Quick Start Card

Arbor Edge Defense

2600 Appliance

This card provides instructions for the connection and initial Environmental
configuration of the NETSCOUT Arbor Edge Defense (AED) 2600
Temperature, operating: 50ºF to 95ºF (10ºC to 35ºC)
appliance. These procedures represent the minimum required setup.
Humidity, operating: 95%, non-condensing, at temperatures of 73ºF
to 95ºF (23ºC to 35ºC). Designed to meet or exceed Telcordia GR-63
Package Contents and ETSI EN 300 019 humidity requirements for operating, transport,
Verify that your package contains the following items: and storage environments.
Temperature, non-operating: -40ºF to 158ºF (-40ºC to 70ºC)
55
Item
Humidity, non-operating: 95%, non-condensing, at temperatures of
……
AED 2600 appliance 73ºF to 104ºF (23ºC to 40ºC)
……
2 Ethernet patch cables Airflow direction: Front to back. For proper airflow, ensure that
……
2 AC power cords or 2 DC connector assemblies the air intake is positioned in a cold aisle and the air exhaust is
……
1 rail kit with extensions positioned in a hot aisle.
Heat dissipation: 1075 BTU/hr @315 W
……
Legal documentation
Compatibility: Monitoring
Interface Configurations Integrates with management consoles that support SNMPv2 or
The AED 2600 models support the following network inteface cards SNMPv3
(NICs):
• 1 GbE copper or fiber (SX or LX) Compatibility: Web-based UI
• 10 GbE fiber (SR or LR) Compatible with the following browsers:

See the Arbor Edge Defense Release Notes for a list of the supported • Internet Explorer
configurations. • Google Chrome
• Firefox
Appliance Specifications See the Arbor Edge Defense Release Notes for the supported browser
versions.
The following list describes the specifications for the AED 2600
appliance:
Before You Begin
Power Options
First, decide whether to place the appliance inline (inline mode) or
850 W AC or DC hot-swap, redundant power supplies out-of-line through a span port or network tap (monitor mode). Also
AC: 100 to 240 VAC, 50 to 60 Hz, 12/6 A decide which deployment scenario is best for your network.
DC: -40 to -72 VDC, 28/14 A max For more information, see the section about the AED deployment
scenarios in the Arbor Edge Defense User Guide. You can view and
Physical Dimensions
download this guide from the Arbor Technical Assistance Center web
Chassis: 2U rack site at the following address: https://support.arbornetworks.com/
Height: 3.45 in (8.76 cm)
Width: 17.14 in (43.53 cm)
Depth: 20 in (50.8 cm)
Weight: 36.95 lb (16.76 kg)

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Collecting Information
Collect the information that applies to your appliance:
• Appliance hostname — The unique name that identifies the • Default gateway IP address — The IP address and netmask for
appliance on the network. the management default route and any additional routes that
• License key — Your AED license key number from your license are required for the device to access the management interface.
key email. • Physical connections — The switch or router port mappings
• Administrative username and password — The username and to connect to the AED protection ports. See the “About the
password for administrative access to the appliance. The default Protection Ports” section of this card.
username is admin and the default password is arbor. You must • Network connectivity mode — The method that you plan to use
change the default password to start the AED services. to connect the AED appliance within your network (inline or out-
• IP address and network mask — The management IP address of-line through a span port or network tap).
and the network mask for the appliance’s management interface. • Appliance access mode — The method that you plan to use to
• NTP Server (optional) — The IP address for the server that access and configure the AED appliance (VGA or serial console).
synchronizes the network time.

Back Panel, AED 2600 Appliance

This diagram* shows the back panel of an AED 2600 appliance with 10 GbE fiber interfaces and 1 GbE copper interfaces:

1
6
ext0 int0 ext1 int1 ext2 int2 ext3 int3
7 2
ext4 int4 ext5 int5

5 4 3

1 2 3 4 5 6 7 8 9 10 11

1 VGA connector 9 Two ground studs for DC-input system

2 USB0 and USB1 (1 on the top, 0 on the bottom) 10 Power supply 2 (DC module is shown). The pins are numbered
3 (Not supported) Remote Management NIC 1, 2, and 3 from the bottom to the top. Pin 1 (bottom) is the
ground, pin 2 (middle) is the -48 VDC terminal, and pin 3 (top) is
4 USB2 and USB3 (3 on the top, 2 on the bottom)
the return terminal.
5 Management port 0 (GbE NIC 1 connector)
11 Power supply 1 (AC module is shown)
6 Management port 1 (GbE NIC 2 connector)
7 1 GbE (fiber or copper) or 10 GbE fiber protection ports Note: Both types of power supplies are shown for illustration
purposes only. Each appliance has either two AC power supplies or
8 1 GbE protection ports. Copper ports are shown, but these ports
two DC power supplies.
can be copper or fiber.
For details about the configuration of protection ports, see the *Your AED appliance might be different from this diagram,
“About the Protection Ports” section of this card. depending on the model that you purchased.

Front Panel, AED 2600 Appliance

This diagram shows the port, buttons, and LEDs on the front panel of the AED 2600 appliance.
1 2 3 4 5 6 6 Major alarm LED
13
7 NMI button
8 Chassis ID button
9 NIC1/NIC 2 activity LED
10 HDD activity LED
11 Power alarm LED

7 8 9 10 11 12 12 Minor alarm LED

13 RJ45 serial console port
1 Power button
2 System reset button An alarm LED that is blinking green, solid amber, or solid red
3 Chassis information LED indicates an error. To determine the cause of an error, review the
Active Alerts section on the Summary page in the AED UI.
4 Fan status LED
5 Critical alarm LED

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary

About the Protection Ports 6. (Optional) Repeat Step 4 and Step 5 for each additional
A network path to be protected can be connected to any two like- protection port pair that you want to connect.
numbered interfaces (for example, ext0 and int0). The “ext” interface Note: To balance traffic, we recommend that you connect
always faces an external internet connection and the “int” interface protection port pairs that are on different physical NICs.
always faces your internal network. For the location of the “ext” and
7. C
 onnect to the appliance for configuration by using one of the
“int” interfaces, see the back panel diagram.
following methods (the serial console is easier to use):
• In an inline deployment, AED acts as a physical cable between
the internet and your protected network. Connect the upstream Serial Console
network equipment to an “ext” interface on AED. Connect the • P
 lug the RJ45 end of an Ethernet patch cable into the serial
matching “int” interface on AED to your downstream network console port on the front of the appliance.
equipment. • C
 onnect the other end of the Ethernet patch cable to a serial
• Do not send outbound traffic from your internal network to an console server or computer.
“ext” interface on AED. AED treats all traffic on “ext” interfaces as • C
 onfigure your console server or computer with the following
external. settings:
• In monitor mode, AED is deployed out-of-line through a span • Baud rate: 9600
port or network tap. Connect the monitor port that receives • Data bits: 8
internet traffic to an “ext” interface on AED. You can connect the
• Stop bits: 1
matching “int” interface on AED to the monitor port that sends
traffic to the internet, but this connection is not required. • Parity: None

• AED expects the first protection ports (ext0 and int0 in inline • Flow control: None
mode or ext0 in monitor mode) to be connected. If they are
VGA
not connected, AED generates system alerts in the web UI. For
• Connect a VGA monitor to the VGA connector on the appliance.
example, if you connect to ports ext2 and int2 to use the fiber SX
• Connect a keyboard to one of the USB ports on the appliance.
interface, system alerts will indicate that interfaces ext0 and int0
are down. You can disable alerting for the ext0 and int0 interface
pair in the UI. Installing AED
• If you connect more than one pair of protection ports, we Tip: Before you begin, get the appliance license key from your license
recommend that you balance the traffic that AED processes key email.
across the physical NICs. For example, if you need to connect The quick installation script prompts you to enter the information
two pairs of protection ports, connect ext0/int0 and ext2/int2 that is required to install AED. To respond to the prompts, type the
because they are on different NICs. requested information and press enter. To accept a default entry,
Important: If you connect AED to interfaces that do not support which is displayed in brackets, press enter without typing a response.
Auto MDI selection, use the correct combination of straight-through
or crossover cables. It is important to maintain the link through an Command syntax Description
inline AED when bypass mode is engaged.
command Items that you must type as shown.

Connecting the Appliance variable A placeholder for which you must

supply a value.
Use the appliance diagrams as references for connecting your AED
appliance. {option1 | option2} A set of choices, one of which is
Before you begin, ensure that you have an Ethernet patch cable for required. Do not type the vertical bar
each protection port pair. or the braces.

Note: If the installation script does not appear or if you need to

To connect the AED appliance:
reinstall AED, see the instructions for installing and reinstalling AED
1. Connect
 the power supplies on the back of the appliance to the in the Arbor Edge Defense User Guide.
power source. For power supply redundancy in case of a power
loss, use a different electrical circuit for each cord. To install AED:
2. Plug one end of an Ethernet patch cable into an Ethernet switch, 1. Turn on the AED appliance.
and plug the other end into management port mgt0 on the back • If you connected to the appliance through a serial console, the
of the appliance. installation starts automatically. Go to Step 6.
Note: Do not plug the patch cable into the port labeled MNGT on • Otherwise, go to Step 2.
the back panel.
2. When the prompt that tells you to Press any key to
3. (Optional) Repeat Step 2 to connect to management port mgt1. continue appears, press a key within five seconds.
4. Plug one end of an Ethernet patch cable into an “ext” protection Important: If the system continues before you can press a key,
port on the appliance. Plug the other end of the Ethernet patch turn off the appliance and start over.
cable into your upstream network equipment or to a span port or 3. At the GRUB menu, press the up arrow key or down arrow key to
network tap that receives traffic from the internet. stop the 10-second countdown.
5. Plug one end of an Ethernet patch cable into the matching “int” Important: If the system continues before you can stop the
port on the appliance. Plug the other end of the Ethernet patch countdown, turn off the appliance and start over.
cable into your downstream equipment or to a span port or
network tap that sends traffic to the internet.
© NETSCOUT SYSTEMS, INC. Confidential and Proprietary
4. Select the following option on the GRUB menu and then press Prompt Response
enter:
DNS server IP Enter the IP address for your DNS server or
(re)install from on-board flash (VGA)
address press enter to skip this prompt.
5. In response to the following prompt, enter y:
Current time and Accept the default or enter a new time and
Do you want to begin the install process? date date in the format mmddHHMMyyyy.SS
This will remove all current data and (month, day, hour, minutes, year, seconds).
configuration [n]
NTP server IP Enter the IP address of your NTP server or
The installation initializes the system, installs the software, and
address press enter to skip this prompt.
builds the databases. These processes take some time.

6. When the installation processes finish, respond to the prompts Important: When the system restarts, do not press a key or respond
as follows: to any other prompts until the login prompt appears.

Prompt Response 7. At the login prompt, enter the default username of admin.

Enable FIPS mode? Enter y to each prompt to enable FIPS 8. At the password prompt, enter the admin password that you
(Federal Information Processing Standard) set in the installation script. If you did not change the default
Are you sure admin password, enter arbor.
mode, otherwise enter n. In FIPS mode,
you want to
AED only supports FIPS-compliant Important: The license key commands are case sensitive. Enter the
permanently
algorithms. model and license key exactly as they appear in your license key
enable FIPS mode?
email, including any spaces and punctuation.
Note: If you enable FIPS mode, you cannot
disable this mode after the installation 9. Enter / system license set aed “model” license_key
completes. model = the AED model, such as AED-2600-15 for a licensed rate
System hostname? Enter the AED appliance’s hostname as limit of 15 Gbps
a simple host name or a fully qualified This argument might take additional parameters, such as the
domain name. For example: expiration date for an evaluation license.
host.example.com license_key = your AED license key
Set admin (Strongly recommended) To change 10. If you subscribed to the AIF, enter / system license set ASERT
password? the administrator password, enter y. At “license_type” license_key
the password prompts, enter the new license_type = your AIF license plus the expiration date time
password. stamp; for example: AED-AIF-ADVANCED expires: 1437749737
Important: Before you can start AED license_key = your AIF license key
services, you must change the default
administrator password. 11. Enter / services aed mode set {inline | monitor}

IP address for {inline | monitor} = Enter inline if you placed the appliance
Enter this management port’s IP address.
interface mgt0 inline in your network. Enter monitor if you placed it out-of-line
For example: 198.51.100.2 or 2001:DB8::2
through a span port or network tap.
Netmask for (IPv4 addresses only) Enter the netmask
interface mgt0 12. Enter / reload
in dotted-quad format. For example:
255.255.255.0 Important: You must reload AED before you can start the AED
services.
Prefix for (IPv6 addresses only) Enter the prefix length
interface mgt0 of this management port’s address. For 13. Enter / services aed start
example: /64
Important: If you have not changed the default administrator
IP address for Respond to the prompts to configure mgt1 password, you must change it before you can start AED services.
interface mgt1 or press enter to skip the configuration.
14. To complete the installation, enter the following commands, one
Default route Enter the default gateway’s IP address. For at a time:
example: 198.51.100.1 or 2001:DB8::1 • config write
{https | ping | At each of these prompts, enter the address • exit
cloudsignal | range from which you want to allow
ssh} access from communications to a service. For example: Finishing the Configuration
which network? 198.51.100.0/24 or 2001:DB8::/32
You complete the AED configuration in the AED web UI. For
To skip a prompt, press enter. information about configuring AED settings, see the Arbor Edge
Defense User Guide.
After you pass through these prompts, a
new SSH host key file is generated.

© 2018 - 2020 NETSCOUT SYSTEMS, INC. All rights reserved. Confidential and Proprietary. www.netscout.com
AED-2600-QSC-2020/03, Part Number: 293-2868 Rev. E