Juniper SRX340 Manuale utente

Categoria
Gateway / controllori
Tipo
Manuale utente
SRX340 Services Gateway Hardware Guide
Published
2020-08-26
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.
SRX340 Services Gateway Hardware Guide
Copyright © 2020 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.
ii
Table of Contents
About the Documentation | viii
Documentation and Release Notes | viii
Using the Examples in This Manual | viii
Merging a Full Example | ix
Merging a Snippet | x
Documentation Conventions | x
Documentation Feedback | xiii
Requesting Technical Support | xiii
Self-Help Online Tools and Resources | xiv
Creating a Service Request with JTAC | xiv
Overview
1
SRX340 Services Gateway Overview | 16
SRX340 Services Gateway Description | 16
SRX340 Services Gateway Field Replaceable Units Overview | 16
Benefits of the SRX340 Services Gateway | 17
SRX340 Chassis | 17
SRX340 Services Gateway Chassis Overview | 18
SRX340 Services Gateway Front Panel | 18
Management Port LEDs | 21
Network Port LEDs | 21
SRX340 Services Gateway Back Panel | 22
SRX340 Services Gateway Interface Modules Overview | 23
SRX340 Cooling System | 23
SRX340 Power System | 24
Understanding the SRX340 Services Gateway Power Supply | 25
SRX340 Services Gateway Power Specifications and Requirements | 25
SRX340 Services Gateway Supported AC Power Cords | 25
iii
Site Planning, Preparation, and Specifications
2
Site Preparation Checklist for the SRX340 Services Gateway | 29
SRX340 Site Guidelines and Requirements | 31
General Site Installation Guidelines for the SRX340 Services Gateway | 31
SRX340 Services Gateway Environmental Specifications | 32
SRX340 Services Gateway Electrical Wiring Guidelines | 32
SRX340 Services Gateway Grounding Specifications | 34
SRX340 Services Gateway Physical Specifications | 34
SRX340 Services Gateway Clearance Requirements for Airflow and Hardware
Maintenance | 35
Rack Requirements for the SRX340 Services Gateway | 36
Cabinet Requirements for the SRX340 Services Gateway | 36
SRX340 Transceiver Specifications and Pinouts | 37
SRX340 Transceiver Support | 37
RJ-45 Connector Pinouts for the SRX340 Services Gateway Ethernet Port | 38
RJ-45 Connector Pinouts for the SRX340 Services Gateway Console Port | 38
Mini-USB Connector Pinouts for the SRX340 Services Gateway Console Port | 39
Initial Installation and Configuration
3
SRX340 Installation Overview | 42
SRX340 Services Gateway Installation Overview | 42
SRX340 Services Gateway Autoinstallation Overview | 42
Unpacking and Mounting the SRX340 | 44
Unpacking the SRX340 Services Gateway | 44
Verifying Parts Received with the SRX340 Services Gateway | 45
Preparing the SRX340 Services Gateway for Rack-Mount Installation | 46
Installing the SRX340 Services Gateway in a Rack | 47
Connecting the SRX340 to Power | 48
Required Tools and Parts for Grounding the SRX340 Services Gateway | 49
Connecting the SRX340 Services Gateway Grounding Cable | 49
Connecting the SRX340 Services Gateway to an AC Power Supply | 51
Powering On the SRX340 Services Gateway | 52
iv
Powering Off the SRX340 Services Gateway | 52
Connecting the SRX340 to External Devices | 54
Connecting the Dial-Up Modem to the Console Port on the SRX340 Services Gateway | 54
Connecting to the SRX340 Services Gateway CLI Using a Dial-Up Modem | 55
Configuring Junos OS on the SRX340 | 56
SRX340 Services Gateway Software Configuration Overview | 56
Understanding SRX340 Services Gateway Factory-Default Settings | 56
Initial Configuration | 58
Initial Configuration Using J-Web | 58
Initial Configuration Using CLI | 59
Plug and Play | 61
Customize the Configuration Using J-Web | 62
Viewing Factory-Default Settings | 64
Maintaining Components
4
Maintaining the SRX340 Components | 66
Required Tools and Parts for Maintaining the SRX340 Services Gateway Hardware
Components | 66
Routine Maintenance Procedures for the SRX340 Services Gateway | 66
Maintaining the SRX340 Services Gateway Cooling System Components | 67
Maintaining the SRX340 Services Gateway Power Supply | 67
Replacing Mini-Physical Interface Modules in the SRX340 Services Gateway | 67
Troubleshooting Hardware
5
Troubleshooting the SRX340 | 70
Troubleshooting Resources for the SRX340 Services Gateway Overview | 70
Troubleshooting Chassis and Interface Alarm Messages on the SRX340 Services Gateway | 70
Troubleshooting the Power System on the SRX340 Services Gateway | 71
Using the RESET CONFIG Button | 72
Changing the RESET CONFIG Button Behavior | 73
Contacting Customer Support and Returning the Chassis or Components
6
Returning the SRX340 Chassis or Components | 75
Contacting Customer Support | 75
Returning a SRX340 Services Gateway Component to Juniper Networks | 76
v
Locating the SRX340 Services Gateway Chassis Serial Number and Agency Labels | 76
Locating the SRX340 Services Gateway Mini-Physical Interface Module Serial Number
Label | 77
Listing the SRX340 Services Gateway Component Details with the CLI | 77
Required Tools and Parts for Packing the SRX340 Services Gateway | 78
Packing the SRX340 Services Gateway for Shipment | 78
Packing SRX340 Services Gateway Components for Shipment | 79
Safety and Compliance Information
7
Definitions of Safety Warning Levels | 82
General Safety Guidelines and Warnings | 85
Restricted Access Warning | 87
Qualified Personnel Warning | 90
Prevention of Electrostatic Discharge Damage | 90
Fire Safety Requirements | 92
Fire Suppression | 92
Fire Suppression Equipment | 92
Laser and LED Safety Guidelines and Warnings | 93
General Laser Safety Guidelines | 93
Class 1 Laser Product Warning | 94
Class 1 LED Product Warning | 95
Laser Beam Warning | 96
Radiation from Open Port Apertures Warning | 97
Maintenance and Operational Safety Guidelines and Warnings | 98
Battery Handling Warning | 99
Jewelry Removal Warning | 100
Lightning Activity Warning | 102
Operating Temperature Warning | 103
Product Disposal Warning | 105
Action to Take After an Electrical Accident | 106
General Electrical Safety Guidelines and Warnings | 106
vi
AC Power Electrical Safety Guidelines | 107
SRX340 Services Gateway Agency Approvals | 108
SRX340 Services Gateway Acoustic Noise Compliance Statements | 109
SRX340 Services Gateway EMC Requirements | 110
Canada | 110
European Community | 110
Israel | 110
Japan | 110
United States | 111
vii
About the Documentation
IN THIS SECTION
Documentation and Release Notes | viii
Using the Examples in This Manual | viii
Documentation Conventions | x
Documentation Feedback | xiii
Requesting Technical Support | xiii
Use this guide to install hardware and perform initial software configuration, routine maintenance, and
troubleshooting for the SRX340 Services Gateway. After completing the installation and basic configuration
procedures covered in this guide, refer to the Junos OS documentation for information about further
software configuration.
Documentation and Release Notes
To obtain the most current version of all Juniper Networks
®
technical documentation, see the product
documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.
If the information in the latest release notes differs from the information in the documentation, follow the
product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts.
These books go beyond the technical documentation to explore the nuances of network architecture,
deployment, and administration. The current list can be viewed at https://www.juniper.net/books.
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the load merge or the load merge relative
command. These commands cause the software to merge the incoming configuration into the current
candidate configuration. The example does not become active until you commit the candidate configuration.
viii
If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example
is a full example. In this case, use the load merge command.
If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In
this case, use the load merge relative command. These procedures are described in the following sections.
Merging a Full Example
To merge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into a text file, save the
file with a name, and copy the file to a directory on your routing platform.
For example, copy the following configuration to a file and name the file ex-script.conf. Copy the
ex-script.conf file to the /var/tmp directory on your routing platform.
system {
scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
2. Merge the contents of the file into your routing platform configuration by issuing the load merge
configuration mode command:
[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete
ix
Merging a Snippet
To merge a snippet, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the
file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the
ex-script-snippet.conf file to the /var/tmp directory on your routing platform.
commit {
file ex-script-snippet.xsl; }
2. Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode
command:
[edit]
user@host# edit system scripts
[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by issuing the load merge
relative configuration mode command:
[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete
For more information about the load command, see CLI Explorer.
Documentation Conventions
Table 1 on page xi defines notice icons used in this guide.
x
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware
damage.
Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Indicates helpful information.Tip
Alerts you to a recommended use or implementation.Best practice
Table 2 on page xi defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
To enter configuration mode, type
the configure command:
user@host> configure
Represents text that you type.Bold text like this
user@host> show chassis alarms
No alarms currently active
Represents output that appears on
the terminal screen.
Fixed-width text like this
A policy term is a named structure
that defines match conditions and
actions.
Junos OS CLI User Guide
RFC 1997, BGP Communities
Attribute
Introduces or emphasizes important
new terms.
Identifies guide names.
Identifies RFC and Internet draft
titles.
Italic text like this
xi
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
Configure the machine’s domain
name:
[edit]
root@# set system domain-name
domain-name
Represents variables (options for
which you substitute a value) in
commands or configuration
statements.
Italic text like this
To configure a stub area, include
the stub statement at the [edit
protocols ospf area area-id]
hierarchy level.
The console port is labeled
CONSOLE.
Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy
levels; or labels on routing platform
components.
Text like this
stub <default-metric metric>;Encloses optional keywords or
variables.
< > (angle brackets)
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between the
mutually exclusive keywords or
variables on either side of the symbol.
The set of choices is often enclosed
in parentheses for clarity.
| (pipe symbol)
rsvp { # Required for dynamic MPLS
only
Indicates a comment specified on the
same line as the configuration
statement to which it applies.
# (pound sign)
community name members [
community-ids ]
Encloses a variable for which you can
substitute one or more values.
[ ] (square brackets)
[edit]
routing-options {
static {
route default {
nexthop address;
retain;
}
}
}
Identifies a level in the configuration
hierarchy.
Indention and braces ( { } )
Identifies a leaf statement at a
configuration hierarchy level.
; (semicolon)
GUI Conventions
xii
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
In the Logical Interfaces box, select
All Interfaces.
To cancel the configuration, click
Cancel.
Represents graphical user interface
(GUI) items you click or select.
Bold text like this
In the configuration editor hierarchy,
select Protocols>Ospf.
Separates levels in a hierarchy of
menu selections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback so that we can improve our documentation. You can use either
of the following methods:
Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper
Networks TechLibrary site, and do one of the following:
Click the thumbs-up icon if the information on the page was helpful to you.
Click the thumbs-down icon if the information on the page was not helpful to you or if you have
suggestions for improvement, and use the pop-up form to provide feedback.
E-mail—Send your comments to [email protected]. Include the document or topic name,
URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).
If you are a customer with an active Juniper Care or Partner Support Services support contract, or are
xiii
covered under warranty, and need post-sales technical support, you can access our tools and resources
online or open a case with JTAC.
JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User
Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
Product warranties—For product warranty information, visit https://www.juniper.net/support/warranty/.
JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week,
365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called
the Customer Support Center (CSC) that provides you with the following features:
Find CSC offerings: https://www.juniper.net/customers/support/
Search for known bugs: https://prsearch.juniper.net/
Find product documentation: https://www.juniper.net/documentation/
Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
Download the latest versions of software and review release notes:
https://www.juniper.net/customers/csc/software/
Search technical bulletins for relevant hardware and software notifications:
https://kb.juniper.net/InfoCenter/
Join and participate in the Juniper Networks Community Forum:
https://www.juniper.net/company/communities/
Create a service request online: https://myjuniper.juniper.net
To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:
https://entitlementsearch.juniper.net/entitlementsearch/
Creating a Service Request with JTAC
You can create a service request with JTAC on the Web or by telephone.
Visit https://myjuniper.juniper.net.
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see
https://support.juniper.net/support/requesting-support/.
xiv
1
CHAPTER
Overview
SRX340 Services Gateway Overview | 16
SRX340 Chassis | 17
SRX340 Cooling System | 23
SRX340 Power System | 24
SRX340 Services Gateway Overview
IN THIS SECTION
SRX340 Services Gateway Description | 16
SRX340 Services Gateway Field Replaceable Units Overview | 16
Benefits of the SRX340 Services Gateway | 17
SRX340 Services Gateway Description
The SRX340 Services Gateway consolidates security, routing, switching, and WAN interfaces for midsize
distributed enterprises. With advanced threat mitigation capabilities, the services gateway provides
cost-effective and secure connectivity across distributed enterprises.
The SRX340 Services Gateway has a capacity of 3 gigabits per second (Gbps) and is 1 rack unit (U) tall.
The services gateway has eight 1 G Ethernet ports, eight 1 G SFP ports, one management port, 4 GB of
DRAM memory, 8 GB of flash memory, and four Mini-Physical Interface Module (Mini-PIM) slots.
The SRX340 Services Gateway runs the Junos operating system (Junos OS) and supports the following
features:
Firewall support with key features such as IPsec and VPN
Intrusion Detection and Prevention (IDP)
High availability
QoS
MPLS
You can manage the SRX340 Services Gateway by using the same interfaces that you use for managing
other devices that run Junos OS—the CLI, the J-Web graphical interface, and Junos Space.
SRX340 Services Gateway Field Replaceable Units Overview
Field-replaceable units (FRUs) are components that you can replace at your site. The Mini-Physical Interface
Module (MPIM) is the only FRU on the SRX340 Services Gateway.
16
The Mini-PIMs are not hot-swappable. You must power off the services gateway before removing or
installing Mini-PIMs.
SEE ALSO
Replacing Mini-Physical Interface Modules in the SRX340 Services Gateway | 67
Benefits of the SRX340 Services Gateway
High performance—The SRX340 supports up to 3-Gbps firewall and 600-Mbps IPsec VPN, and is suited
for midsize distributed enterprise branch office deployments.
Simplified deployment with minimal manual intervention—The Zero Touch Provisioning (ZTP) feature
enables you to provision and configure the SRX300 line automatically, thereby reducing operational
complexity and simplifying the provisioning of new sites.
Multiple WAN connectivity options—The SRX340 supports multiple options such as Ethernet, serial,
T1/E1, VDSL2, and 3G/4G LTE wireless for WAN or Internet connectivity to link sites.
Threat protection—The SRX300 line supports IPsec VPN, Media Access Control Security (MACsec),
Juniper Sky Advanced Threat Prevention, and Trusted Platform Module (TPM) to protect against potential
vulnerabilities.
RELATED DOCUMENTATION
SRX340 Installation Overview | 42
SRX340 Chassis
IN THIS SECTION
SRX340 Services Gateway Chassis Overview | 18
SRX340 Services Gateway Front Panel | 18
SRX340 Services Gateway Back Panel | 22
SRX340 Services Gateway Interface Modules Overview | 23
17
SRX340 Services Gateway Chassis Overview
The SRX340 Services Gateway chassis is a rigid sheet metal structure that houses all of the other services
gateway components. The chassis measures 1.72 in. (4.36 cm) high, 17.36 in. (44.09 cm) wide, and 14.57
in. (37.01 cm) deep (from the front to the rear of the chassis). The chassis installs in standard 800–mm (or
larger) enclosed cabinets, 19 in. equipment racks, or telecommunications open-frame racks.
CAUTION: Before removing or installing components of a functioning services gateway,
attach an electrostatic discharge (ESD) strap to an ESD point and place the other end
of the strap around your bare wrist. Failure to use an ESD strap could result in damage
to the device.
The services gateway must be connected to earth ground during normal operation. The protective earthing
terminal on the side of the chassis is provided to connect the services gateway to ground.
SRX340 Services Gateway Front Panel
Figure 1 on page 18 shows the front panel of the SRX340 Services Gateway.
Figure 1: SRX340 Services Gateway Front Panel
Table 3 on page 18 provides details about the front panel components.
Table 3: SRX340 Services Gateway Front Panel Components
DescriptionComponentCallout
Returns the services gateway to the rescue configuration or
the factory-default configuration.
Reset Config button1
18
Table 3: SRX340 Services Gateway Front Panel Components (continued)
DescriptionComponentCallout
Serial—Connects a laptop to the services gateway for CLI
management. The port uses an RJ-45 serial connection and
supports the RS-232 (EIA-232) standard.
USB—Connects a laptop to the services gateway for CLI
management through a USB interface. The port accepts a
Mini-B type USB cable plug. A USB cable with Mini-B and
Type A USB plugs is supplied with the services gateway.
To use the mini-USB console port, you must download a
USB driver to the management device from the Downloads
page at
https://www.juniper.net/support/downloads/?p=junos-srx#sw.
To download the driver for Windows OS, select 6.5 from
the Version drop-down list.
To download the driver for Mac OS, select 4.10 from the
Version drop-down list.
Console ports2, 8
Use the management (MGMT) port to connect to the device
over the network.
Management port3
Four slots for Mini-PIMs. Mini-PIMs can be used to provide
LAN and WAN functionality along with connectivity to various
media types.
Mini-PIM slots4
For personal safety, while working on the services gateway,
use the ESD outlet to plug in an ESD grounding strap to
prevent your body from sending static charges to the services
gateway.
ESD point5
Eight 1-GbE MACsec-capable SFP ports for network traffic.1-GbE small form-factor
pluggable (SFP) ports
6
19
Table 3: SRX340 Services Gateway Front Panel Components (continued)
DescriptionComponentCallout
Eight LAN ports (0/0 to 0/7), which are MACsec capable.
The ports have the following characteristics:
Use an RJ-45 connector
Operate in full-duplex and half-duplex modes
Support autonegotiation
The ports can be used to:
Function as front-end network ports
Provide LAN and WAN connectivity to hubs, switches, local
servers, and workstations
Forward incoming data packets to the services gateway
Receive outgoing data packets from the services gateway
1-GbE Ethernet ports7
The services gateway has one USB port that accepts a USB
storage device.
USB port9
Indicate component and system status at a glance.LEDs10
Use the Power button to power on or power off the services
gateway.
Power button11
Figure 2 on page 20 shows the LEDs on the front panel.
Figure 2: SRX340 Services Gateway Front Panel LEDs
Table 4 on page 21 lists the front panel LEDs.
20
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111

Juniper SRX340 Manuale utente

Categoria
Gateway / controllori
Tipo
Manuale utente

in altre lingue