Eltex Documentation EN
Быстрые ссылки
Дерево страниц
Перейти к концу метаданных
Переход к началу метаданных

Introduction

Abstract

Today, large-scale communication network development projects are becoming increasingly common. One of the main tasks in implementation of large multiservice networks is the creation of reliable high-performance transport network that will serve as a backbone in multilayer architecture of next-generation networks.

ESR series firewalls could be used in large enterprise networks, SMB networks and operator's networks. Devices provide high performance and bandwidth, and feature protection of transmitted data.

This operation manual describes intended use, specifications, features, design, installation, first time setup, and firmware update guidelines for the ESR series service router (next, the router or the device).

Target Audience

This user manual is intended for technical personnel that performs device installation, configuration and monitoring via command line interface (CLI) as well as the system maintenance and firmware update procedures. Qualified technical personnel should be familiar with the operation basics of TCP/IP protocol stacks and Ethernet networks design concepts. 

Notes and warnings

Notes contain important information, tips or recommendations on device operation and setup.

Warnings inform users about hazardous conditions which may cause injuries or device damage and may lead to the device malfunctioning or data loss.

Product Description

Purpose

ESR series devices are the high performance multi-purpose network routers. Device combines traditional network features with a complex multi-tier approach to routing security, and ensures robust corporate environment protection.

Device has a built-in firewall that enables protection of your and organization network environment and supports latest data security, encryption, authentication and anti-intrusion features.

Device contains software and hardware means of data processing. Top performance is achieved through optimal distribution of data processing tasks between different subsets of the device.

Functions

Interfaces functions

Table 1 lists interface functions of the device.

Table 1 – Device interface functions

Cable connection polarity detection  (Auto MDI/MDIX)

Automatic cable type detection–crossed or straight.

  • MDI (Medium Dependent Interface – straight) – cable standard for connection of terminal devices;
  • MDIX (Medium Dependent Interface with Crossover – crossed) – cable standard for connection of hubs and switches.

Back pressure routing support  (Back pressure)

The backpressure routing method is utilized in half-duplex connections for management of data streams, coming from the opposite devices, by means of collisions. This method allows to avoid buffer overruns and the loss of data.

Flow control  (IEEE 802.3X)

Flow control allows to interconnect the low-speed and the high-speed devices. To avoid buffer overrun, the low-speed device gains the ability to send PAUSE packets, that will force the high-speed device to pause the packet transmission.

Link aggregation  (LAG)

Link aggregation allows to increase the communication link bandwidth and robustness.

Router supports static and dynamic link aggregation. For dynamic aggregation, link group management is performed via LACP protocol.

Functions for MAC address processing

Table 2 lists MAC address processing functions of the device.

Table 2 – MAC address processing functions

Table of  MAC addresses

MAC address table sets the correspondence between MAC addresses and device interfaces and is used for data packet routing. Routers support table capacity up to 128K of MAC addresses and reserve specific MAC addresses for the system use.

Learning mode

MAC address table may contain either static addresses or addresses learnt during data packet transition through the device.

Learning involves registration of packet source MAC addresses with their binding to ports and VLANs. Afterwards, this data is used for incoming packet routing. Registered MAC address lifetime is limited. Administrator may adjust this setting.

If destination MAC address specified in the packet that was received by the device is not listed in the table, this packet will be sent further as a broadcast packet within L2 segment of the network.

Second-layer functions of OSI model

Table 3 lists second-layer functions and special aspects (OSI Layer 2).

Table 3 – Second-layer functions description (OSI Layer 2)

VLAN functions

VLAN (Virtual Local Area Network) is a solution used for splitting a network into separate segments on L2 level. VLAN utilization allows to increase the operation stability for large networks by splitting them into smaller networks, isolate diversified data traffic by type and solve many other tasks.

Routers support various VLAN management methods:

  • VLAN based on data packet tagging according to IEEE802.1Q
  • VLAN based on device ports (port-based)
  • VLAN based on utilization of data classification policies (policy-based)

Spanning Tree Protocol 1

The main task of Spanning Tree Protocol is to exclude redundant network links and convert network topology into the tree-like structure. Common areas of protocol application involve the prevention of network traffic loops and establishing of redundant communication links.

1  In the current firmware version, this functionality is supported only by ESR-1000 router

Third-layer functions of OSI model

Table 4 lists third-layer functions (OSI Layer 3).

Table 4 – Third-layer functions description (OSI Layer 3)

Static IP routes

Administrator of the router can add or remove static entries into/from the routing table.

Dynamic routing

 

With dynamic routing protocols, the device will be able to exchange the routing information with neighbouring routers and automatically create a routing table.

Router supports the following protocols: RIP, OSPFv2, OSPFv3, BGP.

ARP table

ARP (Address Resolution Protocol) is a protocol used for resolution of the network and data-link layer addresses. ARP table contains information on the established correspondence.

Correspondence is established on the basis of the network device response analysis; device addresses are requested with broadcast packets.

DHCP client 

 

DHCP (Dynamic Host Configuration Protocol) protocol enables automation of the network device management process.

DHCP client allows the router to obtain the network address and additional settings from the external DHCP server. As a rule, this method is used for obtaining network settings of a public network operator (WAN).

DHCP server

DHCP server enables automation and centralization of the network device configuration process.

DHCP server allocated on a router allows for a complete solution for the local area network support.

DHCP server integrated into the router assigns IP addresses to network devices and transfers additional network settings, e.g. server addresses, network gateway addresses and other necessary settings.

Network Address Translation

(NAT, Network Address Translation)

Network address translation is a mechanism that translates IP addresses and port numbers for transit packets.

NAT function allows to minimize the quantity of IP address used through translation of multiple internal network IP addresses into a single external public IP address. NAT conceals local area network internal structure and allows to enhance its security.

Routers support the following NAT options:

  • Source NAT (SNAT) – the network address and the source port number will be replaced, when packet is transferred forth, and the destination address will be replaced in the response packet;
  • Destination NAT (DNAT) – external access is translated by the router to the user computer in LAN that has an internal address and thus directly inaccessible from outside the network (without NAT).

Traffic tunnelling functions

Table 5 – Traffic tunnelling functions

Tunneling  protocols

 

Tunneling is a method of packet conversion during their network transfer that involves the replacement, modification and addition of a new packet network header. This method may be used for negotiation of transport protocols when the data is transferred through the transit network as well as for creation of secured connections where tunnelled data is being encrypted.

Routers support the following types of tunnels:

  • GRE – IP packet is encapsulated into another IP packet with GRE (General Routing Encapsulation) header;
  • IPv4-IPv4 – tunnel that encapsulates source IP packets into IP packets with alternative network parameters;
  • L2TPv3 – tunnel for L2 traffic transmission using IP packets;
  • IPsec – tunnel with the encryption of transmitted data;
  • L2TP, PPTP – tunnels used for establishing a remote 'client-sever' access.

Management and configuration functions

Table 6 – Basic management and configuration functions

Configuration file download and upload

Device parameters are saved into the configuration file that contains configuration data for the specific device ports as well as for the whole system. The following protocols may be used for file transfers: TFTP, FTP, and SCP.

Command Line Interface (CLI)

CLI management is performed locally via serial port RS-232, or remotely via Telnet, SSH. Console command line interface (CLI) is the industrial standard. CLI interpreter contains the list of commands and keywords that will help the user and reduce the amount of input data.

Syslog

Syslog protocol is designed for transmission of system event messages and event logging.

Network utilities:

ping, traceroute

Ping and traceroute utilities allow you to check the availability of network devices and identify data transfer routes in IP networks.

Access control – privilege levels

Routers support system access level management for users. Access levels enable responsibility areas management for device administrators. Access levels are numbered from 1 to 15; Level 15 stands for full access to device management features.

Authentication

Authentication is a user identity check procedure. Routers support the following authentication methods:

  • local – local user database stored on the device is used for authentication;
  • group – user database is located on the authentication server. RADIUS and TACACS protocols are user for server interactions.

SSH server

Telnet server

SSH and Telnet server features allow you to establish connection to the device and perform device management.

Automatic configuration restore

Device features automatic configuration restore system designed to prevent remote access loss after re-configuration. If the configuration change is not confirmed in the specified time, configuration will be rolled back to the last known state.

Network security functions

Table 7 lists network security functions of the device.

Table 7 – Network security functions

Security zones

 

All router interfaces are distributed by security areas.

For each zone pair, you can set the rules that determine the possibility of data transmission between zones, data traffic filtering rules.

Data filtering

For each zone pair, you can specify the rule set that manages the filtering process for data transmitted through the router.

Device command interface provides appropriate means for detailed configuration of the traffic classification rules and to apply the resulting solution for traffic transmission.

Main specifications

Table 8 lists main specifications of the router.

Table 8 — Main Specifications

General parameters

Packet processor

ESR-1700

Broadcom XLP780

ESR-1510

Broadcom XLP532

ESR-1500

Broadcom XLP516

ESR-1200

ESR-1000

Broadcom XLP316L

ESR-200

Broadcom XLP204

ESR-100

Broadcom XLP104

ESR-21

ESR-20

Broadcom NorthStar2

ESR-14VF

ESR-12V(F)

ESR-10

Broadcom NS+ (BCM58625)

Interfaces

ESR-1700

4 x Ethernet 10/100/1000BASE-T/1000BASE-X Combo

8 x 10GBASE-R/1000BASE-X (SFP+/SFP)

ESR-1510

4 x Ethernet 10/100/1000BASE-T

4 x Ethernet 10/100/1000BASE-T/1000BASE-X Combo

4 x 10GBASE-R/1000BASE-X (SFP+/SFP)

ESR-1500

4 x Ethernet 10/100/1000BASE-T

4 x Ethernet 10/100/1000BASE-T/1000BASE-X Combo

4 x 10GBASE-R/1000BASE-X (SFP+/SFP)

ESR-1200

12 x Ethernet 10/100/1000BASE-T

4 x Ethernet 10/100/1000Base-T/1000BASE-X Combo

8 x 10GBASE-R/1000BASE-X (SFP+/SFP)

ESR-1000

24 x Ethernet 10/100/1000BASE-T

2 x 10GBASE-R/1000BASE-X (SFP+/SFP)

ESR-200

4 x Ethernet 10/100/1000BASE-T/1000BASE-X Combo

4 x Ethernet 10/100/1000BASE-T

ESR-100

4 x Ethernet 10/100/1000BASE-T/1000BASE-X Combo

ESR-21

8 x Ethernet 10/100/1000BASE-T,

4 x 1000BASE-X (SFP),

3 x RS-232

ESR-20

2 x Ethernet 10/100/1000BASE-T,

2 x Ethernet 10/100/1000BASE-T/1000BASE-X Combo

ESR-14VF

8 x Ethernet 10/100/1000BASE-T,

1 x 1000BASE-X (SFP), 4xFXS

ESR-12VF

8 x Ethernet 10/100/1000BASE-T, 1 x 1000BASE-X (SFP), 3xFXS, 1xFXO

ESR-12V

8 x Ethernet 10/100/1000BASE-T, 3xFXS, 1xFXO

ESR-10

4 x Ethernet 10/100/1000BASE-T, 2 x 1000BASE-X

Types of optical transceivers

ESR-1700

ESR-1510

ESR-1500

ESR-1200

ESR-1000

1000BASE-X SFP, 10GBASE-R SFP+

ESR-200

ESR-100

ESR-21

ESR-20

ESR-14VF

ESR-12V(F)

ESR-10

1000BASE-X SFP

Duplex or half-duplex interface modes

  • duplex and half-duplex modes for electric ports
  • duplex mode for optical ports

Maximum bandwidth in L2 mode (hardware switching)

ESR-1700

ESR-1510

ESR-1500

ESR-1200

160 Gbps

ESR-1000

88 Gbps

Data transfer rate

ESR-1700

ESR-1510

ESR-1500

ESR-1200

ESR-1000

  • electrical interfaces 10/100/1000 Mbps
  • optical interfaces 1/10 Gbps

ESR-200

ESR-100

ESR-21

ESR-20

ESR-14VF

ESR-12V(F)

ESR-10

  • electrical interfaces 10/100/1000 Mbps
  • optical interfaces 1 Gbps

MAC table

ESR-1700

ESR-1510

ESR-1500

ESR-1200

128k entries

ESR-1000

16k entries

ESR-200

ESR-100

ESR-21

ESR-20

ESR-14VF

ESR-12V(F)

ESR-10

2k entries per bridge

VLAN support

up to 4k active VLANs according to 802.1Q

Quantity of L3 interfaces

ESR-1700

ESR-1510

ESR-1500

ESR-1200

ESR-1000

ESR-200

ESR-100

ESR-21

ESR-20

4000

ESR-14VF

ESR-12V(F)

ESR-10

200

Quantity of BGP routes



ESR-1700

ESR-1510

ESR-1500

ESR-1200

ESR-1000

2,8M

ESR-200

ESR-100

ESR-21

ESR-20

1,5M

ESR-14VF

ESR-12V(F)

ESR-10

800k

Quantity of OSPF routes

ESR-1700

ESR-1510

ESR-1500

ESR-1200

ESR-1000

500k

ESR-200

ESR-100

ESR-21

ESR-20

ESR-14VF

ESR-12V(F)

ESR-10

300k

Quantity of RIP routes

10k

Quantity of static routes

11k

FIB size

ESR-1700

ESR-1510

ESR-1500

ESR-1200

ESR-1000

1,7M

ESR-200

ESR-100

ESR-21

ESR-20

1,5M


ESR-14VF

ESR-12V(F)

ESR-10

800k

Compliance

IEEE 802.3 10BASE-T Ethernet

IEEE 802.3u 100BASE-T Fast Ethernet

IEEE 802.3ab 1000BASE-T Gigabit Ethernet

IEEE 802.3z Fiber Gigabit Ethernet

ANSI/IEEE 802.3 автоопределение скорости

IEEE 802.3x контроль потоков данных

IEEE 802.3ad объединение каналов LACP

IEEE 802.1Q виртуальные локальные сети VLAN

IEEE 802.1v

IEEE 802.3ac

IEEE 802.3ae

IEEE 802.1D

IEEE 802.1w

IEEE 802.1s

Control

Local control

CLI

Remote control

TELNET, SSH

Physical parameters and parameters of environment

Power supply



ESR-1700

ESR-1510

ESR-1500

ESR-1200

ESR-1000

AC: 220V+-20%, 50Hz

DC: -36..-72V

Power options:

  • single AC or DC power supply;
  • two AC or DC power supplies with hot swapping.

ESR-200

ESR-100

ESR-21

ESR-20

ESR-14VF

ESR-12V(F)

AC: 220V+-20%, 50Hz


ESR-10

AC: 220V

Maximum power consumption

ESR-1700

250 W

ESR-1510

ESR-1500

160 W

ESR-1200

85 W

ESR-1000

75 W

ESR-200

25 W

ESR-100

20 W

ESR-21

ESR-20

25 W

ESR-14VF

ESR-12V(F)

27 W

ESR-10

9 W

Weight

ESR-1700

12 kg max

ESR-1500

7 kg max

ESR-1200

5.5 kg max

ESR-1000

3.6 kg max

ESR-200

ESR-100

2.5 kg max


ESR-21

3.15 kg max

ESR-20

2 kg max

ESR-14VF

ESR-12V(F)

ESR-10

1 kg max

Dimensions

ESR-1700

440x490x88 mm

ESR-1510

ESR-1500

430x425x44 mm

ESR-1200

ESR-1000

430x352x44 mm

ESR-200

ESR-100

310х240х44 mm

ESR-21

430х225х44 mm

ESR-20

267х212х44 mm

ESR-14VF

ESR-12V(F)

267x160,5x43,6 mm

ESR-10

185x118x32 mm

Operating temperature range


ESR-1700

ESR-1510

ESR-1500

ESR-1200

ESR-1000

ESR-200

ESR-100

ESR-21

ESR-20

from -10 to +45 оС


ESR-14VF

ESR-12V(F)

ESR-10

from 0 to +40 оС

Storage temperature range

from -40 to +70 оС

Operation relative humidity (non-condensing)

80% max.

Storage relative humidity (non-condensing)

from 10% to 95%

Average lifetime

10 years

Design

This section describes the design of the device. Depicted front, rear, and side panels of the device, connectors, LED indicators and controls.

The device has a metal housing available for 19” form-factor rack mount; housing size is 1U.

ESR-1700 design

ESR-1700 front panel

The front panel layout is depicted in Figure 1.

Figure 1 – ESR-1700 front panel

Table 9 lists connectors, LEDs and controls located on the front panel of ESR-1700.

Table 9 – Description of ESR-1700 connectors, LEDs and front panel controls

Front panel element

Description

1

HDD1

Connector for HDD installation.

2

HDD2

Connector for HDD installation.

3

USB1

Port for USB device connection.

4

USB2

Port for USB device connection.

5

Combo Ports [1 .. 4]

4 ports of Gigabit Ethernet 10/100/1000BASE-X (SFP).

6

XG1 – XG8

Slots for 10G SFP+/1G SFP transceivers.

7

Status

Current device status LED.

Alarm

Alarm LED.

VPN

VPN gateway operation mode LED (is not supported in the current version).

Flash

Activity of exchange with data storage SD card or USB Flash.

Power

Device power LED.

Master

Failover mode operation LED (is not supported in the current version).

Fan

Fan operation LED.

RPS

Redundant power supply LED.

8

F

Functional key that reboots the device and resets it to factory default configuration:

  • Pressing the key for less than 10 seconds reboots the device;
  • Pressing the key for more than 10 seconds resets the terminal to factory settings.

9

Console

Console port RS-232 for local management of the device.

10

OOB

Ethernet port for router management.

ESR-1700 rear panel

The rear panel of ESR-1700 is shown in the picture below.

Figure 2 – ESR-1700 rear panel

Table 10 lists rear panel connectors of the router.

Table 10 – Rear panel connectors description

Description

1

Earth bonding point of the device.

2

Hot-swappable removable ventilation modules.

3

Main power supply.

4

Place for installation of a redundant power supply.

ESR-1700 side panels

Figure 3 – ESR-1700 right side panel

Figure 4 – ESR-1700 left side panel

Side panels of the device have air vents for heat removal. Do not block air vents. This may cause the components to overheat, which may result in device malfunction. For recommendations on device installation, see section Installation and connection.

ESR-1510, ESR-1500 design

ESR-1510, ESR-1500 front panel

The front panel layout is depicted in 5.

Figure 5 – ESR-1510, ESR-1500 front panel

Table 11 lists connectors, LEDs and controls located on the front panel of ESR-1510 and ESR-1500 routers.

Table 11 – Description of connectors, LEDs and controls located on ESR-1510, ESR-1500 front panel

Front panel element

Description

1

Status

Current device status LED.

Alarm

Alarm LED.

VPN

VPN gateway operation mode LED (is not supported in the current version).

Flash

Activity of exchange with data storage SD card or USB Flash.

Power

Device power LED.

Master

Failover mode operation LED (is not supported in the current version).

Fan

Fan operation LED.

RPS

Redundant power supply LED.

2

Console

Console port RS-232 for local management of the device.

3

OOB

Ethernet port for router management.

4

SD

SD-card connector.

5

USB1

Port for USB device connection.

6

F

Functional key that reboots the device and resets it to factory default configuration:

  • Pressing the key for less than 10 seconds reboots the device;
  • Pressing the key for more than 10 seconds resets the terminal to factory settings.

7

USB2

Port for USB device connection.

8

Ethernet

4 ports of Ethernet 10/100/1000BASE-T.

9

Combo Ports [1 .. 4]

4 ports of Gigabit Ethernet 10/100/1000BASE-X (SFP).

10

XG1 – XG4

Slots for 10G SFP+/1G SFP transceivers.

ESR-1510, ESR-1500 rear panel

The rear panel layout of ESR-1510 and ESR-1500 routers is depicted in figure 6.

Figure 6 – ESR-1510, ESR-1500 rear panel

Table 12 lists rear panel connectors of the router.

Table 12 – Rear panel connectors description

Description

1

Main power supply.

2

Earth bonding point of the device.

3

Hot-swappable removable ventilation modules.

4

Place for installation of a redundant power supply.

ESR-1510, ESR-1500 side panels

Figure 7 – ESR-1500, ESR-1510 right side panel

Figure 8 – ESR-1500, ESR-1510 left side panel

Side panels of the device have air vents for heat removal. Do not block air vents. This may cause the components to overheat, which may result in device malfunction. For recommendations on device installation, see section Installation and connection.

ESR-1200, ESR-1000 design

ESR-1200 front panel

The front panel layout of ESR-12V is depicted in figure 9.

Figure 9 – ESR-1200 front panel

Table 13 lists connectors, LEDs and controls located on the front panel of ESR-1200.

Table 13 – Description of connectors, LEDs and controls located on the front panel of ESR-1200

Front panel element

Description

1

SD

SD-card connector.

2

USB1

Port for USB device connection.

3

USB2

Port for USB device connection.

4

[1 .. 12]

12 ports of Gigabit Ethernet 10/100/1000BASE-T (RJ-45).

5

Combo Ports

4 ports of Gigabit Ethernet 10/100/1000BASE-X (SFP).

6

XG1 – XG8

Slots for installation of 10G SFP+/1G SFP transceivers.

7

Status

Current device status LED.

Alarm

Alarm LED.

HA

НА operation mode indicator.

Flash

Activity indicator of exchange with data storages (SD-card or USB Flash).

Power

Device power LED.

Master

Indicator of failover modes operation.

Fan

Fan operation LED.

RPS

Redundant power supply LED.

8

F

Functional key that reboots the device and resets it to factory default configuration:

  • Pressing the key for less than 10 seconds reboots the device;
  • Pressing the key for more than 10 seconds resets the terminal to factory settings.

9

Console

Console port RS-232 for local management of the device.

ESR-1000 front panel

The front panel layout is depicted in figure 10.

Figure 10 – ESR-1000 front panel

Table 14 lists sizes, LEDs and controls located on ESR-1000 front panel.

Table 14 – Description of connectors, LEDs and controls located on ESR-1000 front panel

Front panel element

Description

1

SD

SD-card connector.

2

USB1

Port for USB device connection.

3

USB2

Port for USB device connection.

4

XG1, XG2

Slots for 10G SFP+/1G SFP transceivers.

5

[1 .. 24]

24 ports of Gigabit Ethernet 10/100/1000BASE-T (RJ-45).

6

Status

Current device status LED.

Alarm

Alarm LED.

VPN

Active VPN sessions indicator.

Flash

Activity indicator of exchange with data storages (SD-card or USB Flash).

Power

Device power LED.

Master

Indicator of failover modes operation.

Fan

Fan operation LED.

RPS

Redundant power supply LED.

7

F

Functional key that reboots the device and resets it to factory default configuration:

  • Pressing the key for less than 10 seconds reboots the device;
  • Pressing the key for more than 10 seconds resets the terminal to factory settings.

8

Console

Console port RS-232 for local management of the device.

ESR-1200,1000 rear panel

The rear panel of ESR-1000 is depicted in the figure below.

The figure shows the router delivery package with a single AC power supply.

Figure 11 – ESR-1000 rear panel

Table 15 lists rear panel connectors of the router.

Table 15 – Rear panel connectors description

Description

1

Main power supply.

2

Place for installation of a redundant power supply.

3

Hot-swappable removable ventilation modules.

4

Earth bonding point of the device.

ESR-1200, ESR-1000 side panels

Figure 12 – ESR-1200, 1000 right side panel

Figure 13 – ESR-1200, 1000 left side panel

Side panels of the device have air vents for heat removal. Do not block air vents. This may cause the components to overheat, which may result in device malfunction. For recommendations on device installation, see section Installation and connection.

ESR-200, ESR-100 design

ESR-100, ESR-200 front panel

The front panel layout of ESR-200 is depicted in figure 14.

Figure 14 – ESR-200 front panel

The front panel layout of ESR-100 is depicted in figure 15.

Figure 15 – ESR-100 front panel

Table 16 lists connectors, LEDs and controls located on the front panel of ESR-100 and ESR-200 routers.

Table 16 – Description of connectors, LEDs and controls located on ESR-200, ESR-100 front panel

Front panel element

Description

1

SD

SD-card connector.

2

USB1, USB2

2 x USB-enabled devices connection port.

3

[1 .. 4]

4 ports of Gigabit Ethernet 10/100/1000BASE-T (RJ-45).

4

Combo Ports

4 ports of Gigabit Ethernet 10/100/1000BASE-X (SFP).

5

Power

Device power LED.

Status

Current device status LED.

Alarm

Alarm LED.

Fan

Fan operation LED.

6

F

Functional key that reboots the device and resets it to factory default configuration:

  • Pressing the key for less than 10 seconds reboots the device;
  • Pressing the key for more than 10 seconds resets the terminal to factory settings.

7

Console

Console port RS-232 for local management of the device.

8

110-250 VAC

60/50 Hz

max 1A

Power supply.

ESR-200, ESR-100 rear panel

The rear panel layout of ESR-100 and ESR-200 routers is depicted in figure 16.

Figure 16 – ESR-200, 100, rear panel

Table 17 lists rear panel connectors of the router.

Table 17 – Rear panel connectors description

Description

1

Earth bonding point of the device.

2

Ventilation module.

ESR-100, ESR-200 side panels

Figure 17 – ESR-100 and ESR-200 right side panel

Figure 18 – ESR-100 and ESR-200 left side panel

ESR-21 design

The device has a metal housing available for 19” form-factor rack mount; housing size is 1U.

ESR-21 front panel

The front panel layout is depicted in figure 19.

Figure 19 – ESR-21 front panel

Table 18 lists sizes, LEDs and controls located on ESR-21 front panel.

Table 18 – Description of connectors, LEDs and controls located on ESR-21 front panel

Front panel element

Description

1

220V АC

Power supply

2

Power

Device power LED

Status

Device status LED

Alarm

Device alarm presence and level LED

HA

HA operation mode LED (is not supported in the current version)

3

F

Functional key that reboots the device and resets it to factory default configuration: pressing the key for less than 10 seconds reboots the device; pressing the key for more than 10 seconds resets the device to factory default configuration.

4

SD

SD-card connector

5

USB1

USB2.0 connector for connecting external USB devices

6

USB2

USB3.0 connector for connecting external USB devices

7

Console

Console port for local management of the device

8

RS-232

3 serial ports

9

[1 .. 8]

8 ports of Gigabit Ethernet 10/100/1000BASE-T (RJ-45)

10

Optical Port

4 ports of Gigabit Ethernet 10/100/1000BASE-X (SFP)

ESR-21 rear panel

The rear panel layout of ESR-21 is depicted in figure 20.

Figure 20 – ESR-21 rear panel

Table 19 lists rear panel connectors of the router.

Table 19 – Rear panel connectors description

Description

1

Earth bonding point of the device.

ESR-21 side panels

The side panel layout of ESR-21 is depicted in figures 21 and 22.

Figure 21 – ESR-21 left side panel

Figure 22 – ESR-21 right side panel

ESR-20 design

The device has a metal housing available for 19” form-factor rack mount; housing size is 1U.

ESR-20 front panel

The front panel layout is depicted in figure 23.

Figure 23 – ESR-20 front panel

Table 20 lists connectors, LEDs and controls located on the front panel of ESR-20.

Table 20 – Description of connectors, LEDs and controls located on ESR-20 rear panel

Front panel element

Description

1

110-250 VАC

Power supply.

2

Power

Device power LED.

Status

Current device status LED.

Alarm

Alarm LED.

HA

HA operation mode LED (is not supported in the current version).

3

F

Functional key that reboots the device and resets it to factory default configuration: pressing the key for less than 10 seconds reboots the device; pressing the key for more than 10 seconds resets the device to factory default configuration.

4

Console

Console port for local management of the device.

5

SD

SD-card connector.

6

USB1

USB2.0 connector for connecting external USB devices.

7

USB2

USB3.0 connector for connecting external USB devices.

8

1, 2

2 ports of Gigabit Ethernet 10/100/1000BASE-T (RJ-45).

9

[1 .. 4]

2 Combo ports of Ethernet 10/100/1000BASE-X/10/100/1000BASE-T.

ESR-20 rear panel

The rear panel layout of ESR-20 is depicted in figure 24.

Figure 24 – ESR-20 rear panel

Table 21 lists rear panel connectors of the router.

Table 21 – Rear panel connectors description

Description

1

Earth bonding point of the device.

ESR-20 side panels

The side panel layout of ESR-20 is depicted in figures 25 and 26.

Figure 25 – ESR-20 left side panel

Figure 26 – ESR-20 right side panel

ESR-12VF, ESR-14VF design

The device has a metal housing available for 19” form-factor rack mount; housing size is 1U.

ESR-12VF, ESR-14VF front panel

The front panel layout is depicted in figure 27.

ESR-12VF, ESR-14VF front panel

Table 22 lists connectors, LEDs and controls located on the front panel of ESR-12VF and ESR-14VF routers.

Table 22 – Description of connectors, LEDs and controls located on ESR-12VF, ESR-14VF front panel

Front panel element

Description

1

220V АC

Power supply.

2

Power

Device power LED.

3

Console

Console port RS-232 for local management of the device.

4

F

Functional key that reboots the device and resets it to factory default configuration: pressing the key for less than 10 seconds reboots the device; pressing the key for more than 10 seconds resets the device to factory default configuration.

5

USB1, USB2

2 USB connectors for connecting external USB devices.

6

FXO

PSTN external subscriber line LED.

1,2,3

Internal subscriber terminals LED.

7

FXO

1 FXO connector for connection PSTN external subscriber line (only for ESR-12VF).

8

FXS 1, FXS 2, FXS 3

3 connectors for internal subscriber terminals (for ESR-12VF).

FXS 1, FXS 2, FXS 3

4 connectors for internal subscriber terminals (for ESR-14VF).

9

[1 .. 8]

8 ports of Gigabit Ethernet 10/100/1000BASE-T (RJ-45).

10

Optical Port

1 port of Gigabit Ethernet-100/1000BASE-X (SFP)

11

1.2

Optical interfaces LED

ESR-14VF, ESR-12VF rear panel

The rear panel layout of ESR-12VF, ESR-14-VF is depicted in figure 28.

Figure 28 – ESR-12VF, ESR-14VF rear panel

Table 23 lists rear panel connectors of the router.

Table 23 – Rear panel connectors description

Description

1

Earth bonding point of the device.

ESR-12VF, ESR-14VF side panels

The side panel layout of ESR-12VF, ESR-14VF is depicted in Figures 29 and 30.

Figure 29 – ESR-12VF, ESR-14VF left side panel

Figure 30 – ESR-12VF, ESR-14VF right side panel

ESR-12V design

The device has a metal housing available for 19” form-factor rack mount; housing size is 1U.

ESR-12V front panel

The front panel layout of ESR-12V is depicted in figure 31.

Figure 31 – ESR-12V front panel

Table 24 lists connectors, LEDs and controls located on the front panel of ESR-12VF router.

Table 24  – Description of connectors, LEDs and controls located on ESR-12V front panel

Front panel element

Description

1

220V АC

Power supply.

2

Power

Device power LED.

3

Console

Console port RS-232 for local management of the device.

4

F

Functional key that reboots the device and resets it to factory default configuration: pressing the key for less than 10 seconds reboots the device; pressing the key for more than 10 seconds resets the device to factory default configuration.

5

USB1, USB2

2 USB connectors for connecting external USB devices.

6

FXO

PSTN external subscriber line LED.

1,2,3

Internal subscriber terminals LED.

7

FXO

1 FXO connector for connection PSTN external subscriber line.

8

FXS 1, FXS 2, FXS 3

3 connectors for internal subscriber terminals.

9

[1 .. 8]

8 ports of Gigabit Ethernet 10/100/1000BASE-T (RJ-45).

ESR-12V rear panel

The rear panel layout of ESR-12V is depicted in 32.

Figure 32 – ESR-12V rear panel

Table 25 lists rear panel connectors of the router.

Table 25 – Rear panel connectors description

Description

1

Earth bonding point of the device.

ESR-12V side panels

The side panel layout of ESR-12V is depicted in figures 33 and 34.

Figure 33 – ESR-12V left side panel

Figure 34 – ESR-12V right side panel

ESR-10 design

ESR-10 rear panel

The rear panel layout of the device is depicted in figure 35.

Figure 35 – ESR-10 rear panel

Table 26 lists connectors, LEDs and controls located on the rear panel of ESR-10.

Table 26 – Description of connectors, LEDs and controls located on ESR-10 rear panel

Front panel element

Description

1

ON/OFF

Power on/off button

2

12V DC

Connector for power adapter connection

3

Console

RS-232 console port for local management of the device

4

USB1, USB2

2 USB connectors for connecting external USB devices

5

[1 .. 4]

4 ports of Gigabit Ethernet – 10/100/1000BASE-T (RJ-45)

6

Optical Ports

2 ports of Gigabit Ethernet-100/1000BASE-X (SFP)

ESR-10 side panels

The side panel layout of ESR-10 is depicted in figure 36.

Figure 36 – ESR-10 side panel

Table 27 lists right panel controls of the router.

Table 27 – Right panel connectors description

Side panel element

Description

1

F

Functional key that reboots the device and resets it to factory default configuration:

·    pressing the key for less than 10 seconds reboots the device.

·    pressing the key for more than 10 seconds resets the device to factory default configuration.

ESR-10 top panel

The top panel layout of ESR-10 is depicted in figure 37.

Figure 37 – ESR-10 top panel

Table 28 lists LEDs located on ESR-10 top panel.

Table 28 – Description of front panel LEDs

Top panel element

Description

1

Power

Device power and operation status LED

2

-

The LED is not used

3

USB1, USB2

External USB devices LED

4

[1 .. 4]

Ethernet ports LED

5

[5 .. 6]

Optical interfaces LED

Light Indication

ESR-1700, ESR-1510, ESR-1500, ESR-1200, ESR-1000 light indication

Gigabit Ethernet copper interface statuses are represented by two LEDs – green LINK/ACT LED and amber SPEED LED. Location of the copper interface LEDs is depicted in figure 38. SFP interface status is represented by two LEDs – RX/ACT and TX/ACT – depicted in figure 39. For light indication meaning, see Tables 29 and 30 respectively.

Figure 38 – Location of RJ-45 connector indicators

Figure 39 – Location of optical interface indicators

Table 29 – Light indication of copper interface status

SPEED indicator light

LINK/ACT indicator light

Ethernet interface state

Off

Off

The port is disabled or connection is not established.

Off

Solid on

10Mbps or 100Mbps connection is established.

Solid on

Solid on

1000Mbps connection is established.

X

Flashes

Data transfer is in progress.

Table 30 – Light indication of SFP/SFP+ interface status

RX/ACT indicator light

TX/ACT indicator light

Ethernet interface state

Off

Off

The port is disabled or connection is not established.

Solid on

Solid on

Connection established.

Flashes

X

Data reception in progress.

X

Flashes

Data transfer is in progress.

The following table lists description of system indicator statuses and meanings.

Table 31 – Status of system indicators

Indicator name

Indicator function

LED State

Device State

Status

Current device status LED.

Green

Device is in normal operation state.

Orange

Device is booting up the software.

Alarm

Alarm LED.

-

-

VPN

Active VPN sessions indicator.

-

-

Flash

Data storage activity indicator: SD card or USB Flash.

Orange

Read/write operation execution with 'copy' command.

Power

Device power LED.

Green

Device power is OK. Main power supply, if installed, is operational.

Orange

Main power supply failure, fault, or the primary network is missing.

Off

Device internal power supply failure.

Master

Indicator of failover modes operation.

-

-

Fan

Cooling fan status.

Off

All fans are operational.

Red

One or more fans has failed. Possible cause of failure: at least one of the fans has stopped or is working at lower rpm.

RPS

Backup power supply operation mode.

Green

Backup power supply is installed and operational.

Off

Backup power supply is not installed.

Red

Backup power supply is missing or failed.

ESR-200/ESR-100 light indication

Gigabit Ethernet copper interface and SFP interface statuses are represented by two LEDs green LINK/ACT LED and amber SPEED LED. Location of the copper interface LEDs is depicted in figure 38. SFP interface status is depicted in figure 40. For light indication meaning, see Table 32.

Figure 40 – Location of optical interface indicators

Table 32 – Light indication of copper and SFP interface status

SPEED indicator light

LINK/ACT indicator light

Ethernet interface state

Off

Off

The port is disabled or connection is not established.

Off

Solid on

10Mbps or 100Mbps connection is established.

Solid on

Solid on

1000Mbps connection is established.

X

Flashes

Data transfer is in progress.

The following table lists description of system indicator statuses and meanings.

Table 33 – Status of system indicators

Indicator name

Indicator function

LED State

Device State

Status

Current device status LED.

Green

Device is in normal operation state.

Orange

Device is booting up the software.

Alarm

Device alarm presence and level indicator 1 .

-

-

Power

Device power LED.

Green

Device power is OK. Main power supply, if installed, is operational.

Orange

Main power supply failure, fault, or the primary network is missing.

Off

Device internal power supply failure.

Fan

Cooling fan status.

Off

All fans are operational.

Red

One or more fans has failed. Possible cause of failure: at least one of the fans has stopped or is working at lower rpm.

1  Not supported in the current firmware version

ESR-21/ESR-20 light indication

Gigabit Ethernet copper interface statuses are represented by two LEDs – green LINK/ACT LED and amber SPEED LED.

Table 34 – Light indication of copper and SFP interface status

SPEED indicator light

LINK/ACT indicator light

Ethernet interface state

Off

Off

The port is disabled or connection is not established.

Off

Solid on

10Mbps or 100Mbps connection is established.

Solid on

Solid on

1000 Mbps connection is established.

X

Flashes

Data transfer is in progress.

Figure 41 – Location of SFP connector indicators

Figure 42 – Location of RJ-45 connector indicators

The following table lists description of system indicator statuses and meanings.

Table 35 – Status of system indicators

Indicator name

Indicator function

LED State

Device State

Power

Device power LED.

Green

Device power is OK. Main power supply, if installed, is operational. The main software is uploaded.

Red

The main software is not loaded.

Off

Device internal power supply failure.

Status

Current device status LED.

Green

Device is in normal operation state.

Orange

Device is booting up the software.

Alarm

Alarm LED.

-

-

HA

HA operation mode LED (is not supported in the current version)

-

-

ESR-12V(F) light indication

Gigabit Ethernet copper interface statuses are represented by two LEDs – green LINK/ACT LED and amber SPEED LED.

Table 36 – Light indication of copper and SFP interface status

SPEED indicator light

LINK/ACT indicator light

Ethernet interface state

Off

Off

Port is disabled or connection is not established

Off

Solid on

10Mbps or 100Mbps connection is established

Solid on

Solid on

1000Mbps connection is established

X

Flashes

Data transfer is in progress

Figure 43 – Location of SFP connector indicators (only for ESR-12VF, ESR-14VF)

Figure 44 – Location of RJ-45 connector indicators

The following table lists description of system indicator statuses and meanings.

Table 37 – Status of system indicators

Indicator name

Indicator function

LED State

Device State

Power

Device power LED.

Green

Device power is OK. Main power supply, if installed, is operational. The main software is uploaded.

Red

The main software is not uploaded.

Off

Device internal power supply failure.

ESR-10 light indication

Gigabit Ethernet copper interfaces statuses are represented by amber SPEED LED.

Table 38 – Light indication of copper interface status

SPEED indicator light

Ethernet interface state

Off

Port is disabled or connection is not established

Solid on

1000Mbps connection is established

Flashes

Data transfer is in progress

Delivery Package

ESR-10 standard delivery package includes:

  • ESR-10 router;
  • External 12V power block;
  • Documentation.

ESR-12V standard delivery package includes:

  • ESR-12V router;
  • Power cable;
  • 19” rack mounting kit;
  • Documentation.

ESR-12VF standard delivery package includes:

  • ESR-12VF router;
  • Power cable;
  • 19” rack mounting kit;
  • Documentation.

ESR-14VF standard delivery package includes:

  • ESR-14VF router;
  • Power cable;
  • 19” rack mounting kit;
  • Documentation.

ESR-20 standard delivery package includes:

  • ESR-20 router;
  • Power cable;
  • 19” rack mounting kit;
  • Documentation.

ESR-21 standard delivery package includes:

  • ESR-21 router;
  • Power cable;
  • 19” rack mounting kit;
  • Documentation.

ESR-100 standard delivery package includes:

  • ESR-100 router;
  • Power cable;
  • 19” rack mounting kit;
  • Documentation.

ESR-200 standard delivery package includes:

  • ESR-200 router;
  • Power cable;
  • 19” rack mounting kit;
  • Documentation.

ESR-1000 standard delivery package includes:

  • ESR-1000 router;
  • 19” rack mounting kit;
  • Documentation.

ESR-1200 standard delivery package includes:

  • ESR-1200 router;
  • 19” rack mounting kit;
  • Documentation.

ESR-1500 standard delivery package includes:

  • ESR-1500 router;
  • 19” rack mounting kit;
  • Documentation.

ESR-1510 standard delivery package includes:

  • ESR-1510 router;
  • 19” rack mounting kit;
  • Documentation.

ESR-1700 standard delivery package includes:

  • ESR-1700 router;
  • 19” rack mounting kit;
  • Documentation.

Power module (PM-160-220/12 or PM-100-48/12) may be included in the ESR-1000, ESR-1200 delivery package on the customer's request.

Power module (PM-160-220/12) may be included in the ESR-1500, ESR-1510 delivery package on the customer's request.

Power module (PM-350-220/12 or PM-350-48/12) may be included in the ESR-1700 delivery package on the customer's request.

SFP/SFP+ transceivers may be included in the delivery package on the customer's request.

Installation and configuration

This section describes installation of the device into a rack and connection to a power supply.

Support brackets mounting

The delivery package includes support brackets for rack installation and mounting screws to fix the device case on the brackets. To install the support brackets:

Figure 45  – Support brackets mounting

  1. Align four mounting holes in the support bracket with the corresponding holes in the side panel of the device.
  2. Use a screwdriver to screw the support bracket to the case.
  3. Repeat steps 1 and 2 for the second support bracket.

Device rack installation

To install the device to the rack:

  1. Attach the device to the vertical guides of the rack.
  2. Align mounting holes in the support bracket with the corresponding holes in the rack guides. Use the holes of the same level on both sides of the guides to ensure the device horizontal installation.
  3. Use a screwdriver to screw the router to the rack.

Figure 46 – Device rack installation

Device ventilation system is implemented using 'front-rear' layout. Vents are located on the front and side panels of the device; ventilation modules are located at the rear. Do not block air inlet and outlet vents to avoid components overheating and subsequent device malfunction.

ESR-1000, ESR-1200, ESR-1500, ESR-1510, ESR-1700 power module installation

ESR-1000/1200/1500/1510/1700 router can operate with one or two power modules. The second power module installation is necessary when the device operates under strict reliability requirements.

From the electric point of view, both places for power module installation are identical. In the context of device operation, the power module located closer to the edge is considered as the main module, and the one closer to the centre – as the backup module. Power modules can be inserted and removed without powering the device off. When additional power module is inserted or removed, the router continues operation without reboot.

Figure 47 – Power module installation

Figure 48 – Plug installation

Power module fault indication may be caused not only by the module failure, but also by the absence of the primary power supply.

You can check the state of power modules by the indication on the front panel of the router (see Section Light indication) or by diagnostics, available through the router management interfaces.

Connection to Power Supply

  1. Ground the case of the device prior to connecting it to the power supply. An insulated multiconductor wire should be used for earthing. The device grounding and the earthing wire cross-section should comply with Electric Installation Code.
  2. If a PC or another device is supposed to be connected to the router console port, the device should be also securely grounded.
  3. Connect the power supply cable to the device. Depending on the delivery package, the device can be powered by AC or DC electrical network. To connect the device to AC power supply, use the cable from the delivery package. To connect the device to DC power supply, use wires with a minimum cross-section of 1 mm2.
  4. Turn the device on and check the front panel LEDs to make sure the terminal is in normal operating conditions.

SFP transceiver installation and removal

Optical modules can be installed when the terminal is turned on or off.

Transceiver installation

1. Insert the top SFP module into a slot with its open side down, and the bottom SFP module with its open side up.

Figure 49 – SFP transceivers installation

2. Push the module into the device housing until it is secured with a clicking sound.

Figure 50 – Installed SFP transceivers

Transceiver removal

1. Flip the module handle to unlock the latch.

Figure 51 – Opening SFP transceiver latch

2. Remove the module from the slot.

Figure 52 – SFP transceivers removal

Management interfaces

You may use various management interfaces in order to control and monitor the device.

To access the device, you may use network connection via Telnet or SSH as well as direct connection via RS-232 compliant console port. For Telnet, SSH or console port connections, the command line interface is used for device management.

Factory settings contain trusted zone description and IP address for device management access–192.168.1.1/24.

Trusted zone includes the following interfaces:

For ESR-10: GigabitEthernet 1/0/2-6;
for ESR-12V(F), ESR-14VF: GigabitEthernet 1/0/2-8;
for ESR-20: GigabitEthernet 1/0/2-4;
for ESR-21: GigabitEthernet 1/0/2-12;
for ESR-100: GigabitEthernet 1/0/2-4;
for ESR-200: GigabitEthernet 1/0/2-8;
for ESR-1000: GigabitEthernet 1/0/2-24;
for ESR-1200: GigabitEthernet 1/0/2-16, TengigabitEthernet 1/0/3-8.
for ESR-1500, ESR-1510: GigabitEthernet 1/0/2-8, TengigabitEthernet 1/0/2-4;
for ESR-1700: GigabitEthernet 1/0/2-4, TengigabitEthernet 1/0/3-12.

By default, the user 'admin' with the password 'password' is defined in factory settings.

For each management interface provided, there are unified configuration operating principles. When modifying and applying the configuration, you should follow the specific sequence described herein that is intended to protect the device from misconfiguration.

Command Line Interface (CLI)

Command Line Interface (CLI) allows to perform the device management and monitor its operation and status. You will require the PC application supporting Telnet or SSH protocol operation or direct connection via the console port (e.g. HyperTerminal).

Command line interface enables user authorization and restricts access to commands depending on their access level, provided by the administrator.

You can create as many users as you like, access rights will be assigned individually to each user.

To ensure command line interface security, all commands are divided into 2 categories–privileged and unprivileged. Privileged commands basically include configuration commands. Unprivileged commands include monitoring commands.

The system allows multiple users to connect to the device simultaneously.

Types and naming procedure of router interfaces

Network interfaces of various types and purposes are used for the router operation. The naming system allows you to uniquely address the interfaces by their functional purpose and location in the system. The following table contains the list of interfaces types.

Table 39 – Types and naming procedure of router interfaces

Interface type

Designation

Physical interfaces

Designation of physical interface includes its type and identifier.

The identifier of physical interfaces is as follows: <UNIT>/<SLOT>/<PORT>, where:

  • <UNIT> – number of a device in a device group,
  • <SLOT> – device module number or '0' if the device does not consist of modules,
  • <PORT> – port sequence number.

1Gbps ports

gigabitethernet <UNIT>/<SLOT>/<PORT>

Designation example: gigabitethernet 1/0/12

It is permitted to use short name, for example, gi1/0/12.

10Gbps ports

tengigabitethernet <UNIT>/<SLOT>/<PORT>

Designation example: tengigabitethernet 1/0/2

It is permitted to use short name, for example, te1/0/2.

Channel aggregation groups

Designation of channel aggregation group includes its type and identifier:

port-channel <CHANNEL_ID>

Designation example: port-channel 6

It is permitted to use short name, for example, po1.

Sub-interfaces

Designation of sub-interface is generated from the designation of basic interface and sub-interface identifier (VLAN) separated by a dot.

Designation examples:

  • gigabitethernet 1/0/12.100
  • tengigabitethernet 1/0/2.123
  • port-channel 1.6

Sub-interface identifier may take values of [1..4094].

Q-in-Q interfaces

Designation of Q-in-Q interface is generated from the designation of basic interface, service VLAN identifier and user VLAN identifier separated by a dot.

Designation examples:

  • gigabitethernet 1/0/12.100.10
  • tengigabitethernet 1/0/2.45.12
  • port-channel 1.6.34

Service and user VLAN identifier may take values of [1..4094].

E1 interfaces

Designation of E1 interface includes its type and identifier.

E1 interfaces identifier is as follows: <UNIT>/<SLOT>/<STREAM>, where

  • <UNIT> – number of a device in a device group,
  • <SLOT> – number of device E1 module,
  • <STREAM> – E1 flow sequence number.

Designation example: e1 1/0/1

E1 channels aggregation groups

Designation of E1 channels aggregation group includes its type and interface sequence number:

multilink <CHANNEL_ID>

Designation example: multilink <CHANNEL_ID>

Logical interfaces

Designation of logical interface is the interface sequence number:

Designation examples:

  • loopback 4
  • bridge 60
  • service-port 1

1.   Number of interfaces of each type depends on the router model.

2.   The current firmware does not support for devices stacking. A device number in unit device group can only take the value of 1.

3.   Some commands support for simultaneous operation with the interface group. To specify the interface group, you may use a comma-separated list or specify a range of identifiers using a hyphen '-'.

Examples of interface groups specifying:

interface gigabitethernet 1/0/1, gigabitethernet 1/0/5

interface tengigabitethernet 1/0/1-2

interface gi1/0/1-3,gi1/0/7,te1/0/1

Types and naming procedure of router tunnels

Network tunnels of various types and purposes are used for the router operation. The naming system allows you to uniquely address the tunnels by their functional purpose. The following table contains the list of tunnels types.

Table 40 – Types and naming procedure of router tunnels

Tunnel type

Designation

L2TPv3 tunnel

Designation of L2TPv3 tunnel includes the type and sequence number of a tunnel:
l2tpv3 <L2TPV3_ID>
Designation example: l2tpv3 1

GRE tunnel

Designation of GRE tunnel includes the type and sequence number of a tunnel:
gre <GRE_ID>
Designation example: gre 1

SoftGRE tunnel

Designation of SoftGRE tunnel includes the type and sequence number of a tunnel and, optionally, a virtual interface VLAN ID:
softgre <GRE_ID>[.<VLAN>]
Designation example: softgre 1, softgre 1.10

IPv4-over-IPv4 tunnel

Designation of IPv4-over-IPv4 tunnel includes the type and sequence number of a tunnel:
ip4ip4 <IPIP_ID>
Designation example: ip4ip4 1

IPsec tunnel

Designation of IPsec tunnel includes the type and sequence number of a tunnel:
vti <VTI_ID>
Designation example: vti 1

Logical tunnel (tunnel between VRF)

Designation of logical tunnel includes the type and sequence number of a tunnel:
lt <LT_ID>
Designation example: Designation example: lt 1

Number of tunnels of each type depends on the router model and firmware version.

Initial router configuration

ESR router factory settings

The device is shipped to the consumer with the factory configuration installed that includes essential basic settings. Factory configuration allows you to use the router as a gateway with SNAT without applying any additional settings. Also, factory configuration contains settings that allow you to obtain network access to the device for advanced configuration.

Description of factory settings

To establish network connection, the configuration features 2 security zones named 'Trusted' for local area network and 'Untrusted' for public network. All interfaces are divided between two security zones:

  1. 'Untrusted' zone is meant for a public network (WAN) connection. In this zone, DHCP ports are open in order to obtain dynamic IP address from the provider. All incoming connections from this zone to the router are blocked.

    This security zone includes the following interfaces:

    For ESR-10/12V: GigabitEthernet 1/0/1;

    for ESR-12VF/ESR-14VF: GigabitEthernet 1/0/1; GigabitEthernet 1/0/9;

    for ESR-20: GigabitEthernet 1/0/1;

    for ESR-21: GigabitEthernet 1/0/1;

    For ESR-100/200: GigabitEthernet 1/0/1;

    for ESR-1000/1500/1510: GigabitEthernet 1/0/1, TengigabitEthernet 1/0/1-2;

    for ESR-1200/1700: GigabitEthernet 1/0/1, TengigabitEthernet 1/0/1, TengigabitEthernet 1/0/2.

    Zone interfaces are grouped into a single L2 segment via Bridge 2 network bridge.

  2. 'Trusted' zone is meant for a local area network (LAN) connection. In this zone, the following ports are open: Telnet and SSH ports for remote access, ICMP ports for router availability test, DHCP ports for clients obtaining IP addresses from the router. Outgoing connections from this zone into the Untrusted zone are allowed.

    This security zone includes the following interfaces:

    For ESR-10: GigabitEthernet 1/0/2-6;

    for ESR-12V(F)/ESR-14VF: GigabitEthernet 1/0/2-8;

    for ESR-20: GigabitEthernet 1/0/2-4;

    for ESR-21: GigabitEthernet 1/0/2-12;

    for ESR-100: GigabitEthernet 1/0/2-4;

    for ESR-200: GigabitEthernet 1/0/2-8;

    for ESR-1000: GigabitEthernet 1/0/2-24;

    for ESR-1200: GigabitEthernet 1/0/2-16, TengigabitEthernet 1/0/3-8;

    for ESR-1500/1510: GigabitEthernet 1/0/2-8, TengigabitEthernet 1/0/3-4;

    for ESR-1700: GigabitEthernet 1/0/2-4, TengigabitEthernet 1/0/3-12.

    Zone interfaces are grouped into a single L2 segment via Bridge 1 network bridge.

On the Bridge 2 interface, DHCP client is enabled to obtain dynamic IP address from the provider. On Bridge 1 interface, static IP address 192.168.1.1/24 is configured. Created IP address acts as a gateway for LAN clients. For LAN clients, DHCP address pool 192.168.1.2-192.168.1.254 is configured with the mask 255.255.255.0. For clients in order to access the Internet, the router should have Source NAT service enabled.

Security zone policies have the following configuration:

Table 41 – Security zone policy description

Traffic origin zone

Traffic destination zone

Traffic type

Action

Действие

Trusted

Untrusted

TCP, UDP, ICMP

enabled

разрешен

Trusted

Trusted

TCP, UDP, ICMP

enabled

разрешен

Trusted

self

TCP/22(SSH), ICMP, UDP/67(DHCP Server), UDP/123(NTP)

enabled

разрешен

Untrusted

self

UDP/68(DHCP Client)

enabled

разрешен

To enable device configuration on the first startup, 'admin' account has been created in the router configuration. The user will be prompted to change administrator password during the initial configuration of the router.

To enable network access to the router on the first startup, static IP address 192.168.1.1/24 has been configured on Bridge 1 interface.

Router connection and configuration

ESR series routers are intended to perform border gateway functions and securing the user network when it is connected to public data networks.

Basic router configuration should include:

  • Assigning IP addresses (static or dynamic) to the interfaces that participate in data routing;
  • Creation of security zones and distribution of interfaces between these zones;
  • Creation of policies governing data transfer through these zones;
  • Configuration of services that accompany the data routing (NAT, Firewall, etc.).

Advanced settings depend on the requirements of the specific device application pattern and may be easily added or modified with the existing management interfaces.

Connection to the router

There are several device connection options:

Ethernet LAN connection

Upon the initial startup, the router starts with the factory configuration. The factory configuration is described in the ESR Router Factory Configuration section of this manual.

Connect the network data cable (patch cord) to any port within the 'Trusted' zone and to the PC intended for management tasks.

In the router factory configuration, DHCP server is enabled with IP address pool in 192.168.1.0/24 subnet.

When network interface is connected to the management computer, the latter should obtain the network address from the server.

If IP address is not obtained for some reason, assign the interface address manually using any address except for 192.168.1.1 in 192.168.1.0/24 subnet.

RS-232 console port connection

Using RJ-45/DBF9 cable included into device delivery package, connect the router 'Console' port to the computer RS-232 port.

Launch terminal application (e.g. HyperTerminal or Minicom) and create a new connection. VT100 terminal emulation mode should be used.

Specify the following settings for RS-232 interface:

Bit rate: 115200 bps
Data bits: 8 bits
Parity: no
Stop bits: 1
Flow control: none

Applying the configuration change

Any changes made in the configuration will take effect only after applying the command:

esr# commit
Configuration has been successfully committed

After applying the command above, the configuration rollback timer is started. To stop the timer and rollback mechanism, use the following command:

esr# confirm
Configuration has been successfully confirmed

The default 'rollback' timer value is 600 seconds. To change this timer, use the command:

esr(config)# system config-confirm timeout <TIME>

<TIME> – time period of configuration confirmation pending, takes value in seconds [120..86400].

Basic router configuration

Upon the first startup, the router configuration procedure includes the following steps:

  • Changing password for "admin" user.
  • Creation of new users.
  • Assigning device name (Hostname).
  • Setting parameters for public network connection in accordance with the provider requirements.
  • Configuring remote connection to router.
  • Applying basic settings.

Changing password for "admin" user

To ensure the secure system access, you should change the password for the privileged 'admin' user.

'techsupport' account is required for service centre specialist remote access.

'remote' account – RADIUS, TACACS+, LDAP authentication.

'admin', 'techsupport', 'remote' users cannot be deleted. You may only change passwords and a privilege level.

Username and password are required for login during the device administration sessions.

To change 'admin' password, use the following commands:

esr# configure
esr(config)# username admin
esr(config-user)# password <new-password>
esr(config-user)# exit

Creation of new users

Use the following commands to create a new system user or configure the username, password, or privilege level:

esr(config)# username <name>
esr(config-user)# password <password>	
esr(config-user)# privilege <privilege>
esr(config-user)# exit

Privilege levels 1–9 allow you to access the device and view its operation status, but the device configuration is disabled. Privilege levels 10–14 allow both the access to the device and configuration of majority of its functions. Privilege level 15 allows both the access to the device and configuration of all its functions.

Example of commands, that allow you to create user 'fedor' with password '12345678' and privilege level 15 and create user 'ivan' with password 'password' and privilege level '1':

esr# configure
esr(config)# username fedor
esr(config-user)# password 12345678
esr(config-user)# privilege 15
esr(config-user)# exit
esr(config)# username ivan
esr(config-user)# password password
esr(config-user)# privilege 1
esr(config-user)# exit

Privilege levels 1–9 allow you to access the device and view its operation status, but the device configuration is disabled. Privilege levels 10–14 allow both the access to the device and configuration of majority of its functions. Privilege level 15 allows both the access to the device and configuration of all its functions.

Example of commands, that allow you to create user 'fedor' with password '12345678' and privilege level 15 and create user 'ivan' with password 'password' and privilege level '1':

esr# configure
esr(config)# username fedor
esr(config-user)# password 12345678
esr(config-user)# privilege 15
esr(config-user)# exit
esr(config)# username ivan
esr(config-user)# password password
esr(config-user)# privilege 1
esr(config-user)# exit

Assigning device name

To assign the device name, use the following commands:

esr# configure
esr(config)# hostname <new-name>

When a new configuration is applied, command prompt will change to the value specified by <new-name> parameter.

Configuration of public network parameters

To configure router network interface in the public network, you should assign parameters defined by the network provider – default IP address, subnet mask and gateway address – to the device.

Example of static IP address configuration commands for GigabitEthernet 1/0/2.150 sub-interface used for obtaining access to the router via VLAN 150.

Interface parameters:

  • IP address: 192.168.16.144;
  • Subnet mask: 255.255.255.0;
  • Default gateway IP address: 192.168.16.1.
esr# configure
esr(config)# interface gigabitethernet 1/0/2.150
esr(config-subif)# ip address 192.168.16.144/24
esr(config-subif)# exit
esr(config)# ip route 0.0.0.0/0 192.168.16.1

To ensure the correct IP address assigning for the interface, enter the following command when the configuration is applied:

esr# show ip interfaces

IP address            Interface                           Type
-------------------   ---------------------------------   -------
192.168.16.144/24     gigabitethernet 1/0/2.150           static

Provider may use dynamically assigned addresses in their network. If the there is DHCP server in the network, you can obtain the IP address via DHCP.

Configuration example for obtaining dynamic IP address from DHCP server on GigabitEthernet 1/0/10 interface:

esr# configure
esr(config)# interface gigabitethernet 1/0/10
esr(config-if)# ip address dhcp
esr(config-if)# exit

To ensure the correct IP address assigning for the interface, enter the following command when the configuration is applied:

esr# show ip interfaces

IP address            Interface                           Type
-------------------   ---------------------------------   -------
192.168.11.5/25       gigabitethernet 1/0/10              DHCP

Configuring remote connection to router

In the factory configuration, remote access to the router may be established via Telnet or SSH from the 'trusted' zone. To enable remote access to the router from other zones, e.g. from the public network, you should create the respective rules in the firewall.

When configuring access to the router, rules should be created for the following pair of zones:

  • source-zone – zone that the remote access will originate from;
  • self – zone which includes router management interface.

Use the following commands to create the allowing rule:

esr# configure
esr(config)# security zone-pair <source-zone> self
esr(config-zone-pair)# rule <number>
esr(config-zone-rule)# action permit
esr(config-zone-rule)# match protocol tcp
esr(config-zone-rule)# match source-address <network object-group>
esr(config-zone-rule)# match destination-address <network object-group>
esr(config-zone-rule)# match destination-port <service object-group>
esr(config-zone-rule)# enable
esr(config-zone-rule)# exit
esr(config-zone-pair)# exit

Example of commands that allow users from 'untrusted' zone with IP addresses in range 132.16.0.5-132.16.0.10 to connect to the router with IP address 40.13.1.22 via SSH:

esr# configure
esr(config)# object-group network clients
esr(config-addr-set)# ip address-range 132.16.0.5-132.16.0.10
esr(config-addr-set)# exit
esr(config)# object-group network gateway
esr(config-addr-set)# ip address-range 40.13.1.22
esr(config-addr-set)# exit
esr(config)# object-group service ssh
esr(config-port-set)# port-range 22
esr(config-port-set)# exit
esr(config)# security zone-pair untrusted self
esr(config-zone-pair)# rule 10
esr(config-zone-rule)# action permit
esr(config-zone-rule)# match protocol tcp
esr(config-zone-rule)# match source-address clients
esr(config-zone-rule)# match destination-address gateway
esr(config-zone-rule)# match destination-port ssh
esr(config-zone-rule)# enable
esr(config-zone-rule)# exit
esr(config-zone-pair)# exit

Firmware update

Updating firmware via system resources

To update the firmware, use any of the following servers: TFTP, FTP, SCP. Router firmware files obtained from the manufacturer should be allocated on the server.

The router stores two copies of the firmware. To ensure the reliability of the firmware update procedure, only the copy that was not used for the last device startup is available for the update.

When update the firmware, the router configuration is converted according to a new version.

When loading a router with an older software version than the previously loaded configuration, the configuration is not converted and is subsequently deleted.

You can update firmware from earlier versions using the instructions in the section Updating firmware from the bootloader.

To update the firmware for the device running the operating system, follow procedure described below.

  1. Prepare the selected server for operation. You should know the server address; also firmware distributive file should be loaded onto the server.
  2. The router should be prepared for operation according to the documentary requirements. Router configuration should allow for data exchange with the server via TFTP/FTP/SCP and ICMP protocols. At that, you should take into account the server inherence to the router security zones.
  3. Connect to the router locally via Console port or remotely via Telnet or SSH.
    Check the server availability for the router using ping command on the router. If the server is not available, check the router settings and the status of the server network interfaces.
  4. To update the router firmware, enter the following command. Specify IP address of the server being used as <server> For updates that utilize FTP or SCP server, you should enter a username (<user> parameter) and a password (<password> parameter). Specify the name of the firmware file loaded onto the server as <file_name> parameter (when using SCP, the full path must be as <folder> parameter). When the command is executed, router will copy the file into its internal memory, perform data integrity check and save it into non-volatile memory.

    TFTP:

    esr# copy tftp://<server>:/<file_name> system:firmware

     FTP:

    esr# copy ftp://[<user>[:<password>]@]<server>:/<file_name> system:firmware

    SCP:

    esr# сору scp://[<user>[:<password>]@]<server>://<folder>/<file_name> system:firmware

    For example, let's update basic firmware via SCP:

    esr# сору scp://adm:password123@192.168.16.168://home/tftp/firmware system:firmware

  5. To start the device with the new firmware version, you have to switch the active image. With show bootvar command, locate the image number, containing updated firmware.

    esr# show bootvar
Image   Version                      Date                   Status         After reboot   
-----  --------------               --------------------    ------------   ------------   
1       1.0.7 build 141[f812808]     date 18/02/2015 time    Active         *
                                     16:12:54             

2       1.0.7 build 141[f812808]     date 18/02/2015 time   Not Active
                                     16:12:54

    Use the following command to select the image:

    esr# boot system image-[1|2]

  6. To update the secondary bootloader (U-Boot), enter the following command: Specify IP address of the server being used as <server> parameter. For updates that utilize FTP or SCP server, you should enter a username (<user> parameter) and a password (<password> parameter). Specify the name of the secondary bootloader onto the server as <file_name> parameter (when using SCP, the full path must be as <folder> parameter). When the command is executed, router will copy the file into its internal memory, perform data integrity check and save it into non-volatile memory.
    TFTP:

    esr# copy tftp://<server>:/<file_name> system:boot

    FTP:

    esr# copy ftp://<server>:/<file_name> system:boot

    SCP:

    esr# copy scp://[<user>[:<password>]@]<server>://<folder>/<file_name> system:boot

Updating firmware via bootloader

Router firmware may be updated via the bootloader as follows:

  1. When U-Boot finishes the router initialization, break the device startup with the <Esc> key.

    Configuring PoE...
distribution 1 dest_threshold 0xa drop_timer 0x0
Configuring POE in bypass mode
NAE configuration done!
initializing port 0, type 2.
initializing port 1, type 2.
SMC Endian Test:b81fb81f
nae-0, nae-1
  =======Skip: Load SYS UCORE for old 8xxB1/3xxB0 revision on default.
Hit any key to stop autoboot:  2

  2. Specify TFTP server address:

    BRCM.XLP316Lite Rev B0.u-boot# setenv serverip 10.100.100.1
Для версии 1.5 и выше: BRCM.XLP316Lite Rev B0.u-boot# serverip 10.100.100.1

  3. Specify router IP address:

    BRCM.XLP316Lite Rev B0.u-boot# setenv ipaddr 10.100.100.2
Для версии 1.5 и выше: BRCM.XLP316Lite Rev B0.u-boot# ipaddr 10.100.100.2

  4. Specify the name of the frimware file on the TFTP server:

    Для версии 1.5 и выше: BRCM.XLP316Lite Rev B0.u-boot# firmware_file firmware
  5. You may save the environment using 'saveenv' command for future updates.
  6. Launch firmware update procedure

    BRCM.XLP316Lite Rev B0.u-boot# run tftp_update_image1

    Using nae-0-3 device
TFTP from server 10.100.100.1; our IP address is 10.100.100.2
Filename 'esr1000/firmware'.
Load address: 0xa800000060000000
Loading: TftpStart:TftpTimeoutMsecs = 10000, TftpTimeoutCountMax = 6
#################################################################
################################################################# #################################################################
#########################
####################################
done
Bytes transferred = 64453909 (3d77d15 hex)
Device 0: MT29F8G08ABBCAH4 ... is now current device

NAND erase: device 0 offset 0x1440000, size 0x6400000
Bad block table found at page 262080, version 0x01
Bad block table found at page 262016, version 0x01
Erasing at 0x7800000 -- 1895825408% complete..
OK

NAND write: device 0 offset 0x1440000, size 0x6400000
104857600 bytes written: OK
  7. Install the downloaded firmware as an image to start the system and reboot the router:

    BRCM.XLP316Lite Rev B0.u-boot# run set_bootpart_1

    For version 1.5 and newer: BRCM.XLP316Lite Rev B0.u-boot# boot_system image1

    BRCM.XLP316Lite Rev B0.u-boot# reset

Secondary bootloader update (U-Boot)

Secondary bootloader initializes NAND and the router. During the update, a new file of the secondary bootloader is saved to the flash

To view the current version of the load file operating on the device, execute 'version' command in U-Boot CLI. Also, the version is displayed during the router startup:

BRCM.XLP316Lite Rev B0.u-boot# version

BRCM.XLP.U-Boot:1.1.0.47 (29/11/2016 – 19:00:24)

Firmware update procedure:

  1. When U-Boot finishes the router initialization, break the device startup with the <Esc> key.

    Configuring PoE...
distribution 1 dest_threshold 0xa drop_timer 0x0
Configuring POE in bypass mode
NAE configuration done!
initializing port 0, type 2.
initializing port 1, type 2.
SMC Endian Test:b81fb81f
nae-0, nae-1
  =======Skip: Load SYS UCORE for old 8xxB1/3xxB0 revision on default.
Hit any key to stop autoboot:  2
  2. Specify TFTP server address:

    BRCM.XLP316Lite Rev B0.u-boot# setenv serverip 10.100.100.1

    For version 1.5 and newer: BRCM.XLP316Lite Rev B0.u-boot# serverip 10.100.100.2

  3. Specify router IP address:

    BRCM.XLP316Lite Rev B0.u-boot# setenv ipaddr 10.100.100.2

    For version 1.5 and newer: BRCM.XLP316Lite Rev B0.u-boot# ipaddr 10.100.100.2

  4. Specify the name of the bootloader file on the TFTP server:

    For version 1.5 and newer: BRCM.XLP316Lite Rev B0.u-boot# uboot_ file u- boot. bin

  5. You may save the environment using 'saveenv' command for future updates.
  6. Launch firmware update procedure:

    BRCM.XLP316Lite Rev B0.u-boot# run upd_uboot

    For version 1.5 and newer: BRCM.XLP316LiteRevB0.u-boot# run tftp_update_uboot

    Using nae-1 device
TFTP from server 10.100.100.1; our IP address is 10.100.100.2
Filename 'esr1000/u-boot.bin'.
Load address: 0xa800000078020000
Loading: ###########################################################
done
Bytes transferred = 852648 (d02a8 hex)
SF: Detected MX25L12805D with page size 256, total 16777216 bytes
16384 KiB MX25L12805D at 0:0 is now current device
  7. Reboot the router:

    BRCM.XLP316Lite Rev B0.u-boot# reset

  • Нет меток