Professional Documents
Culture Documents
AED 2600 Installation Guide
AED 2600 Installation Guide
Components
Your AED 2600 package includes the following items:
n AED 2600 appliance
n 2 Ethernet patch cables
n 2 AC power cords or 2 DC connector assemblies
n 1 rail kit with extensions
n Legal documentation
Interface Configurations
The AED 2600 models support the following network interface cards (NICs):
n 1 GbE copper or fiber (SX or LX)
n 10 GbE fiber (SR or LR)
See the Arbor Edge Defense Release Notes for a list of the supported configurations.
For more information, see the section about the AED deployment scenarios in the Arbor
Edge Defense User Guide. You can obtain this guide and other product documentation
from the Arbor Technical Assistance Center web site at
https://support.arbornetworks.com/
Appliance Specifications
The following list describes the specifications for the AED 2600 appliance.
Power Options
The AED 2600 appliance has two 850 W AC or DC hot-swap, redundant power supplies:
AC: 100 VAC to 240 VAC, 50 to 60 Hz, 12/6 A max
DC: -40 VDC to -72 VDC, 28/14 A max
Physical Dimensions
Chassis: 2U rack
Height: 3.45 in (8.76 cm)
Width: 17.14 in (43.53 cm)
Depth: 20 in (50.8 cm)
Weight: 36.95 lb (16.76 kg)
Environmental
Temperature, operating: 41ºF to 104ºF (5ºC to 40ºC)
Humidity, operating: 5% to 85%, non-condensing, at temperatures of 73ºF to 95ºF (23ºC
to 35ºC). Designed to meet or exceed Telcordia GR-63 and ETSI EN 300 019 humidity
requirements for operating, transport, and storage environments.
Temperature, non-operating: -40ºF to 158ºF (-40ºC to 70ºC)
Humidity, non-operating: 95%, non-condensing, at temperatures of 73ºF to 104ºF (23ºC
to 40ºC)
Airflow direction: Front to back. For proper airflow, ensure that the air intake is
positioned in a cold aisle and the air exhaust is positioned in a hot aisle.
Power Draw: 325 W (maximum), 280 W (nominal)
Heat dissipation: 1024 BTU/hr @ 300 W
Compatibility: monitoring
This appliance integrates with management consoles that support SNMPv2 or SNMPv3.
Information to
collect Description
Administrative The user name and password for administrative access to the
username and device. The default user name is admin and the default
password password is arbor. To use the software, you must change the
default password.
System hostname The unique name that identifies this device on the network.
Information to
collect Description
IP address and The IP address and the subnet mask of the device’s
subnet mask management interface.
Default gateway IP The IP address for the default gateway that the management
address and other IP interface uses and any additional routes that are required for
routing the device to access the management interface.
NTP server (optional) The IP address for the server that synchronizes the network
time.
NTP server (optional) The IP address for the server that synchronizes the network
time.
Physical connections The switch or router port mappings to connect to the protection
interfaces. See “About the Protection Interfaces” below.
Physical connections The switch or router port mappings to connect to the protection
interfaces. See “About the Protection Interfaces” below.
Network connectivity The method that you plan to use to connect the device within
mode your network (inline or out-of-line through a span port or
network tap).
Network connectivity The method that you plan to use to connect the device within
mode your network (inline or out-of-line through a span port or
network tap).
DNS server The IP address for the server that translates domain names for
(optional) your network.
License key The license key number for AED that you received from
NETSCOUT. If you subscribed to the ATLAS Intelligence Feed
(AIF), then you also need the AIF license number.
n In an inline deployment, AED acts as a physical cable between the internet and your
protected network. Connect the upstream network equipment to an “ext” interface on
AED. Connect the matching “int” interface on AED to your downstream network
equipment.
n Do not send outbound traffic from your internal network to an “ext” interface on AED.
AED treats all traffic on “ext” interfaces as external.
n In monitor mode, AED is deployed out-of-line through a span port or network tap.
Connect the monitor port that receives internet traffic to an “ext” interface on AED. You
can connect the matching “int” interface on AED to the monitor port that sends traffic
to the internet, but this connection is not required.
n AED expects the first protection interfaces (ext0 and int0 in inline mode or ext0 in
monitor mode) to be connected. If they are not connected, then AED generates system
alerts in the UI. For example, if you connect to interfaces ext2 and int2, then the
system alerts will indicate that interfaces ext0 and int0 are down. You can disable
alerting for the ext0 and int0 interface pair in the UI.
n If you connect more than one pair of protection interfaces, we recommend that you
balance the traffic that AED processes across the physical NICs. For example, if you
need to connect two pairs of protection interfaces, connect ext0/int0 and ext2/int2
because they are on different NICs.
Important
If you connect AED to interfaces that do not support Auto MDI selection, then use the
correct combination of straight-through or crossover cables. It is important that you
maintain the link through an inline AED when bypass mode is engaged.
Front Panel
The following diagram shows the port, buttons, and LEDs on the front panel of the AED
2600 appliance.
1 2 3 4 5 6 13
7 8 9 10 11 12
An alarm LED that is blinking green, solid amber, or solid red indicates that an error has
occurred. To determine the cause of an error, review the Active Alerts section on the
Summary page in the AED UI.
Back Panel
The following illustration shows the AED 2600 back panel with 10 GbE fiber interfaces and
1 GbE copper interfaces. Your appliance might have a different configuration.
Note
Both types of power supplies are shown for illustration purposes only. Each appliance
has either two AC power supplies or two DC power supplies.
1
6
5 4 3
1 2 3 4 5 6 7 8 9 10 11
For details about the configuration of the protection ports, see “About the Protection
Interfaces” on page 3.
Refer to the following appliance panel diagrams as you complete the connection tasks:
n "Front Panel" on the previous page
n “Back Panel” above
Note
The appliance can operate with one power cord connected. However, by connecting to
two separate power circuits, the appliance can operate if one circuit loses power.
If the installation script does not appear or if you need to reinstall AED, then see the
instructions for installing and reinstalling AED in the Arbor Edge Defense User Guide.
After you complete the installation script, you configure additional settings by using the
command line interface (CLI). The following syntax represents the CLI commands.
{option1 | option2} A set of choices, one of which is required. Do not type the
vertical bar or the braces.
Installing AED
1. Turn on the AED appliance.
n If you connect to the appliance through a serial console, the installation starts. Skip
to Step 6.
n Otherwise, go to the next step.
2. When the Press any key to continue prompt appears, press a key within five
seconds.
Important
If the system continues before you can press a key, then turn off the appliance and
start over.
3. At the GRUB menu, press the up arrow key or down arrow key to stop the 10-second
countdown.
Important
If the system continues before you can stop the countdown, then turn off the
appliance and start over.
4. Select the following option on the GRUB menu and then press ENTER:
(re)install from on-board flash (Serial)
5. Enter y in response to the following prompt:
Do you want to begin the install process?
This will remove all current data and configuration [n]
The script initializes the system, installs the software, and builds the databases. These
processes take some time.
6. When the installation processes finish, respond to the prompts as follows:
Prompt Description
Enable FIPS mode? Enter y at each prompt to enable FIPS mode,
Are you sure you want to otherwise enter n. In FIPS mode, AED
permanently enable FIPS mode? supports only FIPS-compliant algorithms.
Note
If you enable FIPS mode, you cannot disable
this mode after the installation completes.
System hostname? Enter the host name for the AED appliance as
a simple host name or a fully qualified
domain name. For example: system1 or
system1.example.net.
IP address for interface mgt0 Enter the IP address for this management
port. For example: 198.51.100.2 or
2001:DB8::2
Netmask for interface mgt0 (IPv4 addresses only) Enter the netmask in
dotted-quad format. For example:
255.255.255.0
Prefix for interface mgt0 (IPv6 addresses only) Enter the prefix length
for this management port’s address. For
example: /64
Prompt Description
{https | ping | cloudsignal | At each of these prompts, enter the address
ssh} access from which range from which you want to allow
network? communications to a service. For example:
198.51.100.0/24 or 2001:DB8::/32
To skip a prompt, press ENTER.
For security reasons, AED does not allow IP
access rules that specify numeric ports. If you
enter an IP access rule for 0.0.0.0/0 or ::/0,
then AED displays a warning message and
prompts you to confirm the entry.
Caution
We strongly recommend that you do not
use 0.0.0.0/0 or ::/0, because these address
ranges allow unrestricted access to a
service. To restrict access, specify the
narrowest address range that you can.
After you pass through these prompts, the
system generates a new SSH host key file.
DNS server IP address Enter the IP address for your DNS server or
press ENTER to skip this prompt.
Current time and date Accept the default values or enter a new time
and date in the format mmddHHMMyyyy.SS
(month, day, hour, minutes, year, seconds).
NTP server IP address Enter the IP address for your NTP server or
press ENTER to skip this prompt.
Important
When the system restarts, do not press a key or respond to any other prompts until the
login prompt appears.
Important
The license key commands are case sensitive. Enter the model and license key exactly as
they appear in your license key email, including any spaces and punctuation.
10. If you subscribed to the AIF, enter / system license set ASERT "level expires:
expirationDate" license_key
"level expires: expirationDate" = The level of the AIF license plus the
expiration timestamp. For example: "AED-AIF-ADVANCED expires: 1437749737”
license_key = The AIF license key.
11. Enter / services aed mode set {inline | monitor}
{inline | monitor} = If you placed the appliance inline in your network, enter
inline. If you placed the appliance out-of-line through a span port or network
tap, enter monitor.
12. To save the configuration changes, enter / config write
Important
Do not skip this step.
13. Enter / reload
Important
You must reload AED before you can start AED services.
14. Enter / services aed start
15. To complete the installation and log out of the CLI, enter the following commands,
one at a time:
/ config write
/ exit