Installation Guide

Arbor Edge Defense

AED 2600 Appliance
This guide provides instructions for the connection and initial configuration of your
NETSCOUT AED 2600 Appliance. These procedures represent the minimum required
setup.

Components
Your AED 2600 package includes the following items:
n AED 2600 appliance
n 2 Ethernet patch cables
n 2 AC power cords or 2 DC connector assemblies
n 1 rail kit with extensions
n Legal documentation

Interface Configurations
The AED 2600 models support the following network interface cards (NICs):
n 1 GbE copper or fiber (SX or LX)
n 10 GbE fiber (SR or LR)

See the Arbor Edge Defense Release Notes for a list of the supported configurations.

Before You Begin

First, decide whether to place the appliance inline (inline mode) or out-of-line through a
span port or network tap (monitor mode). Also, decide which deployment scenario is best
for your network.

For more information, see the section about the AED deployment scenarios in the Arbor
Edge Defense User Guide. You can obtain this guide and other product documentation
from the Arbor Technical Assistance Center web site at
https://support.arbornetworks.com/

© 2018-2021 NETSCOUT SYSTEMS, INC. All rights reserved. www.netscout.com

AED-IG-2600-2021/08 Part Number: 293-2868 Rev. J
02 August, 2021 ®
AED 2600 Appliance Installation Guide

Appliance Specifications
The following list describes the specifications for the AED 2600 appliance.

Power Options
The AED 2600 appliance has two 850 W AC or DC hot-swap, redundant power supplies:
AC: 100 VAC to 240 VAC, 50 to 60 Hz, 12/6 A max
DC: -40 VDC to -72 VDC, 28/14 A max

Physical Dimensions
Chassis: 2U rack
Height: 3.45 in (8.76 cm)
Width: 17.14 in (43.53 cm)
Depth: 20 in (50.8 cm)
Weight: 36.95 lb (16.76 kg)

Environmental
Temperature, operating: 41ºF to 104ºF (5ºC to 40ºC)
Humidity, operating: 5% to 85%, non-condensing, at temperatures of 73ºF to 95ºF (23ºC
to 35ºC). Designed to meet or exceed Telcordia GR-63 and ETSI EN 300 019 humidity
requirements for operating, transport, and storage environments.
Temperature, non-operating: -40ºF to 158ºF (-40ºC to 70ºC)
Humidity, non-operating: 95%, non-condensing, at temperatures of 73ºF to 104ºF (23ºC
to 40ºC)
Airflow direction: Front to back. For proper airflow, ensure that the air intake is
positioned in a cold aisle and the air exhaust is positioned in a hot aisle.
Power Draw: 325 W (maximum), 280 W (nominal)
Heat dissipation: 1024 BTU/hr @ 300 W

Compatibility: monitoring
This appliance integrates with management consoles that support SNMPv2 or SNMPv3.

Collecting Information for the Installation

Collect the following information for your appliance:

Information to
collect Description

Administrative The user name and password for administrative access to the
username and device. The default user name is admin and the default
password password is arbor. To use the software, you must change the
default password.

System hostname The unique name that identifies this device on the network.

2 NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 AED 2600 Appliance Installation Guide

Information to
collect Description

IP address and The IP address and the subnet mask of the device’s
subnet mask management interface.

Default gateway IP The IP address for the default gateway that the management
address and other IP interface uses and any additional routes that are required for
routing the device to access the management interface.

NTP server (optional) The IP address for the server that synchronizes the network
time.

NTP server (optional) The IP address for the server that synchronizes the network
time.

Physical connections The switch or router port mappings to connect to the protection
interfaces. See “About the Protection Interfaces” below.

Physical connections The switch or router port mappings to connect to the protection
interfaces. See “About the Protection Interfaces” below.

Network connectivity The method that you plan to use to connect the device within
mode your network (inline or out-of-line through a span port or
network tap).

Network connectivity The method that you plan to use to connect the device within
mode your network (inline or out-of-line through a span port or
network tap).

DNS server The IP address for the server that translates domain names for
(optional) your network.

License key The license key number for AED that you received from
NETSCOUT. If you subscribed to the ATLAS Intelligence Feed
(AIF), then you also need the AIF license number.

About the Protection Interfaces

You can connect a network path to any two like-numbered interfaces (for example, ext0
and int0). The “ext” interface always faces an external internet connection and the “int”
interface always faces your internal network. For the location of the “ext” and “int”
interfaces, see “Back Panel” on page 5.

n In an inline deployment, AED acts as a physical cable between the internet and your
protected network. Connect the upstream network equipment to an “ext” interface on
AED. Connect the matching “int” interface on AED to your downstream network
equipment.
n Do not send outbound traffic from your internal network to an “ext” interface on AED.
AED treats all traffic on “ext” interfaces as external.
n In monitor mode, AED is deployed out-of-line through a span port or network tap.
Connect the monitor port that receives internet traffic to an “ext” interface on AED. You
can connect the matching “int” interface on AED to the monitor port that sends traffic
to the internet, but this connection is not required.

NETSCOUT SYSTEMS, INC. Confidential and Proprietary 3

AED 2600 Appliance Installation Guide

n AED expects the first protection interfaces (ext0 and int0 in inline mode or ext0 in
monitor mode) to be connected. If they are not connected, then AED generates system
alerts in the UI. For example, if you connect to interfaces ext2 and int2, then the
system alerts will indicate that interfaces ext0 and int0 are down. You can disable
alerting for the ext0 and int0 interface pair in the UI.
n If you connect more than one pair of protection interfaces, we recommend that you
balance the traffic that AED processes across the physical NICs. For example, if you
need to connect two pairs of protection interfaces, connect ext0/int0 and ext2/int2
because they are on different NICs.

Important
If you connect AED to interfaces that do not support Auto MDI selection, then use the
correct combination of straight-through or crossover cables. It is important that you
maintain the link through an inline AED when bypass mode is engaged.

Front Panel
The following diagram shows the port, buttons, and LEDs on the front panel of the AED
2600 appliance.
1 2 3 4 5 6 13

7 8 9 10 11 12

1. Power button 8. Chassis ID button

2. System reset button 9. NIC1/NIC 2 activity LED
3. Chassis information LED 10. HDD activity LED
4. Fan status LED 11. Power alarm LED
5. Critical alarm LED 12. Minor alarm LED
6. Major alarm LED 13. RJ45 serial console port
7. NMI button

An alarm LED that is blinking green, solid amber, or solid red indicates that an error has
occurred. To determine the cause of an error, review the Active Alerts section on the
Summary page in the AED UI.

4 NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 AED 2600 Appliance Installation Guide

Back Panel
The following illustration shows the AED 2600 back panel with 10 GbE fiber interfaces and
1 GbE copper interfaces. Your appliance might have a different configuration.

Note
Both types of power supplies are shown for illustration purposes only. Each appliance
has either two AC power supplies or two DC power supplies.

1
6

ext0 int0 ext1 int1 ext2 int2 ext3 int3

7 2
ext4 int4 ext5 int5

5 4 3

1 2 3 4 5 6 7 8 9 10 11

1. VGA connector 8. 1 GbE protection ports. Copper ports are

2. USB1 (top) and USB0 (bottom) shown, but these ports can be copper or fiber.
3. (Not supported) Remote Management NIC 9. Two ground studs for DC-input system
4. USB2 (top) and USB3 (bottom) 10. Power supply 2 (DC module is shown)
5. Management port 0, mgt0 (GbE NIC 1 The pins are numbered 1, 2, and 3 from the
connector) bottom to the top. Pin 1 (bottom) is the
6. Management port 1, mgt1 (GbE NIC 2 ground, pin 2 (middle) is the -48 VDC terminal,
connector) and pin 3 (top) is the return terminal.
7. 1 GbE (fiber or copper) or 10 GbE fiber 11. Power supply 1 (AC module is shown)
protection ports

For details about the configuration of the protection ports, see “About the Protection
Interfaces” on page 3.

Connecting the Appliance

Warning
Read all of the installation instructions and safety-related warnings before you connect
the appliance to its power source.

Refer to the following appliance panel diagrams as you complete the connection tasks:
n "Front Panel" on the previous page
n “Back Panel” above

Connect the power source

1. On the back panel, connect the power cords to the two redundant power supplies.
2. Connect the power cords to separate facility power circuits.

Note
The appliance can operate with one power cord connected. However, by connecting to
two separate power circuits, the appliance can operate if one circuit loses power.

NETSCOUT SYSTEMS, INC. Confidential and Proprietary 5

AED 2600 Appliance Installation Guide

Connect management and mitigation interfaces

1. Plug one end of an Ethernet patch cable into an Ethernet switch.
2. On the back panel, plug the other end of the Ethernet patch cable into the
management port mgt0.
Do not plug the patch cable into the port labeled MNGT on the back panel.
3. (Optional) Repeat the previous steps to connect to the management port mgt1.
4. For each protection interface pair that you plan to connect, complete the following
steps:
a. Plug one end of an Ethernet patch cable into an “ext” protection interface on the
appliance. Plug the other end of the Ethernet patch cable into your upstream
network equipment or to a span port or network tap that receives traffic from the
internet.
b. Plug one end of an Ethernet patch cable into the matching “int” interface on the
appliance. Plug the other end of the Ethernet patch cable into your downstream
equipment or to a span port or network tap that sends the traffic to the internet.
Note
To balance the traffic, we recommend that you connect protection interface pairs
that are on different physical NICs.

Connect to the appliance for configuration

Use one of the following methods to connect to the appliance for configuration:

Cable connection steps

Serial Console VGA

1. Plug the RJ45 end of an Ethernet patch 1. Connect a VGA monitor to the
cable into the serial console port on the VGA connector on the appliance.
front of the appliance. 2. Connect a keyboard to one of the
2. Connect the other end of the Ethernet USB ports on the appliance.
patch cable to a serial console server or
computer.
3. Configure your console server or
computer with the following settings:
l Baud rate: 9,600
l Data bits: 8
l Stop bits: 1
l Parity: None
l Flow control: None

6 NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 AED 2600 Appliance Installation Guide

Installing the AED Software

The installation script prompts you to enter the information that is required to install
AED. To respond to the prompts, type the requested information and press ENTER. To
accept a default entry, which is displayed in brackets, press ENTER without typing a
response.

If the installation script does not appear or if you need to reinstall AED, then see the
instructions for installing and reinstalling AED in the Arbor Edge Defense User Guide.

After you complete the installation script, you configure additional settings by using the
command line interface (CLI). The following syntax represents the CLI commands.

Command syntax Description

command Items that you must type as shown.

variable A placeholder for which you must supply a value.

{option1 | option2} A set of choices, one of which is required. Do not type the
vertical bar or the braces.

Installing AED
1. Turn on the AED appliance.
n If you connect to the appliance through a serial console, the installation starts. Skip
to Step 6.
n Otherwise, go to the next step.
2. When the Press any key to continue prompt appears, press a key within five
seconds.
Important
If the system continues before you can press a key, then turn off the appliance and
start over.
3. At the GRUB menu, press the up arrow key or down arrow key to stop the 10-second
countdown.
Important
If the system continues before you can stop the countdown, then turn off the
appliance and start over.
4. Select the following option on the GRUB menu and then press ENTER:
(re)install from on-board flash (Serial)
5. Enter y in response to the following prompt:
Do you want to begin the install process?
This will remove all current data and configuration [n]
The script initializes the system, installs the software, and builds the databases. These
processes take some time.
6. When the installation processes finish, respond to the prompts as follows:

NETSCOUT SYSTEMS, INC. Confidential and Proprietary 7

AED 2600 Appliance Installation Guide
Prompt
Enable FIPS mode?
Are you sure you want to
permanently enable FIPS mode?
System hostname?
Set admin password?
IP address for interface mgt0
Netmask for interface mgt0
Prefix for interface mgt0
IP address for interface mgt1
Default route
8 NETSCOUT SYSTEMS, INC. Confidential and Proprietary
Description
Enter y at each prompt to enable FIPS mode,
otherwise enter n. In FIPS mode, AED
supports only FIPS-compliant algorithms.
Note
If you enable FIPS mode, you cannot disable
this mode after the installation completes.
Enter the host name for the AED appliance as
a simple host name or a fully qualified
domain name. For example: system1 or
system1.example.net.
To change the administrator password, enter
y. At the password prompts, enter the new
password.
Important
To use AED, you must change the default
password.
Enter the IP address for this management
port. For example: 198.51.100.2 or
2001:DB8::2
(IPv4 addresses only) Enter the netmask in
dotted-quad format. For example:
255.255.255.0
(IPv6 addresses only) Enter the prefix length
for this management port’s address. For
example: /64
Respond to the prompts to configure mgt1 or
press ENTER to skip the configuration.
Enter the IP address for the default gateway.
For example: 198.51.100.1 or 2001:DB8::1
 AED 2600 Appliance Installation Guide

Prompt Description
{https | ping | cloudsignal | At each of these prompts, enter the address
ssh} access from which range from which you want to allow
network? communications to a service. For example:
198.51.100.0/24 or 2001:DB8::/32
To skip a prompt, press ENTER.
For security reasons, AED does not allow IP
access rules that specify numeric ports. If you
enter an IP access rule for 0.0.0.0/0 or ::/0,
then AED displays a warning message and
prompts you to confirm the entry.
Caution
We strongly recommend that you do not
use 0.0.0.0/0 or ::/0, because these address
ranges allow unrestricted access to a
service. To restrict access, specify the
narrowest address range that you can.
After you pass through these prompts, the
system generates a new SSH host key file.

DNS server IP address Enter the IP address for your DNS server or
press ENTER to skip this prompt.

Current time and date Accept the default values or enter a new time
and date in the format mmddHHMMyyyy.SS
(month, day, hour, minutes, year, seconds).

NTP server IP address Enter the IP address for your NTP server or
press ENTER to skip this prompt.

Important
When the system restarts, do not press a key or respond to any other prompts until the
login prompt appears.

7. At the login prompt, enter the default username of admin.

8. At the password prompt, enter the admin password that you set in the installation
script.

Important
The license key commands are case sensitive. Enter the model and license key exactly as
they appear in your license key email, including any spaces and punctuation.

9. Enter / system license set aed "model" license_key

model = The AED model. For example: "AED-2600-15".
This argument might take additional parameters, such as the expiration date
for an evaluation license.
license_key = The AED license key.

NETSCOUT SYSTEMS, INC. Confidential and Proprietary 9

AED 2600 Appliance Installation Guide

10. If you subscribed to the AIF, enter / system license set ASERT "level expires:
expirationDate" license_key
"level expires: expirationDate" = The level of the AIF license plus the
expiration timestamp. For example: "AED-AIF-ADVANCED expires: 1437749737”
license_key = The AIF license key.
11. Enter / services aed mode set {inline | monitor}
{inline | monitor} = If you placed the appliance inline in your network, enter
inline. If you placed the appliance out-of-line through a span port or network
tap, enter monitor.
12. To save the configuration changes, enter / config write
Important
Do not skip this step.
13. Enter / reload
Important
You must reload AED before you can start AED services.
14. Enter / services aed start
15. To complete the installation and log out of the CLI, enter the following commands,
one at a time:
/ config write
/ exit

Finishing the Configuration

You complete the AED configuration in the AED UI. For information about configuring the
AED settings, see the Arbor Edge Defense User Guide.

10 NETSCOUT SYSTEMS, INC. Confidential and Proprietary