NetEnforcer

AC-5000
Hardware Guide
P/N D360007 R2
 Important Notice

Important Notice
Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and
will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form of
action, whether in contract, tort (including negligence), strict liability or otherwise.
SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR
INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND
SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOT
ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN
THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.
Please read the End User License Agreement and Warranty Certificate provided with this product before using the product.
Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty
Certificate.
WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANY
SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND,
REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE),
STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR
ANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Copyright
Copyright © 1997-2010 Allot Communications. All rights reserved. No part of this document may be reproduced,
photocopied, stored on a retrieval system, transmitted, or translated into any other language without a written permission and
specific authorization from Allot Communications Ltd.

Trademarks
Products and corporate names appearing in this manual may or may not be registered trademarks or copyrights of their
respective companies, and are used only for identification or explanation and to the owners' benefit, without intent to infringe.
Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd.

NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment
is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not
installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be
required to correct the interference at his own expense.

Changes or modifications not expressly approved by Allot Communication Ltd. could void the user's authority to operate the
equipment.

NetEnforcer AC-5000 Hardware Guide iii

Important Notice

Version History
Each document has a version and a build number. You can tell the exact version and build
of this document by checking the table below. The version and release date of the open
document will be in bold at the end of the table.
Document updates are released in electronic form from time to time and the most up to date
version of this document will always be found on Allot‘s online Knowledge Base. To check
for more recent versions, login to the support area [Link]/support and from the
knowledgebase tab, enter the title of this document into the search field.

Doc Version Software Version Date

v2b1 AOS10.2.1 12 May, 2010

v2b2 AOS10.2.1 and above 15 May, 2010

v2b3 AOS10.2.1 and above 5 June, 2010

v2b4 AOS10.2.1 and above 6 June, 2010

v2b5 AOS10.2.1 and above 16 June, 2010

v2b6 AOS10.2.1 and above 24 June, 2010

v2b7 AOS11.1 and above 14 December, 2010

iv NetEnforcer AC-5000 Hardware Guide

Table of Contents
Important Notice .......................................................................................................................... iii
Table of Contents ........................................................................................................................... v
Table of Figures ........................................................................................................................... vii

CHAPTER 1: INTRODUCING THE AC-5000 ................................................... 1-1

Overview ..................................................................................................................................... 1-1
Terms and Acronyms................................................................................................................ 1-1

CHAPTER 2: AC-5040 HARDWARE................................................................ 2-1

AC-5040 Front Panel Controls and Connectors ...................................................................... 2-1
Front Panel LEDS Description ................................................................................................. 2-2
Front Panel Connectors ............................................................................................................ 2-2
Bypass Units................................................................................................................................ 2-2
AC-5040 Bypass Units ............................................................................................................. 2-3
Multi-Port Copper Bypass Unit ............................................................................................ 2-3
Multi-Port Fiber Bypass Unit................................................................................................ 2-3

CHAPTER 3: AC-5100 HARDWARE................................................................ 3-1

AC-5100 Front Panel Controls and Connectors ...................................................................... 3-1
AC-5100 Front Panel LEDS Description ................................................................................. 3-2
AC-5100 Front Panel Connectors............................................................................................. 3-2
Bypass Unit ................................................................................................................................. 3-2
AC-5100 Bypass Unit ............................................................................................................... 3-3
Single Fiber Bypass Unit ...................................................................................................... 3-3

CHAPTER 4: AC-5000 CHASSIS ..................................................................... 4-1

NetEnforcer AC-5000 Chassis Overview ................................................................................. 4-1
Chassis Hardware ...................................................................................................................... 4-2
Front and Rear ESD Wrist Strap Terminals ............................................................................. 4-3
Air Filter ................................................................................................................................... 4-3
Fan Cooling .............................................................................................................................. 4-3
Fan Control Board................................................................................................................. 4-4
NetEnforcer AC-5000 Chassis Backplane................................................................................ 4-5
NetEnforcer AC-5000 Power Supply........................................................................................ 4-6
AC Power Connection .............................................................................................................. 4-6
DC Power Connection .............................................................................................................. 4-7
Shelf Ground Connection ......................................................................................................... 4-8

CHAPTER 5: CONNECTIVITY AND CONFIGURATION.................................. 5-1

Connecting the AC-5040 ............................................................................................................ 5-1
AC-5040 Fiber ...................................................................................................................... 5-1

NetEnforcer AC-5000 Hardware Guide v

 AC-5040 Copper ................................................................................................................... 5-2
Connecting the AC-5100 ............................................................................................................ 5-3
Single Fiber Bypass Unit ....................................................................................................... 5-3
Configuring the AC-5000 ........................................................................................................... 5-5

CHAPTER 6: COMMAND LINE INTERFACE .................................................. 6-1

Chassis CLI ................................................................................................................................. 6-1
Examples ............................................................................................................................... 6-7

CHAPTER 7: ASYMMETRIC TRAFFIC ........................................................... 7-1

Guidelines .................................................................................................................................... 7-1
Asymmetric Configuration ........................................................................................................ 7-2

CHAPTER 8: SAFETY INFORMATION ........................................................... 8-1

General ........................................................................................................................................ 8-1
Chassis Safety.............................................................................................................................. 8-2
Unpacking ................................................................................................................................. 8-2
Installation................................................................................................................................... 8-3
Rack mounting information ...................................................................................................... 8-3
Power Connection Information ................................................................................................. 8-4
Power Entry Module (PEM) Replacement ............................................................................ 8-6
Airflow information .................................................................................................................. 8-6
Blade Safety instructions............................................................................................................ 8-7
Introduction ............................................................................................................................... 8-7
General information .................................................................................................................. 8-7
Preventing Electrostatic Discharge ........................................................................................... 8-8
Preventing Surge ................................................................................................................... 8-9
Board Installation ...................................................................................................................... 8-9
Laser Safety Requirements ...................................................................................................... 8-12
Laser Classification ................................................................................................................. 8-12
Laser Information.................................................................................................................... 8-12
Laser Safety Statutory Warning .............................................................................................. 8-12
Training for Laser Safety ........................................................................................................ 8-12
Laser Device Operating Precautions ....................................................................................... 8-12
Environment ............................................................................................................................ 8-13

CHAPTER 9: TECHNICAL SPECIFICATIONS ................................................ 9-1

vi NetEnforcer AC-5000 Hardware Guide

Table of Figures

Figure ‎2-1: AC-5040 Front View ................................................................................................ 2-1

Figure ‎2-2: AC-5040 Front Panel LEDs ...................................................................................... 2-1
Figure ‎2-3: Multi-Port Copper Bypass Unit ................................................................................. 2-3
Figure ‎2-4: Multi-Port Fiber Bypass Unit .................................................................................... 2-3
Figure ‎3-1: AC-5100 Front View ................................................................................................ 3-1
Figure ‎3-2: CC-220 Front Panel LEDs ........................................................................................ 3-1
Figure ‎3-3: Single Fiber Bypass Unit ........................................................................................... 3-3
Figure ‎4-1: Empty Front View of the NetEnforcer AC-5000 Chassis ........................................ 4-2
Figure ‎4-2: Empty Rear View of the NetEnforcer AC-5000 Chassis ......................................... 4-2
Figure ‎4-3: Air Filter ................................................................................................................... 4-3
Figure ‎4-4: Fan/Filter Assembly ................................................................................................. 4-3
Figure ‎4-5: Fan Assembly ........................................................................................................... 4-4
Figure ‎4-6: AC Power Supply Unit ............................................................................................. 4-6
Figure ‎4-7: PEM DC Power Unit ................................................................................................ 4-7
Figure ‎4-8: Rear Grounding Screws............................................................................................ 4-8
Figure ‎4-9: Front ESD Socket ..................................................................................................... 4-8
Figure ‎5-1: Connecting the NetEnforcer AC-5040 to Multi-Port Bypass Unit............................ 5-1
Figure ‎5-2: Connecting NetEnforcer AC-5100 to Single Fiber Bypass Unit – Multi Mode........ 5-3

NetEnforcer AC-5000 Hardware Guide vii

 Chapter 1: Introducing the AC-5000

Overview
Built to Advanced TCA standards and based on Allot‘s leading Layer-7 deep packet
inspection (DPI) engine, the Allot NetEnforcer AC-5000 provides a solution for
network operators to manage multiple 1-Gigabit as well as 10-Gigabit links in a
compact chassis with a small footprint. With the AC-5000‘s network intelligence
capabilities, operators can monitor and control network usage, optimize service delivery
and provide an unsurpassed level of visibility.
This Hardware Guide provides technical information on the AC-5000 series chassis and
NetEnforcer AC-5040 and AC-5100 models. Technical information on the NetEnforcer
AC-5000 Chassis Backplane is also included in this Hardware Guide.
The AC-5040 series supports eight 1G interfaces and the AC-5100 supports two 10G
interfaces
NOTE Before installing or using the NetEnforcer AC-5000, please read
Chapter 7: Safety Information carefully.

Product intended only for installation in a Restricted Access Area.

Terms and Acronyms

TERM DEFINITION

ATCA Advanced Telecom Computing Architecture

Blade An assembled PCB card that plugs into a chassis. For example,
the CC blade that occupies the slots (shelves) of the
NetEnforcer AC-5000 Chassis.

Backplane Passive circuit board providing the connectors for the front
boards. Power distribution, management and auxiliary signal
connections are also supported
CC-208 NetEnforcer AC-5000 Core Controller Blade used in the AC-
5040 with 8x1G network ports.
CC-220 NetEnforcer AC-5000 Core Controller Blade with 2x10G
network ports, used in the AC-5100.

CDM Chassis Data Module

NetEnforcer AC-5000 Hardware Guide 1-1

 TERM DEFINITION

Chassis The enclosure containing subrack, Backplane, boards (blades

and/or cards), cooling devices, PEMs. See also Shelf

DIMM Dual Inline Memory Module

ESD Electrostatic Discharge

Fabric Board A board capable of moving packet data between Node Boards
via the ports of the backplane. This is sometimes referred to as
a switch.

FRU Field Replaceable Unit

I 2C Inter-Integrated Circuit. A two-wire interface commonly used

to carry management data.
Node slot A slot supporting port connections to/from one or more Fabric
(Slot) slots. A Node slot is intended to accept a Node Board.
PCB Printed Circuit Board
PEM Power Entry Module
SBC Single Board Computer.
Shelf See Chassis
VRTN Voltage Return

1-2 NetEnforcer AC-5000 Hardware Guide

 Chapter 2: AC-5040 Hardware

Figure 2-1: AC-5040 Front View

The AC-5040 features 8x1G interfaces (4x1G links in the CC-208 blade). The unit is
available with Copper or Fiber (SX or LX) interfaces and AC or DC power modules.

AC-5040 Front Panel Controls and

Connectors
The AC-5040 front panel controls are as follows:

Internal/External Links Backup

Standby LED Active LED Power LED Hot Swap LED Reset Button

Figure 2-2: AC-5040 Front Panel LEDs

NetEnforcer AC-5000 Hardware Guide 2-1

 Front Panel LEDS Description
 Active LED On indicates the AC-5040 is in Active mode while the Active LED
Off indicates that the AC-5040 is in Bypass mode.
 Power On LED indicates that the CC is powered Up while the Power LED Off
indicates that the CC is shut down.
 Standby LED is for future use.
 HOT SWAP LED is OFF indicates that the blade is functioning. When this
HOT SWAP LED is blinking blue, it indicates that the shut down process from
the system is in progress. Once the HOT SWAP LED light is solid blue it
indicates that you can remove the blade from the chassis.
 Internal/External Link LEDS include a LINK (a solid light indicating the link
is connected) and ACT (reserved for future use, not currently enabled) for each
connector.

Front Panel Connectors

 Internal/External Link connects to the Bypass.
 Console port (Micro DB9 connector). The RS232 is implemented as a Micro
DB9 connection.
 MGMT 1 is the System Ethernet management port (RJ-45 connectors) and
should only be used for chassis maintenance. This port allows connections to
external management devices (RJ-45 connectors). The controller auto negotiates
the connections to 10BASE-T, 100BASE-T, or 1000BASE-T.
 MGMT 2 is not used at this time.
 RESERVED ports are not used at this time.
 Backup connects to the Primary connection on the Bypass unit.
CAUTION RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT
TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE
INSTRUCTIONS

Bypass Units
The AC-5000 series operates with an external Bypass Unit. The Bypass Unit is a
mission-critical subsystem designed to ensure network connectivity at all times. The
Bypass mechanism provides "connectivity insurance" in the event of a NetEnforcer
subsystems failure.

2-2 NetEnforcer AC-5000 Hardware Guide

 Chapter 2: AC-5040 Hardware

The NetEnforcer is supplied with an appropriate Bypass Unit. The AC-5040 operates
with a Multi-port Copper or Fiber Bypass.
CAUTION A NetEnforcer AC-5000 unit must be connected to the appropriate
Bypass Unit. This is to ensure continuous service in the event of
failure.
A separate NetEnforcer Bypass package is included with your AC-5040 series
shipment.

AC-5040 Bypass Units

Multi-Port Copper Bypass Unit
The Multi-port Copper Bypass Unit works in conjunction with the NetEnforcer AC-
5040 Copper.

Figure 2-3: Multi-Port Copper Bypass Unit

Multi-Port Fiber Bypass Unit

The Multi-Port Fiber Bypass Unit works in conjunction with the NetEnforcer AC-5040
Fiber.

Figure 2-4: Multi-Port Fiber Bypass Unit

NOTE Use 62.5/125 or 9/125 fiber optic cables with duplex SC connectors
(not provided) to connect ports of the switch and the router.

The Multi-Port Fiber Bypass Unit includes connectors for connecting to Link 1 through
Link 4 on the AC-5040. In addition, the Multi-Port Fiber Bypass Unit includes two D-
type 9-pin connectors for primary and redundant unit to backup connection.

NetEnforcer AC-5000 Hardware Guide 2-3

 Chapter 3: AC-5100 Hardware

Figure 3-1: AC-5100 Front View

The AC-5100 features 2x10G interfaces (1x10G link in the CC-220 blade). The unit is
available with Fiber (SR or LR) interfaces and AC or DC power modules.

AC-5100 Front Panel Controls and

Connectors
The AC-5100 front panel controls are as follows:

System
Internal/External Links Backup
Management Port

Standby LED Active LED Power LED Hot Swap LED Reset Button

Figure 3-2: CC-220 Front Panel LEDs

NetEnforcer AC-5000 Hardware Guide 3-1

 AC-5100 Front Panel LEDS Description
 Active LED On indicates the AC-5100 is in Active mode while the Active LED
Off indicates that the AC-5100 is in Bypass mode.
 Power On LED indicates that the AC-5100 is powered Up while the Power LED
Off indicates that the AC-5100 is shut down.
 Standby LED is for future use.
 HOT SWAP LED is OFF indicates that the blade is functioning. When this
HOT SWAP LED is blinking blue, it indicates that the shut down process from
the system is in progress. Once the HOT SWAP LED light is solid blue it
indicates that you can remove the blade from the chassis.
 Internal/External Link LEDS include a LINK (a solid light indicating the link
is connected) and ACT (reserved for future use, not currently enabled) for each
connector.

AC-5100 Front Panel Connectors

 Internal/External Link connects to the Bypass unit.
 Console port (Micro DB9 connector). The RS232 is implemented as a Micro
DB9 connection.
 MGMT 1 is the System Ethernet management port (RJ-45 connectors) and
should only be used for chassis maintenance. This port allows connections to
external management devices (RJ-45 connectors). The controller auto negotiates
the connections to 10BASE-T, 100BASE-T, or 1000BASE-T.
 MGMT 2 is not used at this time.
 RESERVED ports are not used at this time.
 Backup connects to the Primary connection on the Bypass unit.
CAUTION RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT
TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE
INSTRUCTIONS

Bypass Unit
The AC-5000 series operates with an external Bypass Unit. The Bypass Unit is a
mission-critical subsystem designed to ensure network connectivity at all times. The
Bypass mechanism provides "connectivity insurance" in the event of a NetEnforcer
subsystems failure.
The NetEnforcer is supplied with an appropriate Bypass Unit. The AC-5100 operates
with a Single Fiber Bypass.

3-2 NetEnforcer AC-5000 Hardware Guide

 Chapter 3: AC-5100 Hardware

CAUTION A NetEnforcer AC-5000 unit must be connected to the appropriate

Bypass Unit. This is to ensure continuous service in the event of
failure.
A separate NetEnforcer Bypass package is included with your AC-5100 series
shipment.

AC-5100 Bypass Unit

Single Fiber Bypass Unit
The Single Fiber Bypass Unit works in conjunction with NetEnforcer AC-5100.

Figure 3-3: Single Fiber Bypass Unit

NOTE Use 62.5/125 or 9/125 fiber optic cables with dual LC connectors
(not provided) to connect ports of the switch and the router.

The Single Fiber Bypass Unit includes two dual LC connectors along with two D-type
9-pin connectors for primary and redundant unit to backup connection.

NetEnforcer AC-5000 Hardware Guide 3-3

 Chapter 4: AC-5000 Chassis

NetEnforcer AC-5000 Chassis Overview

The NetEnforcer AC-5000 chassis includes the following features and parameters:
 19-inch rack mount shelf — Base hardware element of the platform, which
holds all the components together.
 Card cage — Portion of the shelf that holds the modules that are plugged
into the backplane. Mechanically compliant with all aspects of PICMG 3.0.
 Backplane — Supports the CC-208 or CC-220 blade and the complementary
rear transition module (RTM). The backplane provides full-mesh Fabric
interface and direct mating to the Power Supplies.
 Power Supply (PS) – Up to two redundant, fields replaceable, 100 VAC to
240 VAC power supplies. (In AC Power Models Only)
OR
PEM – Dual redundant and hot swappable Power Entry Modules (In DC
Power Models Only).
 Fan tray — Hot-swappable, provides side to side cooling, and are designed
to provide full redundancy cooling to components on the front and rear of the
shelf.
 Air filter tray — Keeps the airflow free of dust and particles.
 Blank Panels — For air flow management.
 Shelf ID Board – Contains the shelf identification information.
 Cable Management Holders - For front cable management

NetEnforcer AC-5000 Hardware Guide 4-1

Chapter 4: AC-5000 Chassis

Chassis Hardware

Card Cage ESD Fan Tray Air Filter Tray

Grounding
Connection

AC Power AC Power Fan Control

Module A Module B Board

Figure 4-1: Empty Front View of the NetEnforcer AC-5000 Chassis

Grounding PEM B PEM A

Screws

AC Power AC Power
Inlet B Inlet A

Figure 4-2: Empty Rear View of the NetEnforcer AC-5000 Chassis

4-2 NetEnforcer AC-5000 Hardware Guide

 Chapter 4: AC-5000 Chassis

Front and Rear ESD Wrist Strap Terminals

Two ESD Wrist Strap Terminals (4 mm banana jacks) are located at the front right and
rear left of the NetEnforcer AC-5000 chassis.

Air Filter
A NEBS-GR63-compatible air filter comes installed on the NetEnforcer AC-5000
Chassis. The filter is field-serviceable and disposable.
The filter is easily accessible from front right side of the card cage. A shelf-based
micro-switch detects the installed filter and reports its presence to the Shelf Manager.

Figure 4-3: Air Filter

Fan Cooling

Figure 4-4: Fan/Filter Assembly

NetEnforcer AC-5000 Hardware Guide 4-3

Chapter 4: AC-5000 Chassis

NOTE The AC-5000 is a sophisticated system that automatically handles

temperature regulation. In case of environmental cooling failure the
system adjusts fan speed accordingly. If system temperature reaches a
critical level (above 60° C) the blades are deactivated automatically to
prevent damage and will be reactivated when the temperature decreases
to an acceptable level.

The fan tray contains four 80x80mm fans that supply air volume and velocity for
cooling the high-density/high-performance computing environment. The cooling power
of the four fans can dissipate the heat generated by up to two front boards and Asis, the ATCA
complementary RTMs. experts
More than 200W for front board and 20W for RTM, per slot is supported.
Three of the fans are dedicated to cooling the front side of the shelf, while one is shared
between the front side boards and the rear side Boards. The fan tray is designed with N
+ 1 redundancy to meet the cooling requirements of a full shelf.
In case of single fan failure, the remaining fans provide the required cooling to dissipate
the heat generated by the occupied slots. It is recommended to replace the fan tray as
soon as possible. The fan tray is factory-mounted. It is easily replaceable, and can be
replaced while the shelf is operating.

Figure 4-5: Fan Assembly

NOTE Under no circumstances should the chassis be lifted or carried by
the handle on the fan assembly.

Fan Control Board

The Fan Control Board is located above Power Module B but below the card cage. It
automatically monitors the chassis temperature and regulates it by varying the fan
speed.
The card should not be removed except for maintenance. If this card is not present the
fans will not operate.

4-4 NetEnforcer AC-5000 Hardware Guide

 Chapter 4: AC-5000 Chassis

NetEnforcer AC-5000 Chassis Backplane

The ATCA PICMG 3.0-compliant backplane provides interconnectivity between the
FRU's and card connectivity. It conforms to the PICMG 3.0 R2.0 AdvancedTCA Base
Specification. Backplane features include:
 Two slots
 Fabric interface with full mesh interconnect.
 The Fabric Interface grid consists of eight differential pairs per channel;
 The Base Interface grid consists of four differential pairs per channel.
 Dual-star Ethernet signaling environment on the Base interface
 Bussed IPMI
 Hub/Node configuration; update channel between slots 1 and 2.
 10, 100 and 1000 BASE-T dual star Base Interconnect capability.
 Update channel interfaces for active and standby synchronization, and mesh
topology handling 3.125Gbps per differential pair.
 Full compliance with AdvancedTCA™ electrical and mechanical
specifications (Basic backplane topology is ―full mesh‖.)
 Interconnect for system power for two slots.
There are no active components on the backplane, and no removable or serviceable
parts on the backplane board.
The backplane has two functionally-distinct parts: right and center left:
 Right backplane (consists of Zone 1 connectors) – dual-power connections,
which means the power connections from the Power supplies and PEMs are
independently supplied to each module plugged into the backplane. The
modules also include fuses that protect the backplane power connections
from an electrical short on a module.
 Center left backplane (consists of Zone 2 connectors) – connectivity for the
Base, Fabric, and update-channel interface. This portion supports a full-mesh
topology for both the Base and the Fabric interfaces.

NetEnforcer AC-5000 Hardware Guide 4-5

Chapter 4: AC-5000 Chassis

NetEnforcer AC-5000 Power Supply

This section provides information on connecting and grounding the power supplies of the
NetEnforcer AC-5000 Chassis. The NetEnforcer AC-5000 is available in either AC or DC
configurations.
NOTE At no time should AC Power Supplies and DC PEMs be installed in the
chassis simultaneously.

AC Power Connection
The field replaceable and hot swappable 100 VAC to 240 VAC power supplies provide
AC power to the shelf.
NOTE AC Power Supply units should be removed for maintenance purposes
only.

Figure 4-6: AC Power Supply Unit

The NetEnforcer AC-5000 Chassis is equipped with two AC power inlets which are
located in the rear for redundancy.
NOTE AC Power Supply units are only provided with AC models.

Each AC power supply is capable of supplying 1200w. One power supply is fully
capable of supplying the power consumed by a fully occupied shelf. The use of the
second power supply is for cases where redundancy is needed.
The power supplies are located in the lower part of the shelf. Each power supply has its
own front-back independent cooling. In order to comply with NEBS GR63 Core the
power supplies have separate removable air filters.
The AC inlet connectors are located on the rear of the shelf.

4-6 NetEnforcer AC-5000 Hardware Guide

 Chapter 4: AC-5000 Chassis

DC Power Connection
Two field replaceable -48/-60 VDC PEMs provide DC power to the shelf.

Figure 4-7: PEM DC Power Unit

NOTE PEMs are only provided with DC models.

The NetEnforcer AC-5000 Chassis is equipped with connectors for two redundant - hot
swappable and field replaceable PEMs.
NOTE DC PEMs should be removed for maintenance purposes only.

Both PEMs are located on the lower rear of the shelf, fitting directly into to the
backplane
One set of AWG10-12 cable is used to power each PEM. The DC connectors are
located on the PEMs on the rear of the chassis, a negative connector on the right and a
positive on the left.
In order to enable full redundancy, each set of cables should lead from a different power
source.
NOTE After the cables are connected, the clear plastic cover must be
replaced over the connectors for safety reasons.

Once the power is connected, switch on the breaker located to the left of the connectors.
The power lines must be protected on rack level with a dual pole 20A external breaker
when using DC power.

NetEnforcer AC-5000 Hardware Guide 4-7

Chapter 4: AC-5000 Chassis

Shelf Ground Connection

Connect rear grounding screws on the rear left side to insure that the shelf is properly
grounded.

Asis, the ATCA

experts
Figure 4-8: Rear Grounding Screws

One ESD grounding socket can be found on the front of the shelf.

Figure 4-9: Front ESD Socket

WARNING Before powering-up the NetEnforcer AC-5000, make sure that the
Shelf Grounding screws are connected to Protective Earth (PE) of
the building.

Any person involved in handling the shelf or card installation or

replacement is required to wear an ESD grounding device.

4-8 NetEnforcer AC-5000 Hardware Guide

 Chapter 5: Connectivity and
Configuration

Connecting the AC-5040

AC-5040 Fiber
The following procedure describes how to connect a Multi-Port Fiber Bypass Unit to
the Core Controller Blade of the NetEnforcer AC-5040.

Figure 5-1: Connecting the NetEnforcer AC-5040 to Multi-Port Bypass Unit

NOTE The total distance of the link between the External and Internal is
defined by the interface type. The maximum range remains the same
despite the presence of the NetEnforcer. For example if a 1000BaseT
interface is used, the total allowed distance between the router and
the switch is still limited to 100 meters, despite the inclusion of the
NetEnforcer.

To connect the Multi-Port Fiber Bypass to the NetEnforcer:

1. Connect the fiber cable to the port labeled To NetEnforcer
External (Link 1) from the Bypass Unit to the External port on the
Core Controller Blade (Link 1).
2. Connect the fiber cable labeled To NetEnforcer Internal (Link 1)
from the Bypass Unit to the Internal port on the Core Controller
Blade (Link 1).
NetEnforcer AC-5000 Hardware Guide 5-1
Chapter 5: Connectivity and Configuration

3. Connect a 62.5/125 or 9/125 External fiber optic cable from the

External port on the Bypass Unit to a router.
4. Connect a 62.5/125 or 9/125 Internal fiber optic cable from the
Internal port on the Bypass Unit to a switch.
5. Repeats Steps 1 to 4 for Link 2-4.
6. Connect the D-type High Density connector from the Primary port
on the Bypass Unit, to the Backup port on the CC Blade.

AC-5040 Copper
The following procedure describes how to connect the Multi-Port Copper Bypass Unit
to the Core Controller Blade of the NetEnforcer AC-5040.
NOTE The total distance of the link between the External and Internal is
defined by the interface type. The maximum range remains the same
despite the presence of the NetEnforcer. For example if a 1000BaseT
interface is used, the total allowed distance between the router and
the switch is still limited to 100 meters, despite the inclusion of the
NetEnforcer.

To connect the Multi-Port Copper Bypass Unit to the NetEnforcer AC-

5040:
1. Connect the External cable from the To NetEnforcer External port
(Link 1) on the Bypass Unit to the External port on the Core
Controller Blade (Link 1).
2. Connect the Internal cable from the To NetEnforcer Internal port
(Link 1) on the Bypass Unit to the Internal port on the Core
Controller Blade (Link 1).
3. Connect the External cable from the External port on the Bypass
Unit to a router.
4. Connect the Internal cable from the Internal port on the Bypass
Unit, to a switch.
5. Repeats Steps 1 to 4 for Link 2 to 4.
6. Connect the D-type High Density connector from the Primary port
on the Bypass Unit to the Backup port on Core Controller blade.

5-2 NetEnforcer AC-5000 Hardware Guide

 Chapter 5: Connectivity and Configuration

Connecting the AC-5100

Single Fiber Bypass Unit
The Single Fiber Bypass Unit works in conjunction with NetEnforcer AC-5100. The
following procedure describes how to connect a Single Fiber Bypass Unit to a
NetEnforcer.

Figure 5-2: Connecting NetEnforcer AC-5100 to Single Fiber Bypass Unit – Multi
Mode
NOTE The total distance of the link between the External and Internal is
defined by the interface type. The maximum range remains the same
despite the presence of the NetEnforcer. For example if a 1000BaseT
interface is used, the total allowed distance between the router and
the switch is still limited to 100 meters, despite the inclusion of the
NetEnforcer.

NetEnforcer AC-5000 Hardware Guide 5-3

Chapter 5: Connectivity and Configuration

To connect the Single Fiber Bypass to NetEnforcer:

1. Connect the fiber cable labeled External from the Bypass Unit, to
the External port on the Core Controller Blade.
2. Connect the fiber cable labeled Internal from the Bypass Unit, to
the Internal port on the Core Controller Blade.
3. Connect the D-type connector from the Primary port on the
Bypass Unit, to the Backup port on the Core Controller Blade.
4. Connect a 62.5/125 or 9/125 External fiber optic cable from the
External port on the Bypass Unit, to a router.
5. Connect a 62.5/125 or 9/125 Internal fiber optic cable from the
Internal port on the Bypass Unit, to a switch.

5-4 NetEnforcer AC-5000 Hardware Guide

 Chapter 5: Connectivity and Configuration

Configuring the AC-5000

You can use a standard terminal /PC running terminal emulation software connected to
the Console port on the Core Controller card to configure a NetEnforcer AC-5000‘s IP
addresses. Most standard windows-based PC systems have a terminal emulation
program called HyperTerminal that can be used for this purpose. Configure the terminal
to run VT100 terminal emulation with the following parameters:
 Baud rate 19200
 Data: 8 bits
 No parity
 Stop bits 1
 No flow control

To connect a terminal to the NetEnforcer:

1. Use the supplied serial cable to connect the terminal to the
Console Connector on the front panel of the Core Controller card
located in slot 2/3.
2. Power up the AC-5000.
3. At the terminal, select Start > Programs > Accessories and click
on the HyperTerminal icon. Enter a name for the session and
then to set the com port and the parameters (see previous). The
system boots up and you are prompted for a login and a password.
4. Enter sysadmin for the login and sysadmin for the password.
5. Use the go config ips command to configure the IP address,
gateway IP, DNS and NTP servers for the AC-5000.
Command: go config ips
Usage: go config ips <-OPTION> <VALUE>...
Options:
-h Hostname set host name of NE
-d Domain set domain name of NE
-g <type:ip> set gateway IP address
-dns <dns1:dns2>|none set DNS IP addresses
-ts <ntp1:ntp2:ntp3>|none set NTP time server IP addresses
-ip <type:ip:mask[:vlan]> set IP/netmask/VLAN ID of interface

NetEnforcer AC-5000 Hardware Guide 5-5

Chapter 5: Connectivity and Configuration

Examples:

To set the IP address of the AC-5000:

sysadmin@host-prc:~#: go config ips -ip <NE IP ADDRESS> :<SUBNET MASK>

To set the gateway IP:

sysadmin@host-prc:~$ go config ips -g <GATEWAY IP ADDRESS>

To set the DNS server:

sysadmin@host-prc:~$ go config ips -dns <DNS IP ADDRESS>

To set the NTP server:

sysadmin@host-prc:~$ go config ips -ts <NTP IP ADDRESS>

5-6 NetEnforcer AC-5000 Hardware Guide

 Chapter 6: Command Line Interface

Chassis CLI
The following CLI (Command Line Interface) commands can be used to troubleshoot
the AOS based NetEnforcer. To access the CLI commands, open an SSH session to the
NetEnforcer and login using: user: sysadmin password: sysadmin.
Each of the commands in the table below has several possible options. In the table
below, for each command we give examples of the most common options together with
the command syntax.
NOTE Specific parameters for each command may be found by using the HELP
function after logging into the system via SSH or by entering the command
without flags or parameters. Follow the onscreen instructions.

COMMAND FLAG ENABLES YOU TO

acmon <none> Display total throughput of the system
-l <LINE> Monitor a specific line rate
-p <PIPE> Monitor a specific Pipe rate
-v <VC> Monitor a specific VC rate
-d Monitor packet distribution
-a Monitor detailed asymmetric traffic stats
-y Monitor total asymmetric traffic stats
-c Run acmon limited count number
-r Monitor octet rx
-t <SECONDS> Set the time to wait between samples in
seconds
ac_reboot <none> Reboot the system
acstat <none> Display the number of open connections.
-l <LIST_TYPE> List session/vc/pipe
-l <PIPE> Display specific pipe connections
-l <VC> Display specific VC connections
-l <LINE> Display specific line connections

NetEnforcer AC-5000 Hardware Guide 6-1

Chapter 6: Command Line Interface

COMMAND FLAG ENABLES YOU TO

-c Display connection establishment rate
-e Display Service name and connection flag
-t Display TCP connections
-u Display UDP connections
-n Display non IP connections
-i Display all connections
-f Display extended view
-x Display internal/external
-m <NUMBER Display up to NUMBER of sessions
-N Don't resolve names
-b Dump binary data to file
-r Display number of active rules.
actype <none> View software version
boxkey <none> View the box key. The box key should be
sent to Allot in order to purchase a system
activation key.
dsAdmin <NONE> View total number of hosts
–v View all hosts (Host ID, service group, IP).
-i <IP> Show IP data
-o <HOST> Show host data
-g <GROUP> Show all hosts in group.
go add line Add a line to the system.
pipe Add a Pipe to the system.
vc Add a VC to the system.
prule Add a rule to a Pipe on the system.
vcrule Add a rule to a VC on the system.
service_entry Add a Service Catalog entry on the system.

6-2 NetEnforcer AC-5000 Hardware Guide

 Chapter 6: Command Line Interface

COMMAND FLAG ENABLES YOU TO

service_gr_entry Add a Service Group Catalog entry on the
system.
time_entry Add a Time Catalog entry on the system.
tos_entry Add a ToS Catalog entry on the system.
qos_entry Add a QoS Catalog entry on the system.
dos_entry Add a DoS Catalog entry on the system.
host_entry Add a Host Catalog entry on the system.
host_gr_entry Add a Host Group Catalog entry on the
system.
vlan_entry Add a VLAN Catalog entry on the system.
go delete line Delete a line from the system.
pipe Delete a Pipe from the system.
vc Delete a VC from the system.
prule Delete a rule from a Pipe on the system.
vcrule Delete a rule from a VC on the system.
service_entry Delete a Service Catalog entry from the
system.
service_gr_entry Delete a Service Group Catalog entry from
the system.
time_entry Delete a Time Catalog entry from the
system.
tos_entry Delete a ToS Catalog entry from the system.
qos_entry Delete a QoS Catalog entry from the
system.
dos_entry Delete a DoS Catalog entry from the
system.
host_entry Delete a Host Catalog entry from the
system.
host_gr_entry Delete a Host Group Catalog entry from the
system.

NetEnforcer AC-5000 Hardware Guide 6-3

Chapter 6: Command Line Interface

COMMAND FLAG ENABLES YOU TO

vlan_entry Delete a VLAN Catalog entry from the
system.
go change line Change a line on the system.
pipe Change a Pipe on the system.
vc Change a VC on the system.
prule Change a rule to a Pipe on the system.
vcrule Change a rule to a VC on the system.
service_entry Change a Service Catalog entry on the
system.
service_gr_entry Change a Service Group Catalog entry on
the system.
time_entry Change a Time Catalog entry on the system.
tos_entry Change a ToS Catalog entry on the system.
qos_entry Change a QoS Catalog entry on the system.
dos_entry Change a DoS Catalog entry on the system.
host_entry Change a Host Catalog entry on the system.
host_gr_entry Change a Host Group Catalog entry on the
system.
vlan_entry Change a VLAN Catalog entry on the
system.
go rename line Rename a line on the system.
pipe Rename a Pipe on the system.
vc Rename a VC on the system.
service_entry Rename a Service Catalog entry on the
system.
service_gr_entry Rename a Service Group Catalog entry on
the system.
time_entry Rename a Time Catalog entry on the
system.
tos_entry Rename a ToS Catalog entry on the system.

6-4 NetEnforcer AC-5000 Hardware Guide

 Chapter 6: Command Line Interface

COMMAND FLAG ENABLES YOU TO

qos_entry Rename a QoS Catalog entry on the system.
dos_entry Rename a DoS Catalog entry on the system.
host_entry Rename a Host Catalog entry on the system.
host_gr_entry Rename a Host Group Catalog entry on the
system.
vlan_entry Rename a VLAN Catalog entry on the
system.
go list lines List the Lines on the system.
linedata <LINE_NAME> List the traffic details on a specific Line.
pipes List the Pipes on the system.
pipedata <PIPE_NAME> List the traffic details on a specific Pipe.
vc List the configuration details of a specific
<VC_NAME:PIPE_NAME: Virtual Channel on the system.
LINE_NAME>
vlan_entry List the entries in the VLAN Catalog,
service_entry List the entries in the Service Catalog.
time_entry List the entries in the Time Catalog.
tos_entry List the entries in the ToS Catalog.
qos_entry List the entries in the QoS Catalog.
host_entry List the entries in the Host Catalog.
dos_entry List the entries in the DoS Catalog.
host_gr_entry List the Host Groups in the Host Catalog.
service_gr_entry List the Service Groups in the Service
Catalog.
appl_entry Lists the applications or content entries in
the Service catalog.
go config ips Configure the IP Addresses.
key Enter the product key for the device.
network Configure the network parameters.

NetEnforcer AC-5000 Hardware Guide 6-5

Chapter 6: Command Line Interface

COMMAND FLAG ENABLES YOU TO

network –bypass_unit Enable the bypass unit. To be used if the
enable bypass unit has been previously disabled.
network –bypass_unit Disable the bypass unit. To be used only if
disable you wish to use the product without a
bypass unit.
network -dev_mode Set the NetEnforcer to Bypass Mode.
system:bypass
network –dev_mode Move the NetEnforcer into active mode,
dev_num:mode bypass mode or reboot
 dev_num = slot number or ‗system‘
 mode = active, bypass, reboot
nic Configure the NIC speeds and modes.
access_control Designate who may access the device.
time Set the time on the device for syncing
purposes.
view Display all information concerning the
configuration.
security Configure the security parameters.
data_collect Configure the data collection parameters.
snmp Configure the SNMP settings.
device_bw_limits Configure the bandwidth of the device.
password_security Configure the password security settings
(e.g: expiration days, warning days, length,
character enforcement etc)
snapshot <none> Create a snapshot of the status & logs of all
blades

6-6 NetEnforcer AC-5000 Hardware Guide

 Chapter 6: Command Line Interface

Examples

COMMAND OUTPUT
---------------------------
Protocol type Connections
acstat ---------------------------
TCP : 183077
Displays the UDP : 128685
connection anyIP : 23674
nonIP : 5
allocation ---------------------------
summary TOTAL : 335441

acstat –i ------------------------------------------------------------------------------------------

Protocol Client Server VC

Displays all current
connections ------------------------------------------------------------------------------------------

HTTP :IP:6 [Link]:80 [Link]:80 Fallback_Jumbo_Http_TrafficLin

HTTP :IP:6 [Link]:80 [Link]:80 Fallback_Jumbo_Http_TrafficLin

QNext :IP:17 [Link]:1024 [Link]:5237 1062782_VCSP1_SMP_TrafficLine

HTTP :IP:6 [Link]:80 [Link]:80 Fallback_Jumbo_Http_TrafficLin

QNext :IP:17 [Link]:1024 [Link]:5237 1072695_vcsp2_a_SMP_TrafficLin

acstat –if –m 20 sysadmin@AC5k:/opt/allot/logs$ acstat -if -m 20

---------------------------------------------------------------------------------------------
Displays an extended ----------------------------------------------
view of all
connections, but limits Protocol Client Server VC State
AppId ConFl DpiInf AuthSt TTL
the number of
displayed lines to the ---------------------------------------------------------------------------------------------
first 20. ---------------------------------------

HTTP :IP:6 [Link]:80 [Link]:80 Fallback_Jumbo_Http_Traff

WIRE4EVER 0 RAW 1e808000 0 4294967196

HTTP :IP:6 [Link]:80 [Link]:80 Fallback_Jumbo_Http_Traff

WIRE4EVER 0 RAW 1e808000 0 4294967284

HTTP :IP:6 [Link]:80 [Link]:80 Fallback_Jumbo_Http_Traff

WIRE4EVER 0 RAW 1e808000 0 4294967212

HTTP :IP:6 [Link]:80 [Link]:80 Fallback_Jumbo_Http_Traff

WIRE4EVER 0 RAW 1e808000 0 32

NetEnforcer AC-5000 Hardware Guide 6-7

Chapter 6: Command Line Interface

COMMAND OUTPUT

acstat –l pipe or sysadmin@AC5k:/opt/allot/logs$ acstat -l pipe

acstat –l vc
---------------------------------------------------------------------------------------------
---------------

Rule QID Rule name Live connections Accepted conn Drop connections
This command can be
used to show the QID ---------------------------------------------------------------------------------------------
of a Pipe/VC. The 1.1.0 1 1 0
QID is used in other
commands to identify 52.20.0 14606 14606 0
the details of a certain
52.21.0 25619 25619 0
Pipe/VC.
55.10.0 64 64 0

52.25.0 1800000 1800000 0

--------------------------------------------------------------------------------------------------------------
acstat -l Protocol Client Server State VC Client Timeout Vlan
4.1357254463.1.0 Location ID
--------------------------------------------------------------------------------------------------------------
–f IP:TCP [Link]:54322 [Link]:80 WIRE4EVER Fallback_80.230.15.63_Test-T 1 0 0
IP:TCP [Link]:62020 [Link]:80 WIRE4EVER Fallback_80.230.15.63_Test-T 1 0 0
Displays an extended IP:TCP [Link]:3728 [Link]:1214 WIRE4EVER Fallback_80.230.15.63_Test-T 0 0 0
IP:UDP [Link]:32769 [Link]:137 QUEUE Fallback_80.230.15.63_Test-T 0 0 0
view of the
connections to a
specific VC
ac-pri:~# acstat -iN |less
----------------------------------------------------------------------------------
acstat –iN Protocol Client Server VC
----------------------------------------------------------------------------------
Shows output without 0 [Link]:9903 [Link]:80 [Link]
resolving VC names 23a [Link]:27848 [Link]:80 [Link]
0 [Link]:27936 [Link]:25 [Link]
23a [Link]:24352 [Link]:80 [Link]
23a [Link]:28207 [Link]:80 [Link]
23a [Link]:10084 [Link]:80 [Link]
23a [Link]:29178 [Link]:80 [Link]
23a [Link]:21320 [Link]:80 [Link]
23a [Link]:17716 [Link]:80 [Link]
23a [Link]:30926 [Link]:80 [Link]
23a [Link]:15784 [Link]:80 [Link]
23a [Link]:7349 [Link]:80 [Link]

DPIC:~# acstat -ifx

ConFl(=Connection Flags): [flags:flags2]
acstat –ifx - The x ---------------------------------------------------------------------------------------------
shows -----------------------------
internal/external NP Service Internal External VC State Vlanb Cl-IF
ConFl
instead of ---------------------------------------------------------------------------------------------
client/server -----------------------------
0 Other UD:IP:17 [Link]:208 [Link]:184 Other UDP_Fallback WIRE4EVER 7d0 0
205 raw
AC:~# acstat -ifx 0 Other UD:IP:17 [Link]:23 [Link]:50 Other UDP_Fallback WIRE4EVER 7d0 1
|less 201 raw
0 Other TC:IP:6 [Link]:203 [Link]:184 Other TCP_Fallback WIRE4EVER 7d1 0
204 raw
0 Other UD:IP:17 [Link]:224 [Link]:184 Other UDP_Fallback WIRE4EVER 7d0 0
205 raw
0 Other UD:IP:17 [Link]:23 [Link]:59 Other UDP_Fallback WIRE4EVER 7d0 1
201 raw
0 Other UD:IP:17 [Link]:23 [Link]:57 Other UDP_Fallback WIRE4EVER 7d0 1
201 raw
0 Other TC:IP:6 [Link]:194 [Link]:184 Other TCP_Fallback WIRE4EVER 7d1 0
204 raw

6-8 NetEnforcer AC-5000 Hardware Guide

 Chapter 7: Asymmetric Traffic
In some network topologies the traffic flows of a single connection can take different
paths in the upstream and the downstream directions. This can lead to a situation where
one NetEnforcer on the network sees one flow of the connection while another
NetEnforcer that is located remotely sees the complementary flow of the same
connection. Since DPI should inspect both flows of the connection, this may lead to
reduced accuracy when identifying the applications running in the network.
Asymmetric Traffic is designed to significantly increase DPI accuracy by allowing
NetEnforcer devices to share information concerning connections. This will ensure that
two different flows may be identified as part of the same connection, even when their
traffic is handled by different NetEnforcers. Ideally, using Asymmetric Traffic should
provide the same percentage of DPI accuracy with remotely located NetEnforcers as is
found when a single NetEnforcer sees both sides of the connection.

Figure 7-1: Asymmetric Traffic – Network Diagram

Guidelines
Asymmetric Traffic information is synched between all devices that belong to the same
Asymmetric Device Group (ADG) which is configured via NetXplorer using the
NetXplorer GUI. All devices in an ADG must be assigned to the same NetXplorer
installation and each NetXplorer may support up to eight ADGs.
An ADG can include co-located devices (e.g. NE1 & NE2, NE3 & NE4) and remotely
located devices (devices in POP1 and devices in POP2). Co-located devices are
connected with intra-site asymmetric control link. This link passes control information
between the co-located devices to sync the DPI information while remotely located
devices are connected over an L2/L3 network.

NetEnforcer AC-5000 Hardware Guide 7-1

Chapter 7: Asymmetric Traffic

Each ADG may be configured with up to eight devices and has a group ID of 0 through
7. Each device configured to an ADG has a local ID of 0 through 7. Therefore a
NetEnforcer may have a local ID of 1 in ADG 0.

Asymmetric Configuration
Configuring asymmetric traffic is performed from the NetXplorer User Interface. Full
instructions on how to configure asymmetric traffic can be found in the NetXplorer
Operation Guide Chapter 3.
The following steps must be taken in order to configure Asymmetric Traffic;

To configure Asymmetric Traffic :

1. Define an Asymmetric Device Group (ADG). See the NetXplorer
Operation Guide for details.
2. Assign up to eight devices to the ADG. This will automatically
define a local ID for each device you add. See the NetXplorer
Operation Guide for details.
3. Create a VLAN ID for each point to point link in each direction. A
mesh configuration is required between all devices.
4. Open the Configuration screen for the selected NetEnforcer and
click on the NIC tab. On the AC-5040, Asymmetry must be
selected in the Usage field for Internal #2. See the NetXplorer
Operation Guide for details.
NOTE The physical port that is used for Asymmetry is the third port from
the left on the front panel of the device.

5. Verify that this has been configured correctly by using the

NetXplorer GUI or the following CLI commands:
go config view asymmetry
go config view asymmetry_remote_device

7-2 NetEnforcer AC-5000 Hardware Guide

 Chapter 8: Safety Information

General
NOTE Before installing or using the NetEnforcer AC-5000, please read all
Safety Information carefully.

Product intended only for installation in a Restricted Access Area.

CAUTION
Indicate potential damage to hardware and tells you how to avoid the
problem.

WARNING
Indicates potential for bodily harm and tells you how to avoid the
problem.

Danger of electrostatic discharge

The Shelf contains static sensitive devices. To prevent static damage
wear an ESD wrist strap.

CAUTION RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT

TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE
INSTRUCTIONS

Regulatory Compliance Statements

This section provides the FCC compliance statement for Class A devices and describes how to
keep the system CE compliant.
FCC Compliance Statement for Class A Devices
This equipment has been tested and found to comply with the limits for a Class A digital device,
pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection
against harmful interference when the equipment is operated in a commercial environment. This
equipment generates, uses, and can radiate radio frequency energy and, if not installed and used
in accordance with the instruction manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely to cause harmful
interference in which case the user will be required to correct the interference at his own
expense.

NetEnforcer AC-5000 Hardware Guide 8-1

Chapter 8: Safety Information

WARNING
This is a Class A product. If not installed in a properly shielded
enclosure and used in accordance with this User’s Guide, this product
may cause radio interference in which case users may need to take
additional measures at their own expense.

Chassis Safety
Unpacking
CAUTION
To minimize any possibility of physical damage to equipment, ensure
that floor space at the installation site is neat and uncluttered. Ensure
that a mechanical lift can be maneuver in the area to lift the Shelf from
the shipping pallet.

WARNING
All poly strap-shipping bands that secure the Shelf packaging are
stretched tight and are under tension. Wear eye protection to prevent
possible eye injury when cutting the strap, as the strap tension is
released, and strap ends recoil outward.

Follow these recommendations while unpacking:

 After the equipment arrives at the installation site, carefully inspect each carton for signs
of shipping damage. If the package is damaged, document the damage with photographs
and contact the transport carrier immediately.

CAUTION
Always cut any shrink wrapping material away from the packing
carton; do not physically pull and tear the fabric. Physically pulling
the shrink wrapping from the shipping carton without cutting it first
may create an electrostatic charge that could damage electronic
equipment.

 Remove all items from the box. If any items listed on the purchase order are missing,
notify Allot customer service immediately.
 Inspect the product for damage. If there is damage, notify Allot customer service
immediately.

8-2 NetEnforcer AC-5000 Hardware Guide

 Chapter 8: Safety Information

 Save the box and packing material for possible future shipment.

Installation
This unit may be intended for stationary rack mounting. Mount in a rack designed to meet the
physical strength requirements of NEBS GR-63-CORE and NEBS GR 487.

IMPORTANT
Before installing the Rack Mount Kit, ensure there will be
adequate vertical space to install the Shelf in addition to other
equipment installed.

 Keep tools and chassis components off the floor and away from foot traffic.
 Clear the area of possible hazards, such as moist floors, ungrounded power extension
cables, and missing safety grounds.
 Keep the area around the chassis free from dust and foreign conductive material.

Rack mounting information

CAUTION
Do NOT move the Shelf by yourself. Due to the height and weight
of the Shelf, at least two persons are needed to accomplish this
task. We recommend to use a mechanical lift or remove all hot-
swappable equipment for weight reduction.
CAUTION
Mount your system in a way that ensures even loading of the rack.
Uneven weight distribution can result in a hazardous condition.
Secure all mounting bolts when rack mounting the enclosure.

CAUTION
Do NOT stack the Shelf on top of any other equipment. If the Shelf
falls, it can cause severe bodily injury and damage the equipment.

CAUTION
Do NOT use the fan tray and PEM handlers or cable trays as lifting
points.

 Ensure that the rack is constructed to support the weight and dimensions of the Shelf.
 Install any stabilizers or shelf to the rack before mounting or servicing the system in the
rack.

NetEnforcer AC-5000 Hardware Guide 8-3

Chapter 8: Safety Information

 Load the rack from the bottom to the top, with the heaviest system at the bottom, avoid
uneven mechanical loading of the rack.
 We recommend to use also the Shelf’s additional fixing point to secure the Shelf in the
rack.

Power Connection Information

 In AC installations, the system relies on the protective devices in the building installation
for protection against short-circuit, overcurrent, and earth (grounding) fault. Ensure that
the protective devices in the building installation are properly rated to protect the system,
and the power lines have to be protected on rack level with dual pole 20A breakers when
using DC power.
 The Shelf can be powered using a regular telecommunication power supply of
-48/-60VDC with a VDC return. The specified voltage range is from -40.5 VDC to -72
VDC. The Shelf supports redundant power supplies but the two supplies should be
independently powered.
 The Shelf must be properly grounded via the Shelf Ground Terminal. The ATCA Shelf
provides a Shelf Ground Terminal at the left rear bottom side. The Shelf Ground
Terminal provides two M6 bolts to connect a double-lug Shelf ground terminal cable.
 The following are the recommended minimum specifications for input power and return
cables:
• DC Cable:
2
— Diameter of 6 mm respective, AWG10-12.
— Maximum length of power, return and grounding cables: 2.5 to 3.0m.
— Suitable for 30A at 50oC ambient temperature.
• Required Terminals: Use ring terminals for screw M3.5. Maximum outside diameter is
9.5 mm.
• AC Cable:
-- The attachment plug of a cord shall not be rated less than 125% of the rated current of
the equipment.
-- For North American power connection, select a power supply cord that is UL Listed and
CSA Certified 3 - conductor, [18 AWG], terminated in a molded on plug cap rated 125
V, [15 A], with a minimum length of 1.5m [six feet] but no longer than 4.5m...For
European connection, select a power supply cord that is internationally harmonized
and marked "<HAR>", 3 - conductor, 0,75 mm2 minimum mm2 wire, rated 300 V, with
a PVC insulated jacket. The cord must have a molded on plug cap rated 250 V, 10 A.
WARNING
Protective ground must be connected to the Shelf before connecting
any external power. This is a high voltage hazard if not connected.

8-4 NetEnforcer AC-5000 Hardware Guide

 Chapter 8: Safety Information

WARNING
Before working ensure that the power is removed from the power
connection cables. When the system is powered on, do NOT touch the
power terminals!

WARNING
Avoid electric overload. To avoid electrical hazard, do not make
connections to terminals outside the specified voltage range for that
Shelf.

WARNING
Depending on the particular chassis design, operations with open
equipment enclosures can expose the installer to hazardous voltages
with a consequent danger of electric shock.
Ensure that line power to the equipment is disconnected during
operations that make high voltage conductors accessible.

WARNING
Verify power cord and outlet compatibility: Use the appropriate power
cords for your power outlet configurations.

WARNING
Warning: Avoid electric overload, heat, shock, or fire hazard: Only
connect the system to a to a properly rated supply circuit as specified
in the product user manual. Do not make connections to terminals
outside the range specified for that terminal. See the product user
manual for correct connections.

CAUTION
All input power and return wiring should be specified, configure, and
installed by a qualified electrician in order to prevent damage to the
equipment.
The wiring should be limited to recommendation in order to prevent
damage to the shelf.

WARNING
Ensure that each power domain supply circuit breaker is switched OFF
while completing the power connection procedure. Failure to comply

NetEnforcer AC-5000 Hardware Guide 8-5

Chapter 8: Safety Information

can result in personal injury.

NOTE In a typical telecommunications environment, the VRTN path of the -48/-60 VDC supply is
grounded to protective earth (PE) of the building.

Power Entry Module (PEM) Replacement

WARNING
Before removing the PEM, insure that the relevant PEM is
OFF.

WARNING
Before removing a PEM, make sure that the Power Segments
of the other PEM are fully functional.

• To maintain proper airflow, do not leave a PEM slot open.

WARNING
The intra-building port(s) of the equipment or subassembly is
suitable for connection to intrabuilding or unexposed wiring or
cabling only. The intra-building port(s) of the equipment or
subassembly MUST NOT be metallically connected to interfaces
that connect to the OSP or its wiring. These interfaces are
designed for use as intra-building interfaces only (Type 2 or
Type 4 ports as described in GR-1089-CORE, Issue 4) and
require isolation from the exposed OSP cabling. The addition of
Primary Protectors is not sufficient protection in order to connect
these interfaces metallically to OSP wiring.

Airflow information
• Install the system in an open rack whenever possible. If installation in an enclosed rack is
unavoidable, ensure that the rack has adequate ventilation.
• Maintain ambient airflow to ensure normal operation. If the airflow is blocked or restricted,
or if the intake air is too warm, an over temperature condition can occur.
• Ensure that cables from other equipment do not obstruct the airflow through the shelf.

CAUTION
Ensure that filler panels are installed in all empty blade cage slots,
front and rear. Missing filler panels or other openings in the Shelf
chassis may cause equipment damage due to cooling fan airflow
disruption. This is an equipment-overheating hazard.

8-6 NetEnforcer AC-5000 Hardware Guide

 Chapter 8: Safety Information

Blade Safety instructions

Introduction
Safety instructions - Before You Begin
Before handling the board, read the instructions and safety guidelines on Appendix A pages to
prevent damage to the product and to ensure your own personal safety. Refer to the "Advisories"
section in the Preface for advisory conventions used in this user's guide, including the distinction
between Warnings, Cautions, Important Notes, and Notes.
CAUTION
Do not attempt to service the system yourself, except as
explained in this user’s guide. Follow installation and
troubleshooting instructions closely.

General information
• Always use caution when handling/operating the NetEnforcer. Only qualified,
experienced, authorized electronics service personnel should access the interior of the
NetEnforcer. The power supplies produce high voltages and energy hazards, which can
cause bodily harm.
• Use extreme caution when installing or removing components. Refer to the installation
instructions in this user's guide for precautions and procedures. If you have any
questions, please contact Allot Technical Support.
• The blade handles are mechanically sensitive components and can easily be destroyed
when not used properly.
WARNING
High voltages are present inside the chassis when the unit's power
cord is plugged into an electrical outlet. Turn off system power, turn off
the power supply, and then disconnect the power cord from its source
before removing the chassis cover. Turning off the system power
switch does not remove power to components.

WARNING
This product may contain CLASS 1 LASER PRODUCT

CAUTION
In case the O Ring diodes of the blade fail, the blade may trigger a
short circuit between input line A and input line B so that line A
remains powered even if it is disconnected from the power supply
circuit (and vice versa). To avoid damage or injuries, always check
that there is no more voltage on the line that has been disconnected

NetEnforcer AC-5000 Hardware Guide 8-7

Chapter 8: Safety Information

before continuing your work.

• Do not expose this device to rain or other moisture.

CAUTION
High humidity and condensation on the blade surface causes short
circuits. Do not operate the blade outside the specified environmental
limits. Make sure the blade is completely dry and there is no moisture
on any surface before applying power. Do not operate the blade below
0°C.

• External airflow must be provided at all times during operation to avoid damaging the
CPU. It is recommends the use of a fan tray above / below the card rack to supply the
external airflow. Unused slots should be covered with blank filler panels to maintain
airflow past the board.
CAUTION
Operating the blade without forced air cooling may lead to blade
overheating and thus blade damage.

Preventing Electrostatic Discharge

WARNING
This product contains static-sensitive components and should be
handled with care. Failure to employ adequate anti-static measures
can cause irreparable damage to components.

Static electricity can harm system boards. Perform service at an ESD workstation and follow
proper ESD procedure to reduce the risk of damage to components. Allot Communication
strongly encourages you to follow proper ESD procedure, which can include wrist straps and
smocks, when servicing equipment. Take the following steps to prevent damage from
electrostatic discharge (ESD):
• When unpacking a static-sensitive component from its shipping carton, do not remove the
component’s antistatic packing material until you are ready to install the component in the
ATCA Chassis. Just before unwrapping the antistatic packaging, be sure you are at an
ESD workstation or grounded. This will discharge any static electricity that may have built
up in your body.
• When transporting a sensitive component, first place it in an antistatic container or
packaging.

8-8 NetEnforcer AC-5000 Hardware Guide

 Chapter 8: Safety Information

• Handle all sensitive components at an ESD workstation. If possible, use antistatic floor
pads and workbench pads.
• Handle components and boards with care. Do not touch the components or contacts on a
board. Hold a board by its edges or by its metal mounting bracket.
• Do not handle or store system boards near strong electrostatic, electromagnetic,
magnetic, or radioactive fields.

WARNING
Because static electricity can cause damage to electronic
devices, take the following precautions:
Keep the board in its anti-static package, until you are ready to
install memory.
Wear a grounding wrist strap before removing the board from its
package; this will discharge any static electricity that may have
built up in your body.
Handle the board by the faceplate or its edges
Never remove any of the socketed parts except at a static-free
workstation.

Preventing Surge

WARNING
This product is design to meet Intra building surge signals, other
location are required additional protective elements to needed to
be add.

Board Installation
Because of the high-density pinout of the hard-metric connector, some precautions must be taken
when connecting or disconnecting a board to/from a backplane:
• Do not force the board if there is mechanical resistance while inserting the board.
• Screw the front plate to the enclosure to firmly attach the board to its enclosure.
• Use extractor handles to disconnect and extract the board from its enclosure.
CAUTION
Always use a grounding wrist wrap before installing or removing
the board from a chassis.

NetEnforcer AC-5000 Hardware Guide 8-9

Chapter 8: Safety Information

CAUTION
Pull the lower ejector for Hot-swap mechanism activation
Removing the Blades prematurely can lead to device corruption
or failure.

CAUTION
Removing the backing plate can damage the components on the
board and may void the warranty.
No user-serviceable parts are available under the PCB. Do not
remove the face plate/backing plate.

• This board must be protected from static discharge and physical shock. Wear a grounded
wrist strap when servicing system components.
• Supplied control cables are shielded.
• If other source is been, use for management cable, shielded model should be use.
WARNING
The intra-building port(s) of the equipment or subassembly is
suitable for connection to intrabuilding or unexposed wiring or
cabling only. The intra-building port(s) of the equipment or
subassembly MUST NOT be metallically connected to interfaces
that connect to the OSP or its wiring. These interfaces are
designed for use as intra-building interfaces only (Type 2 or
Type 4 ports as described in GR-1089-CORE, Issue 4) and
require isolation from the exposed OSP cabling. The addition of
Primary Protectors is not sufficient protection in order to connect
these interfaces metallically to OSP wiring.

WARNING
Wrong battery installation may result in hazardous explosion
and blade damage. Therefore, always use the same type of
Lithium battery as is installed and make sure the battery is
installed as described in user manuals.

CAUTION
The CC contains a lithium battery. There is a danger of
explosion if the battery is incorrectly replaced or handled. Do not
disassemble or recharge the battery. Do not dispose of the
battery in fire. When the battery is replaced, the same type or an
equivalent type recommended by the manufacturer must be
used. Used batteries must be disposed of according to the

8-10 NetEnforcer AC-5000 Hardware Guide

 Chapter 8: Safety Information

manufacturer's instructions. It is advised that the board be

returned to DTI for battery service.

WARNING
Danger of explosion if battery is incorrectly replaced. Replace only with
the same or equivalent type recommended by the manufacturer.
Dispose of used batteries, following manufacturer’s instructions.

• The CC is supplied with management and console cables that are shielded.
• If other source is used for management cable, shielded model should be use.

NetEnforcer AC-5000 Hardware Guide 8-11

Chapter 8: Safety Information

Laser Safety Requirements

Laser Classification
Allot Equipment and components equipped with laser devices described in this manual
comply with the International Electrotechnical Commission (IEC) safety standards,
including IEC 60825-1 and IEC 60825-2 - Safety of Laser Products.
All the SFP and XFP modules that are used in the equipments are Class 1 Laser
Products.
As long as the Equipment is operated in accordance with the applicable safety
instructions, the Hazard Level in Equipment access locations is inherently Class 1.

Laser Information
See the NetEnforcer System Specifications for information regarding the laser
transmitters of the various optical cards available for the NetEnforcer platforms.

Laser Safety Statutory Warning

All personnel involved in Equipment installation, operation, and maintenance must be
aware that laser radiation is invisible. Therefore, although protective devices generally
prevent direct exposure to the beam, personnel must strictly observe the
applicable safety precautions and, in particular, must avoid staring into optical
connectors, either directly or using optical instruments.
Remember that observing safety precautions is not a matter of personal choice:
ignoring safety puts all the people within line of sight in danger!

Training for Laser Safety

Personnel must be trained for safety before being authorized to operate, install, and/or
maintain laser products. The IEC 60825 standards require organizations to appoint a
laser safety officer who is responsible for training personnel, establishing safe
operational procedures, and supervising the implementation of these procedures during
routine work.
Untrained personnel must not be allowed to operate, install, and/or maintain laser
products.

Laser Device Operating Precautions

In addition to the general precautions described in this section, be sure to observe the
following warning when operating a product equipped with a laser device. Failure to
observe this warning could result in bodily injury and damage to equipment.

8-12 NetEnforcer AC-5000 Hardware Guide

 Chapter 8: Safety Information

Warning: Invisible laser radiation may be emitted from the aperture of optical
ports when no fiber cable is connected. Avoid exposure and do not stare into
open apertures.
Advarsel: Der kan forekomme usynlige laserstråler fra de optiske portes
åbninger, når der ikke er tilsluttet et lyslederkabel. Undgå at blive udsat for disse
stråler, og kig ikke ind i åbninger.
Waarschuwing: Er kan onzichtbare laserstraling uit de opening van de optische
poorten komen wanneer er geen fiberkabel is aangesloten. Vermijd blootstelling
aan straling en kijk niet in de openingen.
Varoitus: Optisten porttien aukoista saattaa säteillä näkymätöntä lasersäteilyä
silloin, kun niissä ei ole kuitukaapeleita kiinni. Vältä altistumista ja älä tuijota näihin
avoimiin aukkoihin.
Attention: Un rayonnement laser invisible peut être émis à partir de l'ouverture
des ports optiques lorsque aucun câble à fibres optiques n'est connecté. Évitez
de vous y exposer et ne fixez pas les ouvertures.
Warnung: Wenn kein Faserkabel angeschlossen ist, können aus der Öffnung der
optischen Anschlüsse Laserstrahlen austreten. Vermeiden Sie Bestrahlungen und
schauen Sie nicht in diese Öffnungen.
Avvertenza: Le aperture delle porte ottiche possono emettere radiazioni laser
invisibili quando i cavi in fibra non sono collegati. Evitare lunghe esposizioni
davanti alle aperture.
Aviso: Podem ser emitidas radiações invisíveis de laser a partir das aberturas
das portas ópticas se não estiver ligado qualquer cabo de fibra óptica. Evitar a
exposição e não olhar directamente pelas aberturas aparentes.
Advertencia: Es posible que la radiación láser invisible se emita desde la
apertura de puertos ópticos cuando no haya ningún cable de fibra conectado.
Evite la exposición y no mire fijamente a las aberturas.
Varning: Osynlig laserstrålning kan spridas från öppningen på optiska portar om
ingen fiberoptikkabel är ansluten. Undvik exponering och stirra inte in i
öppningarna.

Environment
• Always dispose of used batteries and/or old blades according to your country’s
legislation, if possible in an environmentally acceptable way.

NetEnforcer AC-5000 Hardware Guide 8-13

 Chapter 9: Technical Specifications
AC-5040 AC-5100
CAPACITY
Throughput 8 Gbps (4 Gbps, Full 15 Gbps (7.5 Gbps, Full Duplex)
Duplex)
Number of Connections/Flows 5,000,000 / 10,000,000
Number of Subscribers 400,000
INTERFACES AND CONNECTIONS
Management Interface 2 x 10/100/1000BASE-T
Network Interfaces (Internal / External) 8 x 1000BASE- 2 x 10 Gigabit Ethernet SR/LR
T/SX/LX
Console Port Serial, RJ-45 Connector
NETWORKING STANDARDS
Traffic Encapsulation L2TP, MPLS, Cisco ISL, QinQ (stacked VLANs), PPPoE,
GRE
IPv6 Ready
PRODUCT OPTIONS
Monitoring Yes
QoS Enforcement Levels 2 and 4 Gbps (Full 2 and 5 Gbps (Full Duplex)
Duplex)
Policy Levels (Lines/Pipes/VCs) 256 / 100,000 / 200,000
High Availability Bypass
NetXplorer Reporter Real-time/Long-term
MANAGEMENT
NetXplorer Centralized Management Yes
DIMENSIONS
Size Standard 3U by 19" rack mount; HxWxD – 133.35mm x
448mm x 413.4mm
Weight 17 kg
Bypass Unit External, 1U, 19" rack mount
POWER
Input DC Nominal -48 / -60 VDC; Range 40.5 – 72 VDC, 13A Max
Number of DC PSUs 2
DC PSU Redundancy 1+1
DC Max Power Consumption 520W
DC Heat Dissipation 1,775 BTU/hour
Input AC 100 – 240 VAC, 8A Max
Number of AC PSUs 2
AC PSU Redundancy 1+1
AC Max Power Consumption 653W
AC Heat Dissipation 2,230 BTU/hour

NetEnforcer AC-5000 Hardware Guide 9-1

Chapter 9: Technical Specifications

ENVIRONMENT
Operating 23 to 131°F (-5 t o 55°C)
Temperature
Operating 41 to 104°F (5 to 40°C)
Temperature; short
term with fan failure
Storage Temperature -38 to 150°F (-40 to 70°C)
Storage relative 5 to 95% relative humidity (RH)
humidity
Operating humidity, 5 to 85% RH
nominal
Operating humidity, 5 to 90% RH
short term
Operating humidity, -60 to 4000m
altitude
SAFETY AND CERTIFICATIONS
Safety UL 60950-1:2003
EN 60950-1:2006
CAN/CSA-C22.2 No. 60950-1-03
EMC European Directives 2004/108/EC & LVD 73/23/ EEC
EN 55022: 2006
EN 55024: 1998 + A1: 2001 + A2: 2003
EN 300 386 V1.3.3:2005
FCC CFR 47 Part 15B
Industry Canada ICES-003 Issue 4
VCCI Technical Requirements V-3/2001.04
Australia ACMA, AS/NZS CISPR22:2006
Emission FCC, CE, ETSI, VCCI-Class A
AdvancedTCA PICMG 3.0 Rev 2.0

9-2 NetEnforcer AC-5000 Hardware Guide