
For command line interface (CLI) instructions, see “Using the
AC: 100 to 240 VAC, 50 to 60 Hz, 12/6 A max
Command Line Interface” in the Sightline and Threat Mitigation
DC: -48 to -72 VDC, 28/14 A max System Advanced Configuration Guide.

All models have eight 10 GbE interfaces that you can configure with
up to eight SFP+ (SR or LR) fiber optic modules.
Collecting Information
Collect the information that applies to your appliance and document it on the following worksheet:

R Item Description Your Setting

£ Appliance hostname The unique name that identifies the appliance on the network.

£ Administrative user name The user name and password for administrative access to the appliance. The
and password default user name is admin and the default password is arbor. Choose a
new password for the admin user.

£ Zone secret A word or phrase that is used in the deployment to authenticate

communication.

Important: You must set the same zone secret on all Sightline and Threat
Mitigation System devices.

£ IP address and network The management IP address and the network mask of the management
mask interface for the TMS 2800 appliance.

£ Default gateway IP address The IP address of the default gateway that is used by the management
and other IP routing interface.

Optional: IP network address, netmask, and gateway address of any

additional routes that are required for the management interface.

£ NTP Server (recommended) The IP address of the server that synchronizes network time.

£ DNS server (optional) The IP address of the server that translates domain names for your network.

Back Panel, TMS 2800 Appliance

Refer to the following back panel diagram when you connect the appliance. All licensed models of the TMS 2800 appliance include eight 10 GbE
ports for mitigation. You can install up to eight 10 GbE SFP+ (SR or LR) fiber optic transceiver modules in the mitigation ports. SFP+ modules are
sold separately and can be purchased from Arbor.

1
6

tms0 tms1 tms2 tms3 tms4 tms5 tms6 tms7

7 2

mgt0 mgt1

5 4 3

1 2 3 4 5 6 7 8 9 10

1 VGA connector 9 Power supply 2 (DC module is shown)

2 USB1 (top) and USB0 (bottom) The -48 V (-) terminals are on the top and the return terminals (+)
3 (Not supported) are on the bottom (use one positive terminal and one negative
terminal for each power feed).
4 USB3 (top) and USB2 (bottom)
10 Power supply 1 (AC module is shown)
5 Management interface port 0 (mgt0)
Both types of power supplies are shown for illustration
6 Management interface port 1 (mgt1)
purposes. Each appliance has either two AC power supplies or
7 Eight 10 GbE mitigation ports (tms0-tms7) on two 4-port NICs
two DC power supplies.
8 Two ground studs for DC-input system
Front Panel, TMS 2800 Appliance
This diagram shows the front panel of the TMS 2800 appliance. The
arrow indicates the RJ45 serial console port.
Connecting the Appliance
To connect the appliance, refer to the appliance back panel diagram
as you perform the following steps:
1. On the back panel, connect the power cords to the two
redundant power supplies.
2. Connect the power cords to separate facility power circuits.
Note: The appliance can operate with one power cord connected.
However, connecting to two separate power circuits will keep the
appliance operating if one circuit loses power.
3. On the front panel, press the power button to turn on the
appliance, and then start your computer.
4. Plug one end of an Ethernet patch cable into an Ethernet switch.
On the back panel, plug the other end of the Ethernet patch cable
into the management port mgt0 or mgt1.
Note: Do not plug the patch cable into the port labeled MNGT on
the back panel.
5. For each mitigation port that you will connect, follow these steps:
Important: For best performance, distribute mitigation port
connections as evenly as possible between the two NICs. For
example, if you connect five mitigation ports, connect three ports
on one NIC and two on the other.
• Obtain a 10 GbE Ethernet SFP+ (SR or LR) optical transceiver
module and a 10 GbE fiber optic cable. You can purchase the
SFP+ modules from Arbor.
• On the back panel, plug the SFP+ module into one of the eight
10 GbE mitigation ports tms0-tms7.
• Plug one end of the fiber optic cable into the SFP+ module.
• Plug the other end the fiber optic cable into the appropriate
10 GbE interface.
6. Connect the appliance for configuration using one of the
following methods:
Serial Console
• P
 lug one end of an Ethernet patch cable into the RJ45 serial
console port on the front of the appliance.
• Connect the other end of the Ethernet patch cable to a serial
console server or computer.
• C
 onfigure your console server or computer with the following
settings:
• Baud rate: 9600
• Data bits: 8
• Stop bits: 1
• Parity: None
• Flow control: None
VGA
• Connect a VGA monitor to the VGA connector on the appliance.
• Connect a keyboard to one of the USB ports on the appliance.
Configuring the Appliance
Configure the appliance for the management network automatically
using ZTP or manually in the CLI.
Configuring the appliance automatically using ZTP
ZTP is supported with TMS software 8.2 or later. To configure a TMS
2800 appliance automatically using ZTP, power up the appliance.
On boot, ZTP sends a DHCP request on the management interfaces.
If a DHCP server replies with the location of a network configuration
file for the appliance, ZTP downloads that configuration file.
If ZTP cannot configure the TMS appliance, the boot-up finishes
normally. Then, you can either configure the appliance manually, or,
fix the ZTP issue and reboot the appliance to try ZTP again.
For more information about ZTP, see “Automatically Configuring
a TMS Model for the Management Network” in the Sightline and
Threat Mitigation System Advanced Configuration Guide. You can
download this guide from the Arbor Technical Assistance Center
(https://support.arbornetworks.com).
Configuring the appliance manually in the CLI
Command Syntax Description
command Enter the text as shown.
variable Enter a value for this placeholder.
{kwd1 | kwd2} Enter a keyword as shown. Choose one only.
To configure a TMS 2800 appliance manually, access the CLI for the
TMS appliance through the serial console or computer, and then
enter the following commands:
1. Log in as admin with the password arbor
2. At the CLI prompt, enter ip interfaces ifconfig {mgt0 | mgt1}
IP_address netmask up
{mgt0 | mgt1} = the name of the management interface that you
connected
IP_address = the IP address of the management interface
(including the prefix length if you type an IPv6 address)
netmask = the netmask for the IPv4 address (in dotted-quad
format)
Tip: To view the connected interfaces, enter / ip interfaces show
3. Enter / ip route add default IP_address
IP_address = the IP address of the default route gateway
Tip: To view the routes, enter / ip route show
4. Enter / ip access add service {name | all} CIDR
service = ssh (for remote CLI), ping, snmp, or telnet
{name | all} = the name of the management interface on which
you want to exclusively apply a service, or all if you want to apply
the access rule to all interfaces
CIDR = the address range from which you want to use a service
5. Repeat the previous step for each service that you want to add.
Tip: To view services, enter / ip access show
6. To commit the access configuration, enter / ip access commit
7. Enter / services aaa local password admin interactive
8. Enter the new password twice.
9. Enter / system name set hostname
hostname = the hostname of the appliance
10. (Optional) Enter / services dns server add IP_address
IP_address = the IP address of the DNS server
Tip: To view the DNS server configuration, enter / services dns
show.
© 2015-2018 Arbor Networks, Inc. All rights reserved. www.netscout.com
TMS-QSC-2800-2018/10
11. Enter / services tms bootstrap leader_IP zone_secret
leader_IP = the IP address of the Sightline leader appliance
zone_secret = the word or phrase that is used by all of the
appliances in the system for internal communication
12. Perform this step only if you enabled ssh on the appliance in
step 4:
Enter / services ssh key generate
Enter / services ssh start
13. To use NTP, enter / services ntp server add IP_address
IP_address = the IP address of your NTP server
Tip: To view the NTP server configuration, enter / services ntp
show.
14. Enter / services tms start
15. To commit the configuration changes, enter config write
16. To log out, enter the exit command.
Adding the Appliance to the Leader
To add the TMS appliance to the leader:
1. Log in to the UI of the Sightline leader.
2. On the Configure Appliances page (Administration > Appliances),
add an appliance.
3. On the Add Appliance page, configure the settings for the
TMS appliance on the Appliance tab so that Sightline can
communicate with the appliance.
For instructions, see the Sightline and Threat Mitigation System User
Guide.
Configuring Administrative Settings for
the Appliance
Tip: Before you begin, get the appliance license key from the
shipping box label. Or, contact the Arbor Technical Assistance Center
and provide the serial number shown on the appliance label or in the
output of the / system hardware CLI command.​
Configure administrative settings for the TMS appliance on the
Sightline leader as follows:
1. Log in to the UI of the SIghtline leader.
2. On the Configure Appliances page (Administration > Appliances),
click the name of this appliance and complete its configuration.
For more information, see the Sightline and Threat Mitigation System
User Guide.