QUICK START CARD
Arbor Edge Defense
AED-HD1000 Appliance
This Quick Start Card provides instructions for the connection
and initial configuration of your AED-HD1000 appliance. These
procedures represent the minimum required setup.
For additional information about this appliance, see the AED-HD1000
Quick Start Card Insert.
Note: If you will use hardware bypass with AED, then the external
NETSCOUT 3296 Inline Bypass Switch is required for hardware
bypass support. (Otherwise, the 3296 is not required.) For installation
instructions, see the 3296 Inline Bypass Switch Quick Start Card.
You can view and download all additional documentation
from the Arbor Technical Assistance Center at
https://support.arbornetworks.com/.
Package Contents
Your AED-HD1000 package includes the following items:
55
Included items
AED-HD1000 appliance
2 Ethernet patch cables
2 AC power cords (AC appliance only)
1 DB9 to RJ45 serial console cable
USB 2.0 A female to USB B print male adapter converter
Left-angled male adapter cable, USB 2.0 female to micro USB, for
use with the USB power cable
4 inch zip tie
4 slide rails and L-brackets for rear rack mounting
Legal documentation
User-Supplied items
Installation of the AED HD1000 appliance also requires the following
items, which you purchase separately.
55
Items to obtain
Four DC power cords and four crimp terminals (DC appliance
only). For DC power cable specifications and connection
instructions, see “Connecting the Appliance” on page 2.
Two or four 100 GbE QSFP28 transceivers (SR4 with MPO
connectors or LR4 with LC connectors).
Up to two 40 GbE QSFP+ transceivers (SR4 or PLR4) with MPO
connectors, to be broken out to four 10 GbE interfaces.
Appropriate cables for each transceiver. If you plan to use the
3296 Inline Bypass Switch, then see the cable requirements in
the 3296 Inline Bypass Switch Quick Start Card.
The optical transceivers and cables are available from NETSCOUT.
Contact your account team.
© NETSCOUT SYSTEMS, INC. Confidential and Proprietary
Configuration Options
The AED-HD1000 appliance supports the following configurations:
• AC or DC power
• In each of the two switch modules:
• A minimum of two 100 GbE QSFP28 optical transceivers (SR4
with MPO connectors or LR4 with LC connectors)
• One 40 GbE QSFP+ optical transceiver (SR4 or PLR4 with an
MPO connector), which breaks out into four 10 GbE interfaces.
• One to eight Packet Processing Modules (PPMs)
Appliance Specifications
The following list describes the electrical, environmental, and
physical specifications for the AED-HD1000 appliance.
Power options
The AED-HD1000 has the following power supplies:
• AC: Two 1500 watt, hot-swap, redundant power supplies
Input: 100-240 V AC, 15-10 A, 50-60 Hz (x2)
Important: The power supplies use IEC 60320 C15 power
receptacles.
• DC: Two 1500 watt, hot-swap, redundant power supplies
Input: -48 to -60 V DC, 44A (x2)
Environmental
Temperature, operating: 23ºF to 104ºF (-5ºC to 40ºC)
Relative humidity, operating: 5% to 93% non-condensing
Airflow direction: Front to back. To ensure adequate cooling, do not
obstruct the fan module air intakes on the chassis front panel.
Physical dimensions
Chassis: 2U rack height
Height: 3.5 inches (88.9 mm)
Width: 17.6 inches (447 mm)
Depth: 22.8 inches (580.2 mm) including front and rear handles
Weight: 43.6 lb (19.8 kg)
The appliance weight includes the following components:
• 2 switch modules (SMs)
• 1 management module (MM)
• 2 PPM-50G modules
For each additional PPM module, add 2.5 lb (1.2 kg).
• 2 AC or DC power supplies
• 5 fan modules
Compatibility: Monitoring
The appliance integrates with management consoles that support
SNMPv2 or SNMPv3.
Before You Begin
First, decide whether to place the appliance inline (inline mode) or
out-of-line through a span port or network tap (monitor mode). Also
decide which deployment scenario is the best for your network.
For more information, see the section about the AED deployment
scenarios in the Arbor Edge Defense User Guide. You can view and
download this guide from the Arbor Technical Assistance Center web
site at https://support.arbornetworks.com/
Collecting Information
Collect the following information for your appliance:
• Appliance hostname — The unique name that identifies this
appliance on the network.
• Administrative username and password — The username and
password for administrative access to the appliance. The default
username is admin and the default password is arbor. To use
AED, you must change the default password.
• IP address and network mask — The management IP address
and the netmask for the appliance’s management interface.
• NTP Server (optional) — The IP address for the server that
synchronizes the network time.
• Default gateway IP address — The IP address and netmask for
the management default route and any additional routes that are
required for the device to access the management interface.
• Physical connections — The switch or router port mappings
to connect to the AED protection interfaces. See the “About the
Protection Interfaces” section of this card.
• Network connectivity mode — The method that you plan to use
to connect the AED appliance within your network (inline or out-
of-line through a span port or network tap).
Connecting the AED-HD1000 Appliance
Refer to the appliance panel diagrams in the AED-HD1000 Quick Start
Card Insert as you complete the following tasks.
To connect power
1. (AC only) Connect the two AC power cords to the two AC power
supply units (PSUs) on the rear panel.
2. (DC only) Obtain four DC power cables and four crimp terminals
(two of each for each DC PSU). We recommend #8 AWG THHN
90 C rated cable and Panduit LCBX8-10F-L crimp terminals. DC
cables and crimp terminals are not available from NETSCOUT.
Connect two DC power cords to each of the DC PSUs on the rear
panel. We recommend that you install the crimp terminals so
that they protrude from the top of the terminal block.
See the DC power connection pinout below:
DC Input Pins
3
1 Vin+ (input positive)
1 2
2 Vin– (input negative)
3 PE (ground)
© NETSCOUT SYSTEMS, INC. Confidential and Proprietary
3. Connect a ground wire to the chassis
ground lug on the outer wall of the
chassis (shown at right).
Ground Lug
4. Connect the appliance power cables
to separate facility power circuits to
maximize power redundancy.
Hazardous voltage exists at the
PSU input connectors when the
cables are connected to the facility
power. We strongly recommend that
the facility power wiring be performed
by a qualified electrician.
To connect the management interfaces
Plug one end of the Ethernet patch cable into an Ethernet switch.
On the front panel, plug the other end of the Ethernet patch cable
into a management interface, either mgt0 on SM‑320G‑0 or mgt1 on
SM‑320G-1. The management interfaces are labeled MNGT on the
faceplates for SM‑320G‑0 and SM‑320G‑1.
To connect the protection interfaces
Before you begin, review the “About the Protection Interfaces”
section of this card for guidance and best practices.
For each protection interface, follow these steps:
1. On the front panel, install an optical transceiver module in one
of the designated ports. Each SM‑320G module has two QSFP28
ports and one QSFP+ port.
2. (QSFP28 optical transceivers only) Connect the fiber optic cable
to the QSFP28 module and to the appropriate 100 GbE interface
on the router or switch.
Important: If you use a QSFP28 SR4 transceiver, then you
must enable FEC (Forward Error Correction) mode during the
software installation. Enabling FEC on a QSFP28 LR4 transceiver
is optional. (See the “Installing AED” section of this card.) Also
enable FEC on the interface of the device to which the AED
appliance is connected.
3. (QSFP28+ optical transceivers only) Connect the MPO connector
of a breakout cable to the QSFP+ module and connect the four
LC breakout connectors to the four 10 GbE interfaces on the
router or switch.
4. Repeat these steps for each additional protection interface.
To connect a serial console cable
1. Connect one end of a serial console cable to a serial console
server or to the computer that you use to configure the
appliance. The serial console port on this appliance uses Cisco
pinouts.
2. On the front panel, connect the other end of the serial console
cable to the serial console RJ45 port on one of the switch
modules, SM‑320G‑0 or SM‑320G-1.
3. Configure your computer or serial console server with the
following settings: 9600 baud, 8 data bits, 1 stop bit, no parity,
and no flow control.
About the Protection Interfaces 2. When the Press any key to continue prompt appears,
press a key within five seconds.
A network path to be protected can be connected to any two like-
Important: If the system continues before you can press a key,
numbered interfaces (for example, ext0 and int0). The “ext” interface
then turn off the appliance and start over.
always faces an external internet connection and the “int” interface
always faces your internal network. For the location of the “ext” and 3. At the GRUB menu, press the up arrow key or down arrow key to
“int” interfaces, see the front panel diagram in the Insert for this stop the 10-second countdown.
Quick Start Card. Important: If the system continues before you can stop the
• In an inline deployment, AED acts as a physical cable between countdown, then turn off the appliance and start over.
the internet and your protected network. Connect the upstream
4. Select the following option on the GRUB menu and then press
network equipment to an “ext” interface on AED. Connect the
enter:
matching “int” interface on AED to your downstream network
equipment. (re)install from on-board flash (Serial)
• Do not send outbound traffic from your internal network to an 5. Enter y in response to the following prompt:
“ext” interface on AED. AED treats all traffic on “ext” interfaces as Do you want to begin the install process?
external.
This will remove all current data and
• In monitor mode, AED is deployed out-of-line through a span configuration [n]
port or network tap. Connect the monitor port that receives
The installation initializes the system, installs the software, and
internet traffic to an “ext” interface on AED. You can connect the
builds the databases. These processes take some time.
matching “int” interface on AED to the monitor port that sends
traffic to the internet, but this connection is not required. 6. When the installation processes finish, respond to the prompts
• AED expects the first protection interfaces (ext0 and int0 in inline as follows:
mode or ext0 in monitor mode) to be connected. If they are not
connected, then AED generates system alerts in the web UI. For Prompt Response
example, if you connect to interfaces ext2 and int2, then system
Enable FIPS mode? Enter n. The AED-HD1000 does not support
alerts will indicate that interfaces ext0 and int0 are down. You
FIPS mode.
can disable alerting for the ext0 and int0 interface pair in the UI. Are you sure
you want to
Important: For the best performance, distribute the connections
permanently
of interface pairs as evenly as possible between SM‑320G‑0 and
enable FIPS mode?
SM‑320G‑1. For example, you might install one pair of 100 GbE
interfaces on SM‑320G‑0 and two pairs of 10 GbE interfaces on System hostname? Enter the appliance’s hostname as a simple
SM‑320G‑1. Or, if you plan to install three 10 GbE interface pairs, host name or a fully qualified domain
then you might install two pairs on SM‑320G‑0 and one pair on name. For example: host.example.com
SM‑320G‑1. Set admin (Strongly recommended) To change
password? the administrator password, enter y. At
Installing AED the password prompts, enter the new
The quick installation script prompts you to enter the information password.
that is required to install AED. To respond to the prompts, type the Important: To use AED, you must change
requested information and press enter. To accept a default entry, the default password.
which is displayed in brackets, press enter without typing a response. IP address for Enter this management port’s IP address.
interface mgt0 For example: 198.51.100.2 or 2001:DB8::2
Command syntax Description
command Netmask for (IPv4 addresses only) Enter the netmask
Items that you must type as shown.
interface mgt0 in dotted-quad format. For example:
variable A placeholder for which you must supply 255.255.255.0
a value.
Prefix for (IPv6 addresses only) Enter the prefix
{option1 | option2} A set of choices, one of which is required. interface mgt0 length of this management port’s address.
Do not type the vertical bar or the braces. For example: /64
IP address for Respond to the prompts to configure mgt1
Note: If the installation script does not appear or if you need to interface mgt1 or press enter to skip the configuration.
reinstall AED, see the instructions for installing and reinstalling AED
in the Arbor Edge Defense User Guide. Default route Enter the default gateway’s IP address. For
example: 198.51.100.1 or 2001:DB8::1
To install AED
1. Turn on the AED appliance.
• If you connected to the appliance through a serial console, the
installation starts automatically. Go to Step 6.
• Otherwise, go to Step 2.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Prompt Response
{https | ping | At each of these prompts, enter the
cloudsignal | address range from which you want to
ssh} access from allow communications to a service. For
which network? example: 198.51.100.0/24 or 2001:DB8::/32
Important: We strongly recommend that
you do not use 0.0.0.0/0 or ::/0, as these
address ranges allow unrestricted access
to a service. To restrict access, specify the
narrowest address range that you can.
To skip a prompt, press enter.
10. Enter / services aed mode set {inline | monitor}
{inline | monitor} = Enter inline if you placed the appliance
inline in your network. Enter monitor if you placed it out-of-line
through a span port or network tap.
11. Enter / reload
Important: You must reload AED before you can start the AED
services.
12. Enter / services aed start
Important: If you did not change the default administrator
password earlier, you must change it before you can start AED
services.

After you pass through these prompts, a
new SSH host key file is generated.
DNS server IP Enter the IP address for your DNS server or
address press enter to skip this prompt.
Current time and Accept the default or enter a new time and
date date in the format mmddHHMMyyyy.SS
(month, day, hour, minutes, year, seconds).
NTP server IP Enter the IP address of your NTP server or
address press enter to skip this prompt.
13. To complete the installation, enter the following commands, one
at a time:
• config write
• exit
Finishing the Configuration
You complete the AED configuration in the AED web UI. For
information about configuring the AED settings, see the
Arbor Edge Defense User Guide.

Important: When the system restarts, do not press a key or respond

to any other prompts until the login prompt appears.

7. At the login prompt, enter the default username of admin.

8. At the password prompt, enter the admin password that you

set in the installation script.

9. (QSFP28 optical transceivers only) Enter the following command

for each QSFP28 interface on which you plan to use FEC. FEC is
required for QSFP28 SR4 transceivers, but optional for QSFP28
LR4 transceivers.
/ system hardware fec enable {ext0 | int0 | ext1 | int1}
{ext0 | int0 | ext1 | int1} = the interfaces with QSFP28 optical
transceivers

© 2019-2020 NETSCOUT SYSTEMS, INC. All rights reserved. Confidential and Proprietary. www.netscout.com
AED-HD1000-QSC-2020/07, Part Number 293-2915 Rev. D