Net Optics Smart Filtering Appliance User's Manual
Contents
1. XX XX XX GE CK GE CK PE OK K SE CE XX CE CK CE CK K K K K CE K CE CE CK KK KK CE CE K K XX XX KK KK CE K CE CE CE KKK KKK Login user Figure 11 CLI sign on banner Connect the remote CLI Interface If you choose to run the CLI remotely connect a network cable from a switch to the Management port on the back of the Director chassis Use any computer with an SSH client to access the CLI over the network PuTTY is a freeware SSH client for Windows that can be downloaded from many sites on the Internet To connect the CLI for remote use over the Management port 1 Connect the Director Management port to a network switch using a network cable 2 Open Direct the default IP address is 10 60 4 180 and the SSH port is 22 from an SSH client on the network Director displays the shell login prompt login as Figure 12 Shell login prompt 3 Enter customer to log into the shell The shell asks for the password login as shellusername customer 10 60 4 180 s password Figure 13 Shell login 15 Confidential DO NOT Distribute o 2 1hDOptics P Director 4 Enter netoptics as the password For security the password is not displayed as you type it The Director CLI runs and the CLI sign on banner and login prompt are displayed login as customer customer 10 60 4 8 S password Last login Thu Sep 4 09 40 31 2008 from 10 30 1 62 XX XX XXX K SE K C2. amp n1 5 ip_src 192 186 10 0 ip proto TCP Protocol Monitor Port 2 m 1 m 2 TCP n1 5 ip src 192 186 10 0 no match n1 5 ip _proto TCP m 2 192 186 10 0 Monitor Port 1 no match Protocol TCP filter add in_ports n1 5 ip_src 192 186 10 0 ip_proto 6 action redir redir_ports m 1 m 2 filter add in_ports n1 5 ip_src 192 186 10 0 action redir redir_ports m 1 filter add in_ports n1 5 ip_proto 6 action redir redir_ports m 2 Figure 37 Correct way to send all TCP traffic to Monitor Port 2 Now packets that match both the IP address and protocol conditions will be copied to both Monitor ports while packets that match only one of the conditions will be directed to the desired Monitor port 34 Confidential DO NOT Distribute o 2 ThDOptics Director Note Instead of filter add you can use a filter ins command to define filters The only difference is that filter ins allows you to specify the filter s ID which is its position in the pending filter list Use filter list so see the IDs of all pending filters When you use a filter ins command the first parameter must be id lt id gt where lt id gt is a decimal number in the range I to 999 For example filter ins id 2 in_ports n1 1 out_ports m 1 defines a filter that sends all the traffic from Network Port I to Monitor Port 1 and places this filter in the second location in the pending filter list The filter del command can be used to del
3. 129 ___ 135 Mobility Header in IP Unassigned Use for experimentation and testing Use for experimentation and testing 5 Reserved 51 Confidential DO NOT Distribute oJ TDOptics Director Limitations on Warranty and Liability Net Optics offers a limited warranty for all its products INNO EVENT SHALL NET OPTICS INC BE LIABLE FOR ANY DAMAGES INCURRED BY THE USE OF THE PRODUCTS INCLUDING BOTH HARDWARE AND SOFTWARE DE SCRIBED IN THIS MANUAL OR BY ANY DEFECT OR INACCURACY IN THIS MANUAL ITSELF THIS INCLUDES BUT IS NOT LIMITED TO LOST PROFITS LOST SAVINGS AND ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING FROM THE USE OR INABILITY TO USE THIS PRODUCT even if Net Optics has been advised of the possibility of such damages Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages so the above limitation or exclusion may not apply to you Net Optics Inc warrants this Tap to be in good working order for a period of ONE YEAR from the date of purchase from Net Optics or an authorized Net Optics reseller Should the unit fail anytime during the said ONE YEAR period Net Optics will at its discretion repair or replace the product This warranty is limited to defects in workmanship and materials and does not cover damage from accident disaster misuse abuse or unauthorized modifications If you have a problem and r
4. S TR dr Switch Purple arrows show traffic flow in one direction Monitoring tools Figure 4 iBypass Switch method for 10 Gigabit in line network connection In this case traffic flows from the router into the iBypass Switch down to the Director through Director back up to the iBypass Switch and finally to the switch It also travels in the opposite direction If power is removed from Direc tor or from the iBypass Switch the iBypass Switch fails open creating a passive connection that keeps traffic flowing between the router and the switch External Network Tap method Another method for creating a fail safe passive in line 10 Gigabit network connection with Director is to use an external network Tap as shown in the following diagram 10 Gbps LC Fiber Tap c OO Switch Director Monitoring tools Figure 5 External Tap method for 10 Gigabit in line network connection In this case traffic flows from the router through the external Tap to the switch The Tap is totally passive with no power needed for its operation Optical splitters send a portion of the link light to the Director for monitoring The Tap produces two half duplex data streams so both of Director s 10 Gigabit ports are used to monitor full duplex traffic A 10 GigaBit Port Aggregator can be used instead of a Tap to send the full duplex link traffic to a single Director 10 Gigabit port assuming the aggregated full dupl
5. 35 Confidential DO NOT Distribute o 2 1hDOptics Director Understand pending and active filters To understand the actions of filter commands such as filter commit filter discard and filter delete it is helpful to visualize the pending filter list and the CAM that holds the active filters The previous section explained how the active filters are stored in a CAM which can be thought of as list of active filters These filters which are actively running in the device may be referred to as active running or committed Pending filters that is filters that have been defined using filter add and filter ins commands but not yet committed are kept in a pending filter list that shadows the CAM These filters may be referred to as pending or uncommitted The following table shows which filter commands affect the pending filter list and which affect the CAM Commands apply to Pending filter list CAM filter add commit filter del filter clear filter discard filter commit filter ins filter running filter list filter sync As can be seen from the table most of the time you work with the contents of the pending filter list When you have the filters set up the way you want them in the pending filter list a commit or filter commit command transfers the contents of the pending filter list to the CAM activating that filter set up A common workflow for changing the Director filter configuration might be as fol
6. Copy traffic from any Network port to any Monitor port Aggregate traffic from any set of Network ports to any Monitor port Regenerate traffic from any aggregated set of Network ports to any set of Monitor ports Create filters Create complex filters e View filters Work with configurable 10 Gigabit ports e Understand filter interactions For a complete listing of filter commands in the CLI see Appendix B Syntax In the CLI Director ports are specified by alpha numeric names as follows e nl 1l nl 2 n1 3 nl 12 Network ports in the first DNM the slot on the left for in line DNM models port nl 1 n1 2 are an in line link pair so are n1 3 n1 4 and so on e n2 1 n2 2 n2 3 n2 12 Network ports in the second DNM the slot on the right for in line DNM models port n2 1 n2 2 are an in line link pair so are n2 3 n2 4 and so on e m l m 2 m3 m 10 Monitor ports e t 1 t2 Configurable 10 Gigabit ports on the front panel Most commands accept lists of ports In port lists port names are separated by commas and a dash desig nates a range Do not include any space characters in the list do not put a space after the comma For example nl l nl 2 nl 3 nl 4 nl 5 nl I0 is a list that includes Network Ports 1 through 10 on DNM 1 25 Confidential DO NOT Distribute o 2 ThDOptics Director When you define a filter you specify and action to be taken when the filter con
7. Figure 15 Logging into the CLI 16 Confidential DO NOT Distribute o 2 A 3iOptics Configure Director using the CLI You should be logged into the Director CLI The factory set default values for Director are Username admin Password netoptics IP Address 10 60 4 180 address for remote CLI and for Compass manager software when available Netmask 255 0 0 0 associated with IP Address Manager IP Address 192 168 1 2 address for SNMP traps Gateway IP Address 10 0 0 1 associated with Manager IP Address Display ON Management Port ON The following default parameters apply to all ports when available Enable ON Threshold 50 Link Fault Detection ON applies to 10 100 1000 in line Network ports only A complete list of CLI commands can be viewed by typing Help at the CLI prompt It is also provided in Appendix B You will now use the CLI to Change the login User Name and Password Assign a new IP Address Netmask and Gateway IP Addresses Assign new remote manager IP Address Change port modes Set the date and time Save and load Director configurations Try out the CLI Help command Your CLI screen should be displaying the Net Optics prompt as shown here Net Optics gt If you do not see the Net Optics gt prompt try typing Help followed by the Enter key If the prompt is still not dis played repeat the instructions in the preceding section Connect the local CLI Interf
8. afajOptics User Guide as DIRECTOR Smart Filtering Appliance iai iei ras Analyzer 2 Forensic B ii BE RMON 1 Doc PUBDIRU Rev 2 9 08 Confidential DO NOT Distribute PLEASE READ THESE LEGAL NOTICES CAREFULLY By using a Net Optics Director device you agree to the terms and conditions of usage set forth by Net Optics Inc No licenses express or implied are granted with respect to any of the technology described in this manual Net Optics retains all intellectual property rights associated with the technology described in this manual This manual is intended to assist with installing Net Optics products into your network Trademarks and Copyrights 2008 by Net Optics Inc Net Optics is a registered trademark of Net Optics Inc Director is a trademark of Net Optics Inc Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged Additional Information Net Optics Inc reserves the right to make changes in specifications and other information contained in this document without prior notice Every effort has been made to ensure that the information in this document is accurate N A iOptics Director Contents Chapter 1 luigi pag em A DES NOD MEMNREERRETOETISSSITIOT TT Ati D LO TITIO 2 DOME Cte IC e
9. Any person is authorized to store documentation on a single computer for personal use only and that the documentation contains Net Optics copyright notice 52 Confidential DO NOT Distribute www netoptics com 2008 by Net Optics Inc All Rights Reserved
10. Inter Domain Policy Routing Protocol T MERIT Internodal Protocol OD ER OD O X 37 38 Datagram Delivery Protocol TP IDPR IDPR Control Message CMTP Transport Proto IL P P Transport Protocol IL Transport Protocol SDRP Source Demand Routing Protocol IPv6 Routing Header for IPv6 Route IPv6 Frag Fragment Header for IPv6 Inter Domain Routing Pro tocol RSVP Reservation Protocol General Routing Encapsula tion Dynamic Source Routing Protocol 44 BA co O Encap Security Payload A Authentication Header I NLSP Integrated Net Layer Security TUBA SWIPE IP with Encryption NARP NBMA Address Resolution Protocol C O iN OI GRE DSR BNA ESP H 52 53 54 Confidential DO NOT Distribute oJ vf 4Optics Cum Keyword Proso 56 TLSP Transport Layer Security Protocol using Kryptonet key management 58 IPv6 ICMP for IPv6 ICMP 59 IPv6 No Next Header for IPv6 NoNxt 60 reve onss Destination Options for ve Da most internal protocot Ce __ anylocainewore 64 SAT SATNET and Backroom EXPAK EXPAK 65 KRYPTO Kryptolan LAN RVD MIT Remote Virtual Disk Protocol Tse __ any istrbuted fe system _ as _ SAENON SATNET Montong 72 CPNX Computer Protocol Network Executive 73 CPHB Computer Protocol Heart Beat Packet Video Protocol 76 BR SAT Backroom SATNET Monitor MON ing 77 SUN ND SUN ND PROTOCOL Te
11. Matrix switch connections Aggregate Traffic From Any Set of Network Ports to Any Monitor Port Director can be used like a Port Aggregator or a Link Aggregator copying traffic from multiple Network ports to any Monitor port The filter add command is again used to do this The only difference from using the command to connect a single Network port to a single Monitor port is that a list of Network ports is specified To copy aggregated traffic from Network Port 1 and Network Port 2 to Monitor Port 3 1 Enter filter add in_ports n1 1 n1 2 action redir redir_ports m 3 The aggregation connection is pending 2 Enter filter commit The aggregation connection activated Note that in this example Network Port 1 and Network Port 2 may be Span ports or they can be a paired in line network link The Network port list in the filter add command always applies to the traffic received at the port not the traffic transmitted out the port Therefore if Network Port 1 and Network Port 2 are an in line link then Director has been configured to act as a Port Aggregator combining the traffic from both directions on the in line link and copying it to the Monitor port 26 Confidential DO NOT Distribute TNDOptics Director Network Port 1 4 gt Monitor Port 3 Network Port 2 _ filter add in_ports n1 1 n1 2 action redir redir_ports m 3 Figure 23 Traffic aggregation Regenerate Traffic to Any Set of Monitor Ports Di
12. Source IP Protocol 192 186 10 0 TCP Network Port 5 Monitor Port 1 filter add in_ports n1 5 ip_src 192 186 10 0 ip_proto 6 action redir redir_ports m 1 Figure 28 Logical AND filter connection A logical OR connection can be made between filters by specifying multiple filters with the same Network and Monitor port lists To select all packets which are either TCP or UDP protocol 1 Enter filter add in_ports n1 5 ip_proto 6 action redir redir_ports m 1 A filter has been defined to select all IPv4 TCP packets from Network Port 5 and copy them to Monitor Port 1 2 Enter filter add in_ports n1 5 ip_proto 17 action redir redir_ports m 1 Another filter has been defined to select all IPv4 UDP packets from Network Port 5 and copy them to Monitor Port 1 3 Enter filter commit The filters are activated 29 Confidential DO NOT Distribute o 2 1DOptics Director Protocol TCP Network Port 5 4 Monitor Port 1 Protocol UDP filter add in_ports n1 5 ip proto 6 action redir redir_ports m 1 filter add in_ports n1 5 ip proto 17 action redir redir_ports m 1 Figure 29 Logical OR filter connection View filters To view a list of all pending filters enter filter list To view the active filters enter filter running Net Optics filter list 001 ip src 00000000 ffffffff ip dst 00000000 ffffffff ip proto 0000 14 src port 0080 14 dst port 0000 vlan 0000 action 3 in po
13. They can be configured for the same or different functions Traffic from multiple 1 Gigabit Network or Span ports can be aggregated to a 10 Gigabit Monitor port Conversely traffic from a 10 Gigabit Network or Span port can be dis aggregated to multiple 1 Gigabit Monitor ports through appropriate filtering For example traffic from different IP address ranges could be directed to separate Monitor ports Expandable An additional two 10 Gigabit ports on the rear of the unit enable daisy chaining up to ten Director chassis to expand the number of available ports for a total of 380 ports in a fully expanded system when available Monitor port based filtering Director avoids the confusion of pre filtering versus post filtering by strictly tying filtering to the Monitor ports Each Monitor port can be configured to have traffic from any number of Network or Span ports directed to it and each Monitor port applies up to 30 protocol address and utilization based filters to the traffic 1 Confidential DO NOT Distribute o 2 ha a3iOptics Key Features Ease of Use Tap aggregation regeneration matrix switch and filter functions in a single device e 19 inch rack frame 1U high e Front mounted connectors for quick and easy installation LED indicators show Power Link and Activity status Modular design for configuration flexibility e RMON statistics including network utilization thresholds and fi
14. DO NOT Distribute md 1DOptics Director Appendix B Command Line Interface Tip The command line interface CLI is not case sensitive Port numbering Network ports are numbered Ns p where e sis the DNM module 1 or 2 1 is on the left 2 is on the right pis the port number within the DNM 1 through 12 for example n2 1 and n2 12 are the lowest and highest port numbers in the second DNM Monitor ports are numbered m 1 through m 10 Configurable 10 Gigabit ports are numbered t 1 and t 2 aportlist is a list of ports separated by commas dashes may be used to specify ranges for example nl 1 nl 2 n1 3 and n1 1 n1 3 mean the same thing NOTE Do not include any space characters in the list do not put a space after the comma A string is a string of characters up to 32 characters in length not case sensitive valid characters are A Z a z 1 9 _ Parameters marked with an asterisk are required and must be the first parameter in the parameter list for the command Other parameters are optional and may be included in any order Sub Command EE and description 4 a number E ue a command from the CLI command history buffer see history command commit commit Activates pending changes previously defined using filter commands same as a filter commit command date date date 06 24 2008 Parameters date is mm dd yyyy Sets the system calendar date if date is omitted the current date
15. Network Port 3 Network Port 4 Network Port 11 XFP Port 2 filter add in portszn1 1 n1 4 action redir redir ports t 1 filter add in portszn1 11 action redir redir ports t 2 Figure 32 Configurable 10 Gigabit XFP ports used as Monitor ports with aggregation To use one XFP port as a Span port and the other XFP port as a Monitor port 1 Enter filter add in ports t 1 ip proto 6 action redir redir_ports m 1 A filter has been defined to select all IPv4 TCP packets from 10 Gigabit Port 1 and copy them to Monitor Port 1 10 Gigabit XFP Port 1 is configured as a Span port 2 Enter filter add in ports n1 11 action redir redir ports t 2 A filter has been defined to copy all the traffic from 1 Gigabit Network Port 11 to 10 Gigabit Port 2 10 Gigabit XFP Port 2 is configured as a Monitor port 3 Enter filter commit The filters are activated XFP Port 1 a L Monitor Port 1 Network Port 11 XFP Port 2 filter add in ports t 1 ip proto 6 action redir redir_ports m 1 filter add in portszn1 11 action redir redir ports t 2 Figure 33 Configurable 10 Gigabit XFP ports used one Span port and one Monitor port 32 Confidential DO NOT Distribute o 2 1hDOptics Director Understand filter interactions It is important to understand that Director uses Content Addressable Memory CAM technology to implement filters As each filter is defi
16. Port 3 and copy them to Monitor Port 6 and Monitor Port 8 Protocols are designated by an industry standard numbering system See Appendix C for details 2 Enter filter commit The filter is activated Biotecala Monitor Port 6 Net kPort3 etwork Por TCP Monitor Port 8 filter add in portszn1 3 ip4_prot 3 action redir redir_ports m 6 m 8 Figure 27 Simple IPv4 protocol filter with regeneration Available filter parameters are listed in Appendix B and include ip src IP source address ip src mask IP destination address mask 28 Confidential DO NOT Distribute o 2 1DOptics P Director ip dst IP destination address ip dst mask IP source address mask ip proto IP protocol e 14 src port Layer 4 source port e 14 dst port Layer 4 destination port e vlan VLAN number Create Complex Filters Multiple filter parameters can be specified in a single filter add command Packets must satisfy all of the filter parameters to be selected in other words the filter parameters have a logical AND connection To select all TCP traffic arriving from IP address 192 186 10 0 1 Enter filter add in_ports n1 5 ip_src 192 186 10 0 ip_proto 6 action redir redir_ports m 1 A filter has been defined to select all IPv4 TCP packets from Network Port 5 with a source IP address of 192 186 10 0 packets matching the filter are copied to Monitor Port 1 2 Enter filter commit The filter is activated
17. SX GigaBit 850nm VCSEL supports 62 5 125um SX GigaBit 850nm VCSEL supports 50 125um LX GigaBit 1310nm laser supports 8 5 125um ZX GigaBit 1550nm laser supports 8 5 125um Safety Class 1 eye safe laser emitter type conforms to the applicable requirements per US 21 CFR J and EN 60825 1 also UL 1950 applications Environmental Operating Temperature 0 C to 55 C Storage Temperature 10 C to 70 C Relative Humidity 10 min 95 max non condensing Certifications FCC CE FCC VCCI C Tick and WEEE certified Fully RoHS compliant Available Models Models Main Chassis DIR 3400 Director Main Chassis with 10 SFP monitor ports DIR 9 Director Main Chassis with 10 SFP monitor ports 48 VDC power DIR 7400 Director Main Chassis with 10 SFP monitor ports 2 XFP LOGbE ports 2 XFP uplink ports DIR A Director Main Chassis with 10 SFP monitor ports 2 XFP 1OGbE ports 2 XFP uplink ports 48VDC power DNMs DNM 100 6 Port 10 100 1000 Copper In Line Module DNM 110 12 Port 10 100 1000 Copper Span Module DNM 200 6 Port Gigabit SX Fiber 62 5um In Line Module DNM 210 12 Port Gigabit SX Fiber 62 5um Span Module DNM 220 6 Port Gigabit SX Fiber 50um In Line Module DNM 230 12 Port Gigabit SX Fiber 50um Span Module DNM 300 6 Port Gigabit LX Fiber In Line Module DNM 310 12 Port Gigabit LX Fiber Span Module DNM 320 6 Port Gigabit ZX Fiber In Line Module DNM 330 12 Port Gigabit ZX Fiber Span Module 41 Confidential
18. filename is the name of the file to load a string do not include an extension Loads a previously saved Director configuration see save command logout Exits the CLI shell same as exit and quit module show Lists information about Director hardware modules including system serial number DNM types and XFPs DO NOT Distribute o 2 1hDOptics Director Sub Command Example and description passwd passwd Interactively changes the password of the SSH user account ping lt address gt ping 10 1 1 4 Parameters lt address gt is an IP address Pings the specified IP address to check for connectivity port ports lt portlist gt port set n1 1 n1 3 autoneg on duplex full autoneg lt on off gt Parameters duplex lt full half gt lt portllist gt is a portlist speed lt 10 100 1000 gt For other parameters select a value from the listed choices For 10 100 100 Copper interface Network and Moni tor ports enables or disables autonegotiation selects the duplex mode and sets the fixed speed 10Mbps 100Mbps or 1000Mbps if autonegotiation is off show port show Displays the current port status and settings quit quit Exits the CLI shell same as exit and logout restart restart Reboots the Director device also called warm boot similar to power cycling the device does not change the configuration parameters or filters save Save my_configuration 1 Parameters filename is the na
19. hot pluggable for easy serviceability One or both DNM slots can be populated The DNM slots are numbered 1 for the slot on the left and 2 for the slot on the right If only one slot is populated it should be slot 1 The two configurable 10 Gigabit XFP ports are shown in the first two columns and last two rows of the diagram The two dark black rows indicate that both ports are configured as Span inputs The two dimmed columns indicate that the ports can alternately be configured as Monitor ports The two ports may be configured as e Both Span Both Monitor e One Span and one Monitor USB port A USB port located on the back is reserved for future functionality Director Management Director can be configured and managed using a command line interface CLI that will be familiar to most network administrators The CLI runs locally over an RS 232 serial port or remotely over a secure SSH connection Net Optics GUI based Compass management tools which will be available soon include Web Manager A Web browser based tool to manage a single Director at a time from anywhere in the world e System Manager An SNMP platform based tool to mange all the Director and other Net Optics iTap enabled devices on your network 5 Confidential DO NOT Distribute o 2 TNIOptics P Director Typical Application The following diagram shows a typical application using Director to implement a comprehensive consolidat
20. redir redir_ports m 1 filter add in_ports n1 5 ip_proto 6 action redir redir_ports m 2 Figure 35 Incorrect flow diagram of two filters filter interaction in CAM is neglected 33 Confidential DO NOT Distribute A Ia3iOptics Have we achieved our goal of sending all the TCP traffic to Monitor Port 2 Not quite What happens when an TCP packet arrives from 192 186 10 0 It matches the filter at CAM address 1 so it is copied to Monitor Port 1 But that is all that happens it does not go to Monitor Port 2 The flow is correctly shown in the following diagram Address Filter Network Port 5 gt zoure IP Monitor Port 1 192 186 10 0 n1 5 ip_src 192 186 10 0 m 1 n1 5 ip_proto TCP m 2 i Protocol TCP Monitor Port 2 filter add in_ports n1 5 ip_src 192 186 10 0 action redir redir_ports m 1 filter add in_ports n1 5 ip proto 6 action redir redir_ports m 2 Figure 36 Correct flow diagram for two interacting filters To achieve the desired result of sending all TCP traffic to Monitor Port 2 clear the existing filters filter discard command and create three new filters by entering filter add in_ports n1 5 ip_src 192 186 10 0 ip_proto 6 action redir redir_ports m 1 m 2 filter add in_ports n1 5 ip_src 192 186 10 0 action redir redir_ports m 1 filter add in_ports n1 5 ip_proto 6 action redir redir_ports m 2 filter commit The flow diagram now looks as follows Source IP 192 186 10 0 Network Port 5
21. save the Director configuration e Enter save lt filename gt where lt filename gt is the name for this configuration The configuration is saved To load a Director configuration e Enter load lt filename gt where lt filename gt is the name of a saved configuration The configuration is loaded To view a list of all saved Director configurations e Fnter list A list of Director configurations is displayed To view a saved Director configuration e Enter show lt filename gt where lt filename gt is the name of a saved configuration The configuration is displayed 19 Confidential DO NOT Distribute ha a3iOptics Using the CLI Help Command Net Optics help 1 commit date del filter help history image list load logout module passwd ping port restart save show stats Sysip time upgrade user quit or exit Net Optics To view CLI help information Enter Help at the Net Optics prompt The list of help topics is displayed number or up down key for previous command save local config to hardware set system date delete file name set for filter command view cli usage display command history list switch image list xml file load file name logout from cm server show installed modules in the system change password for ssh user s account ping ipaddr set port command restart the whole system save file name show all files name show clear ports sta
22. 0 240VAC 0 5Amp 47 63Hz hot swappable power supplies with integrated cooling fans each supply can power the unit independently dual supplies provide redundancy to maximize uptime 48VDC models are also available 10 Confidential DO NOT Distribute o 2 1DOptics P Director Chapter 2 Installing Director This chapter describes how to install and connect Director devices The procedure for installing Director follows these basic steps Plan the installation 2 Unpack and inspect the Director device 3 Install the DNM modules 4 Install the SFP and XFP modules 5 Rack mount the Director device 6 Connect power to Director 7 Connect the command line interface CLI RS 232 DB9 port or the Management port 8 Log into the CLI 9 Configure Director parameters using the CLI 10 Connect Director to the network with Span ports and in line links 11 Connect the monitoring tools to Director 12 Configure a Matrix Switch connection in Director 13 Check the installation This chapter pertains to installing a single Director Chapter 4 addresses daisy chaining up to 10 Director chassis into a single logical system 11 Confidential DO NOT Distribute md ThDOptics ET Plan the Installation Before you begin the installation of your Director device determine the following e Name that will identify the Director device P address of the Director device or a range of IP addresses if
23. E K SK CK PE CK CK SE K CK K SK CK SE CK CK CE K K K CK K CE CK K PE K CK K CK CK PE CK K CE K CK K CK K SE K CE K K K KK Net Optics Command Line Interface CLI Copyright c 2008 by Net Optics Inc Restricted Rights Legend Use duplication or disclosure by the Government is Subject to restrictions as set forth in subparagraph Cc of the Commercial Computer Software Restricted Rights clause at FAR sec 52 227 19 and subparagraph C c C1 Cit of the Rights in Technical Data and Computer Software clause at DFARS sec 252 227 7013 Net Optics Inc 5303 Betsy Ross Drive Santa Clara California 95054 USA 1 408 737 7777 X X X X X X X X X X X X X X X XX K OK XXX K SE SK CK K SK K PE SK K SE SK CK K SK CK SE CK CK PE K CK K CK K PE K K PE K CK K CK K SE CK K PE K CK K CK K SE K K K K KKK login user Figure 14 Shell login as customer password netoptics is not displayed Log into the CLI Each Director maintains a list of accounts for users authorized for access to that particular Director The default account for new systems is User Name admin and Password netoptics To log into the CLI Enter the user name The default user name is admin The Enter Password prompt is displayed 2 Enter the password The default password is netoptics For security the password is not displayed as you type it The CLI prompt is displayed login user admin password Net Optics
24. EI ss wc dc ox e CX oo ecw sees ae ce bdo quae edo iac 9 hace ee 15 Los mite CLA ei remi cei one uei Hee ea aces Ea iPad oe Rese 2080 Sab Edd see V 16 Conmeure Director usme he lal ss os ew ke ate oe ewe ia de Dee Ewe wid ese ee EHE 0 te Rara 17 Using the CLI Command History Buffer asorta e ooi neh 808 tae owen oo ert a rendu tsk x n ease 21 Once pn Ports to Direc ion ouo yrs pois iPad qu oes bar eee viai aE eee Ce bad d i 22 Connect Director With In line Network LIES aded RGOR HEC 9 REA IA QUE pe di SES oe ee es 23 Connect Monitonn Togs t DUC CDU saam dob ai in EF ced i Tot nd ERa ek dur ene oO ee 24 Configure a Matrix Switch connection in Director 24 Check the Du SUA dll oa 2 2 2 8 2 ptores aa tp UR CROIRE dE Ru P aod Rar egli nderit aeria d Vid dre rte beads 24 Chapter 3 Configuring Filters Using the CLl creer rrr r nere eun u uana 29 SU 25 Copy Traffic From Any Network Port to Any Monitor Port 26 Aggregate Traffic From Any Set of Network Ports to Any Monitor Port 26 Regenerate Traffic to Any Set of Monitor Ports 5 seat ein oka a aa e See AR ae dca ee Bae ews ws 21 au nd Gene sede 28 Confidential DO NOT Distribute oS i iOptics Director Crede Complex FICS oi canes qae Edere m tes Nin ER dr ada Sit Aba ees ne ons eae eae ok d 29 Wie diu Me met 30 Work with co
25. Link LED for the port illuminates after a short delay to indicate that a link has been established 3 Plug another cable into the connector immediately to the right of Port Nm o It will be numbered 1 higher or Port Nm o 1 4 Plug the other end of the cable into the destination switch or router The Link LED for the port illuminates after a short delay to indicate that a link has been established If present traffic passes between the source and destination switches or routers If the traffic bandwidth is greater than about 300 Mbps the two Link LEDs blink Repeat for all desired in line network connections 23 Confidential DO NOT Distribute oJ TDOptics Director Figure 21 In line Network connections Connect Monitoring Tools to Director To connect a monitoring tool to Director simply plug the appropriate cable into the desired 1 Gigabit or 10 Gigabit Monitor port and plug the other end into the monitoring tool The Link LED for the port should illuminate after a short delay to indicate that a link has been established Repeat for all desired monitoring tool connections Note In the CLI the Monitor ports are designated using the letter M followed by a dot and then the port number For example the Monitor port on the upper left is m 1 and the Monitor port on the lower right is m 10 Configure a Matrix Switch connection in Director In order to monitor a network link Director must b
26. Link LEDs are located below the LC fiber connectors 10 Gigabit Port LEDs Each configurable 10 Gigabit port has a single LED It illuminates solid when a link is established and it flashes when traffic is passing through the port These Link LEDs are located to the left of the XFP fiber connectors Power LEDs Two LED indicators for power one for each of the redundant power supplies 9 Confidential DO NOT Distribute o 2 ThIOptics Director Director Rear Panel The features of the Director rear panel are shown in the following diagram 2 XFP Management Daisy chain Power Supply Power Supply USB Port Port 10GbE Ports Module Module RS232 Management INPUT OUTPUT ee Q y dm gt repe i SES i RS 232 Port SR LR or ER Redundant Hot swappable Fiber XFP Modules Power Supplies Figure 7 Director Rear Panel Major features of the rear panel include USB Port Reserved for future functionality e RS 232 Port DB9 serial port for the CLI e Management Port A 10 100 1000 network port for the remote management interfaces and software updates the CLI runs over an SSH connection through this port Compass management tools when available will connect through this port XFP Daisy chain 10GbE Ports Accepts SR LR and ER XFP transceiver modules for daisy chaining up to 10 chassis e Power Supply Modules Universal input 10
27. S 232 serial port 1 Connect a PC with terminal emulation software such as HyperTerminal to Director using the RS 232 DB9 cable supplied with Director ore ROHS Managemen RS232 INPUT OUTPUT dft ER m Bases g E quum Em um REGE R eode CHI XXXXXX x a Model Dual Gig Copper Port Agg Tap 48V P N PAD GCU 48V To computer with terminal emulation software Figure 10 Connecting RS 232 Cable to Director 14 Confidential DO NOT Distribute o 2 A 3iOptics 2 Launch terminal emulation software and set communication parameters to 115200 baud 8 data bits No parity 1 stop bit No flow control The Net Optics CLI banner and login prompt are displayed in the Terminal Emulation software XX XX XXX K K K XXX XXX K PE K K K KK K K K K K K K KK KK KK K K KK KK K K K KK KK KKK KKK KK Net Optics Command Line Interface CLI T Copyright c 2008 by Net Optics Inc Restricted Rights Legend Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph Cc of the Commercial Computer Software Restricted Rights clause at FAR sec 52 227 19 and subparagraph Cc C1 Cit of the Rights in Technical Data and Computer Software clause at DFARS sec 252 227 7013 Net Optics Inc 5303 Betsy Ross Drive Santa Clara California 95054 USA 1 408 737 7777
28. ace or Connect the remote CLI Interface and log in again Change Director User Name and Password It is strongly recommended that you change the User Name and Password from the defaults to provide security against unauthorized access To change the user name and password 1 Enter user mod namez new username pw lt new password gt The user name and password are changed 2 Record the new user name and password in a secure location 17 Confidential DO NOT Distribute oJ TDOptics Director Assign a New Director IP Address Netmask and Gateway IP Address If you are using the local RS 232 serial interface to access the CLI then you need to configure the IP Address that Compass management software when available will use to communicate with Director If Director must communicate through a Gateway to reach the network then set the Gateway IP Address for that Gateway If you are running the CLI remotely you can change the IP Address but when you do you will lose your SSH connection since it is talking to the old IP Address In that case initiate a new SSH session to the new IP address and you can continue using the CLI remotely To assign a new IP Address Netmask and Gateway IP Address to Director 1 Enter sysip show The current IP Address Netmask and Gateway IP Address are displayed 2 Enter sysip set ipaddr lt new ip address gt netmask lt new netmask gt gw lt new gateway gt The IP Addre
29. and n1 7 n1 8 plus three Span Network ports n2 3 n2 7 and n2 11 is being aggregated and directed to the second SFP Monitor port m 2 e Traffic from one in line Network link n1 11 n1 12 is being regenerated to two SFP Monitor ports m 9 and m 10 The traffic from the in line Network links to the Monitor ports may include the traffic being received at the odd numbered Network port at the left side of the diagram at the even numbered Network port at the right side of the diagram or both the diagram doesn t include this level of detail In addition filters shown at the bottom of the diagram are configured independently for each Monitor port one or more filters per port and applied on the aggregated traffic for that port For example the second SFP Monitor port could have two filters where one filter selects the TCP traffic from the two in line Network links and the second filter selects the UDP traffic from the three Span Network ports 4 Confidential DO NOT Distribute P WioOptics Director The inputs are divided into three groups two DNMs plus the 10GbE ports In line DNM models support 6 in line links while Span DNM models support 12 Span ports The diagram shows one in line and one Span DNM Both in line and Span DNMs are available with either Copper or SX Fiber interfaces Different DNM types can be mixed in the same chassis for example one in line Copper DNM and one Span Fiber DNM The modules are
30. b cee wade TITIO EI gt Director ATONHSOLULE 2 aa ud 26 pores SERRE ESOS ARE REA ER nad dd a duet dq a dead S506 qp 4 USB POW P r es 5 Director NANA AIE MCN ea hn added a ri tEn Eu wre BER Ra i ia dob ER dE wd bw viia os Rank anis eres gt Topical PPC AMON e aceea alt oka e tae Peete UP acd EE Heeb Ake eee E be Ree ERE eee iti 6 In line Monitoring of 10 Gigabit LINKS 242 nsi eves see heres eae eet ae cee dub e e Ue e reed 8 Director PEODET Opt Dues uoa s cee ncs Sess asa cok Eod Anda i EXE adu duos ee RI VR GNE eee aes 9 Director Rest Pate lens coca eee ae e e Se E OL une ne eee E E eee wee ESA ese es 10 Chapter 2 Installing Director a neuen unu ana nun an nn nana a a Pati tic Tos ERO a osie tii RP Greta z aa s Aa A teens arti s LPS ue aa a al i TREATISE SEE 12 Enpack and Inspect Mie DIre COE US VICE 5 sca aso acd tai x 9s eae ien e ae 8 26 Uca rr oa oae qaid ee Eu d as 12 Install Director Network Modul s a cco oo oaceca e c 85 404 9 rcr ER 9a o eie ERR d re en 13 Install SFP and XFP Monitor port Modules llllllllleeeeeeeee I rr 13 Rack Mount the Director de VICE 2 yc eee at i aa i ee See eae dh qe e Y war ue draco acea Cas E pu dE qus a 13 Connect Powerto DECIDI ga s irm md o Ru be p i ai Ro erar Fat oU d eaput teed oars eee rae d ds 14 Coni ct the local CET Eie E POE vacas ate aere oes Dee eee RECTE he Re ee hee eee Ra ees 14 Connect the remote CLIM
31. ber Keyword Protocol 1 ICMP Internet Control Message Protocol 2 IGMP Internet Group Message Protocol 6 TCP Transmission Control Protocol 17 UDP User Datagram Protocol 89 OSPF Open Shortest Path First 132 SCTP Stream Control Transmission Protocol 48 Confidential DO NOT Distribute o 2 i f4Optics Appendix C Protocol Numbers The official Assigned Internet Protocol Numbers list is maintained by the Internet Assigned Numbers Authority and can be found at http www iana org assignments protocol numbers The list as of April 18 2008 is reproduced in the following table without references Gateway to Gateway IP in IP encapsulation IGP any private interior gateway used by Cisco for their IGRP BBN BBN RCC Monitoring RCC MON NVP II Network Voice Protocol P PUP g me MUX HMP RM GGP ST TCP CBT EGP 13 14 15 16 Multiplexing DCN DCN Measurement Subsys MEAS tems Host Monitoring Packet Radio Measurement 19 P XNS IDP XEROX NS IDP IRTP Internet Reliable Transaction ISO TP4 ISO Transport Protocol Class 4 22 23 24 25 26 N N 28 29 Dum To EN il a eus 14 NAM Te gt m EN E a EA Ta 49 Keyword Protocol NETBLT Bulk Data Transfer Protocol MFE NSP MFE Network Services 30 31 32 MERIT INP DCCP Datagram Congestion Control Protocol 3PC Third Party Connect Protocol
32. c port 0000 14 dst port 0000 vlan 0000 action 3 in ports 00 redir_ports 12 ip src 00000000 ffffffff ip dst 00000000 ffffffff ip proto 0000 14 src port 0000 14 dst port 0000 vlan 0000 action 3 in ports 01 redir_ports 13 Net Optics gt Figure 43 Filter list command 6 Repeat steps 3 and 4 until the pending filter list is consistent with the desired filter configuration 7 Enter filter commit The contents of the pending filter list are copied to the CAM activating the new filter configuration Pending filter list Address einer ess Fito n1 1 ip proto TCP action drop n1 1 ip proto TCP action drop Figure 44 After filter commit 37 Confidential DO NOT Distribute oJ TDOptics P Director Be aware of these similar pairs of commands filter discard clears the pending filter list while filter clear clears the CAM filter list shows the pending filter list while filter running shows the CAM filter commit copies the pending filter list to the CAM while filter sync copies the CAM to the pending filter list Pending filter list Address Address filter commit filter sync filter discard to clear filter clear to clear filter list to view contents filter running to view contents Figure 45 Pairs of similar filter commands User interactions When multiple users are logged into Director at the same time each user has a separate pending filter list in which to create f
33. ditions are met The action can be either drop or redir meaning redirect If the action is drop then packets which meet the filter criteria are dropped that is they are not copied to any Monitor port If the action is redir then packets which meet the filter criteria are copied to all Monitor ports listed in the redir_ports lt portlist gt parameter Copy Traffic From Any Network Port to Any Monitor Port Director can be used like a Matrix Switch to direct traffic from any Network port to any Monitor port To create a simple switch connection use a filter add command without specifying any filters The filter add command creates pending filters including switch settings they are not activated until a filter commit command is executed Any number of filter add commands may be issued prior to executing the filter commit command Other CLI commands may be executed between the filter add commands as well To monitor Network Port 1 on Monitor Port 2 and Network Port 3 on Monitor Port 1 1 Enter filter add in_ports n1 1 action redir redir_ports m 2 The switch connection is pending 2 Enter filter add in_ports n1 3 action redir redir_ports m 1 The switch connection is pending 3 Enter filter commit The switch connection is activated Network Port 1 Monitor Port 2 Network Port 3 Monitor Port 1 filter add in_ports n1 1 action redir redir_ports m 2 filter add in_ports n1 3 action redir redir_ports m 1 Figure 22
34. e configured to copy the traffic from a Network or Span port to a Monitor port A simple connection is described in this section operating Director as a Matrix Switch For more complex switching and filtering see Chapter 3 To monitor Network Port 1 in DNM 1 on Monitor Port 2 1 Enter filter add in_ports n1 1 action redir redir ports2m 2 The switch connection is pending 2 Enter filter commit The switch connection is activated 3 Verify that traffic present on Network Port 1 is visible on Monitor Port 2 Check the Installation You have connected Director to the network monitoring tools and power It should now be functioning correctly Check the status of the following e Check that at least one power LED is illuminated Check the link status LEDs located on the front panel to verify that the links are connected e Verify that traffic is flowing through in line connections to attached network devices e Verify that traffic present on Network port 1 is visible on Monitor Port 2 24 Confidential DO NOT Distribute oo ThDOptics Director Chapter 3 Configuring Filters Using the CLI This chapter describes how to use the CLI to determine which monitoring tools are connected to which Network ports It also explains how to create filters to limit the amount of traffic copied to Monitor ports so the monitoring tools receive only the traffic that is of interest to them In this chapter you will learn to
35. e modes of multiple ports in a single command by specifying the ports in the portlist Use a comma to separate items in the list and use a dash to indicate a range For example this portlist includes the first three ports in DNM 1 and the first port in DNM 2 ports n1 1 n1 3 n2 1 Set the Current Date and Time Director maintains a time of day clock which is used to record the time of traffic peak utilization events Time is based on the 24 hour clock The clock must be initialized using the CLI or another management tool To change the current date and time 1 Enter time hh mm ss where hh is hour mm is minutes and ss is seconds 2 Enter date mm dd yyyy where mm is month dd is day of the month and yyyy is year Example time 12 20 00 date 06 24 2008 Save and Load Director Configurations The entire configuration of Director including port configurations and filters can be saved to and loaded from files stored on Director s internal disk drive When working with these files from within the CLI specify only a filename up to 32 characters long without an extension The current configuration is automatically kept in a file named defaultcfg This file is automatically loaded at power up or when the system is reset so your configuration is persistent However you may wish to save copies of various configurations that you use for different purposes For example each person that uses the device can maintain a separate configuration To
36. ed monitoring infrastructure Pa Bu Pa C we P E AV Figure 2 Director centric network monitoring infrastructure Ug M a e n PESE rom RMON 1 RMON 2 Nj TR In this example eight network links are monitored by six monitoring devices The company s external access is protect ed by a firewall shown in the upper left of the diagram The link runs through a router then in line through Director and then to a switch that distributes traffic throughout a department Network Links The rest of the department s switches are shown but only the connections to Director are illustrated The four depart ment switches shown in the lower right are cross connected for fault tolerance All four of the cross connected links are passed in line through Director as indicated by the slanting purple lines so they can be thoroughly monitored for performance tuning security and trouble shooting Because so many critical links pass in line through Director it s good to know that they are completely passive connections Director does not slow down or interfere with the in line traffic and the links stay open to pass traffic even if both of the Director power supplies are removed When power is removed 10 100 1000 Copper in line links may be dropped for a short period of time less than 1 second while relays switch to open the link Subsequently the network re establishes the links and t
37. equire service please call the number listed at the end of this section and speak with our technical ser vice personnel They may provide you with an RMA number which must accompany any returned product Return the product in its original shipping container or equivalent insured and with proof of purchase Additional Information Net Optics Inc reserves the right to make changes in specifications and other information contained in this document without prior notice Every effort has been made to ensure that the information in this document is accurate Net Optics is not responsible for typographical errors THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS EXPRESS OR IMPLIED No Net Optics reseller agent or employee is authorized to make any modification extension or addition to this warranty Net Optics is always open to any comments or suggestions you may have about its products and or this manual Send correspondence to Net Optics Inc 5303 Betsy Ross Drive Santa Clara CA 95054 USA Telephone 1 408 737 7777 Fax 1 408 745 7719 Email info Net Optics com Internet www Net Optics com All Rights Reserved Printed in the U S A No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language or computer language in any form by any means without prior written consent of Net Optics Inc with the following exceptions
38. ete a filter from the pending filter list The syntax is a filter del id lt id gt where lt id gt is a decimal number in the range I to 999 corresponding to the position in the pending filter list Use the filter list command so see the IDs of all pending filters Exclusive filters Filters can be specified using action drop in order to create exclusive filters An exclusive filter excludes packets rather an including them For example suppose you would like to monitor all traffic on a link except for the UDP traffic To specify this filter use the following commands Note that the drop filter must come first so it is earlier in the CAM filter add in_ports n1 1 ip_proto 17 action drop filter add in_ports n1 1 action redir redir_ports m 1 filter commit pude Address Filter 0 0 0 0 UDP n1 1 ip proto UDP action drop vin N ee Monitor Port 1 filter add in_ports n1 1 ip proto 17 action drop filter add in_ports n1 1 action redir redir_ports m 1 Figure 38 Creating an exclusive filter If you only define switch connections with no filtering the CAM is not involved and the switches do not interact Filters that use exclusive sets of Network ports each Network port is included in only a single filter do not interact For example filter add in_ports n1 1 n1 5 filter parameter list monitor port list does not interact with filter add in ports n1 6 n1 10 filter parameter list monitor port list
39. ex traffic is 10 Gbps or less 8 Confidential DO NOT Distribute A a3iOptics Director Front Panel The features of the Director front panel are shown in the following diagram 10 SFP 2 XFP DNM with 10 100 1000 DNM with SX Fiber Monitor Configurable Copper Network Ports Network Ports Ports 10GbE Ports 6 In line or 12 Span Ports 6 In line or 12 Span Ports 31Optics Director AG 6 7 8 9 10 J o1 o2 03 o4 o5 o6 o7 o8 09 010 011 012 1 S CO Power LEDs Monitor Ports 2 Director Network Module DNM Slots Network Ports Figure 6 Director Front Panel Monitor Port LEDs Each Monitor port has two light emitting diode LED indicators The Link LED is illuminated when a link is estab lished The Activity LED blinks when traffic is passing through the port They are located in the middle between the two rows of SFPs DNM Network Port LEDs Each 10 100 1000 Network or Span port has two LEDs The Link LED is illuminated when a link is established The Activity LED blinks when traffic is passing through the port The Link LED also indicates the link speed amber for 10Mbps yellow for 100Mbps and green for a 1000Mbps 1 Gbps They are integrated in the RJ 45 connectors Link on the left and Activity on the right Each 1 Gigabit Fiber Network or Span port has a single LED It illuminates solid when a link is established and it flashes when traffic is passing through the port These
40. fill the CAM more quickly than IPv4 addresses 38 Confidential DO NOT Distribute amd 1DOptics Director Chapter 4 Daisy chaining Multiple Director Chassis This chapter describes how to expand the capacity of Director by daisy chaining multiple Director chassis The complete set of chassis becomes a single logical system with up to 380 total ports By using long reach ER links chassis can be physically separated by as much as 25 miles 40 kilometers enabling monitoring of entire campuses or multiple campuses with a single Director system Daisy chaining chassis is not supported in the initial release of Director This chapter will be expanded when daisy chain functionality becomes available 39 Confidential DO NOT Distribute amd 1DOptics E Appendix A Director Specifications Specifications chassis Mechanical Dimensions 1 6 high x 15 65 deep x 17 wide Mounting Surface or 19 rack mount 1U Weight TBA Connectors Network Port Slots 2 Director Network Module DNM Monitor Ports 10 SFP Configurable 10Gigabit Ports 2 XFP Daisy chain uplink 10Gigabit Ports 2 XFP Management Port 1 RJ45 10 100 Copper Network Configuration CLI Port 1 RS 232 DB9 USB Port 1 Supports thumb drives for software loading Power 2 AC universal Electrical Interface Power 100 240 VAC 2A 47 63Hz Japan 100 125VAC 120 VA 50 60Hz 48VDC available Indicators All ports Li
41. following diagram shows a schematic view of the architecture of the Director device shown as a Matrix Switch with filtering The black dots indicate aggregating Matrix Switch connections between Network Ports and Monitor Ports n1 2 gt n1 1 DNM with gt ni 3 red LL Lo L n1 4 Sine 25 ESL d DL LLL LLL E ats network ports PSU por ow thei ed ens nto enun d e ma LLL LLLL 222 L LL LLL em De tf Sma L Lo Ll Lol ol pnmwith cms P Bspnerd iss dq D LOL POT p Rod pr out of band VO OO OY network ports lt 2 Al oS ie IE ak l 21 a d A E FI PRE E AIR a A y cuc Sad LL ELI ILI emu e eme Two configurable 10GbE XFP ports Key lt gt Network or Span port 10 SFP monitor ports V Monitor Port Aggregating switch conection im Alternate configurations for 10 GbE XFP ports Figure 1 Director internal architecture Director can be viewed as a matrix switch with up to 26 inputs or Network ports and 12 outputs or Monitor ports Any number of inputs can be directed to each of the outputs Director aggregates the traffic from those Network ports and sends them to the Monitor ports For example the diagram shows e Traffic from the first in line Network link n1 1 n1 2 is being directed to the first SFP Monitor port m 1 e Traffic from two in line Network links n1 3 n1 4
42. he DNM module The DNM circuit boards ride in the rails provided in the slots Push in the DNM firmly until you feel the connectors mate and the bezel is flush with the front panel but do not force them If you encounter resistance withdraw the module and try again making sure to align the circuit board in the rails and slide the module straight in When the DNM is fully seated fasten it to the front panel with the two captured thumbscrews If you are only using a single DNM it should be installed in the left slot Slot 1 A Optics Figure 8 Installing Director Network Modules Install SFP and XFP Monitor port Modules SFP and XFP modules are shipped separately Install them as desired in the SFP and XFP slots in the front on the chassis and the two XFP slots in the rear For each module remove the temporary plug from the SFP or XFP slot and insert the module until it clicks into place The photograph on the cover of this Guide shows properly installed SFP and XFP modules Rack Mount the Director device Director is designed for rack mounting in a 19 inch rack panel The panel occupies one rack unit To rack mount the Director device simply slide it into the desired rack location and secure it using the four supplied screws 13 Confidential DO NOT Distribute o 2 1DOptics Director Connect Power to Director For power fault protection Director is equipped with redundant power connections If one p
43. ilter Confidential DO NOT Distribute o JS A a3iOptics Command Sub Command Example and description gommand continued Dx 7 BEEN command NE ll o E iB mw E o 44 1125 Confidential filter list Parameters ipv6 y for IPv6 addressing ipv6 n for IPv4 ad dressing defaults to IPv4 if parameter is omitted Displays all pending filters with filter IDs filter running Parameters ipv6 y for IPv6 addressing ipv6 n for IPv4 ad dressing defaults to IPv4 if parameter is omitted Displays all active filters filter sync Loads the pending filter list with a copy of the currently active filters help filter Parameter command is any CLI command Displays information about the specified CLI command if command is omitted displays a list of all CLI commands history Displays a numbered list of previously executed CLI commands any command can be executed directly by entering the command number preceded by an exclaimation point up and down arrow keys can be used to scroll through the command history buffeer see command image 2 Parameter Valid values are 1 and 2 Chooses which system image to boot from if n is omitted the current system image information is displayed see upgrade command list Shows a list of filenames of saved Director device configurations see save command load my configuration 1 Parameters
44. ilter configurations However there is only one CAM so any time a user executes a commit or filter commit command the CAM takes on the filter configuration from that user s pending filter list and those become the active filters on Director For this reason it is a good idea to use a filter sync to get the current contents of the CAM before adding or modifying filters that way the filters that you don t touch remain unaffected after you commit Filter capacity The capacity of Director s filtering function is roughly 1 000 filter elements per chassis where a filter element is a port list or a filter parameter For example filter add in_ports n1 1 n1 7 ip proto 6 vlan 100 action redir redir_ports m 1 m 5 m 10 has four filter elements 1 in_ports n1 1 n1 7 2 ip_proto 6 3 vlan 100 4 redir_ports m 1 m 5 m 10 Counting filter elements is only a rough gauge of filter utilization and is not recommended Instead examine the pending filter list or CAM contents with filter list and filter running commands The CAM has 512 locations so the number of filter entries or filter IDs is an indication of how much filtering capacity has been utilized For example if the highest filter ID is 256 then half of the filter capacity is utilized The actual capacity may exceed 1 000 filter elements because one CAM location can contain multiple filter elements However be aware that IPv6 addresses when available require additional CAM space and therefore
45. is displayed lt filename gt del my_configuration 1 Parameters filename is the name of the file to delete a string do not include an extension Deletes a previously saved Director configuration file see Save command exit exit Exits the CLI shell same as ogout and quit 42 Confidential DO NOT Distribute o 2 i 3iOptics Sub Command Example and description filter ipv6 lt y n gt in_ports lt network_portlist gt lt qual gt lt value gt action lt redir drop gt redir_ports lt monitor_portlist gt Notes The command may include any number of lt qual gt up to the limit of Director s filter resources approximately 1 000 lt qual gt per chassis The action lt redir drop gt parameter is required If action redir then redir_ports lt monitor_portlist gt parameter is required ipv6 lt y n gt id lt id gt ipv6 lt y n gt id lt id gt in_ports lt network_porilist gt lt qual gt lt value gt action lt redir drop gt redir_ports lt monitor_portlist gt 43 filter add ipv6 n in ports n1 1 n1 3 ip_ src 10 1 1 1 action drop Parameters ipv6 y for IPv6 addressing ipv6 n for IPv4 ad dressing defaults to IPv4 if parameter is omitted network portlist traffic from the network ports specified in this portlist is aggregated before being sent to the filter qual and value are filter qualifiers and values as listed in the
46. istory 1 show 2 list 3 help ping 4 sysip show Net Optics gt 3 Net Optics gt help ping ping ipaddr ping ipaddr Net Optics Figure 17 CLI command history buffer 21 Confidential DO NOT Distribute P WioOptics P Director Connect Span Ports to Director To connect Director to the network using Span ports be sure that at least one of your DNMs is a Span model Use ports in that DNM to connect to the network Span port numbering is shown in the following diagram It is the same for Span DNMs and in line DNMs Porti n1 1 2 3 4 5 6 Porti n2 1 2 3 4 D B Span m m jl 7 7 m10 LINK am Span E 10 100 1000 i ii i AT Gigabit Coco occo OOOO o1 o2 03 04 5 06 o7 08 9 010 011 012 Port n1 7 8 9 10 11 12 Port n2 7 8 9 10 17 12 Port numbers in purple Figure 18 Port numbering for Span DNM models Note DNM 1 is on the left and DNM 2 is on the right In the CLI the Network ports are designated using the letter N followed by the DNM number a dot and then the port number For example the Network port on the upper left is n1 1 and the Network port on the lower right is n2 12 To connect a Span port 1 Plug the appropriate cable into a Director Span port 2 Plug the other end of the cable into the span port of the switch The Link LED for the port illuminates after a short delay to indicate that a link has been established If the Span traffic bandwid
47. lifetime of your purchase Our technical support team is available from 8 00 to 17 00 Pacific Time Monday through Friday at 1 408 737 7777 and via e mail at ts support netoptics com FAQs are also available on Net Optics Web site at www netoptics com 2 Confidential DO NOT Distribute oJ A Ia3iOptics About this Guide Please read this entire guide before installing Director This guide applies to the following part numbers Chassis Part Number Description DIR 3400 DIR DIR 7400 DIR DNM Part Number DNM 100 DNM 110 DNM 200 DNM 210 DNM 220 DNM 230 DNM 300 DNM 310 DNM 320 DNM 330 Director Main Chassis with 10 SFP monitor ports Director Main Chassis with 10 SFP monitor ports 48VDC power Director Main Chassis with 10 SFP monitor ports 2 XFP 10GbE ports 2 XFP uplink ports Director Main Chassis with 10 SFP monitor ports 2 XFP 10GbE ports 2 XFP uplink ports 48VDC power Description 6 Port 10 100 1000 Copper In Line Module 12 Port 10 100 1000 Copper Span Module 6 Port Gigabit SX Fiber 62 5um In Line Module 12 Port Gigabit SX Fiber 62 5um Span Module 6 Port Gigabit SX Fiber 50um In Line Module 12 Port Gigabit SX Fiber 50um Span Module 6 Port Gigabit LX Fiber In Line Module 12 Port Gigabit LX Fiber Span Module 6 Port Gigabit ZX Fiber In Line Module 12 Port Gigabit ZX Fiber Span Module 3 Confidential DO NOT Distribute ThIOptics P Director Director Architecture The
48. lows To change the Director filter configuration Pending filter list Adress ine i O Ames mer n1 1 ip proto UDP action drop NEN NENNEN Figure 39 Starting state Enter filter running to view the currently active filters in the CAM Net Optics filter running 001 ip src 00000000 ffffffff ip dst 00000000 ffffffff ip proto 0017 14 src port 0000 14 dst port 0000 vlan 0000 action 1 in ports 00 002 ip src 00000000 ffffffff ip dst 00000000 ffffffff ip proto 0000 14 src port 0000 14 dst port 0000 vlan 0000 action 3 in ports 00 redir_ports 12 Net Optics gt Figure 40 Filter running command 2 Enter filter sync The contents of the CAM are copied to the pending filter list 36 Confidential DO NOT Distribute o 2 1hDOptics Director Pending filter list Address me s ter n1 1 ip_proto UDP action drop n1 1 ip_proto UDP action drop Figure 41 After filter sync 3 Use filter add filter ins and filter del commands to change filters as desired Pending filter list C Daerese ter d Figure 42 Filter 1 has been changed and filter 3 has been added 4 Enter filter list to view the pending filter list Net Optics filter list 001 ip src 00000000 ffffffff ip dst 00000000 ffffffff ip proto 0006 14 src port 0000 14 dst port 0000 vlan 0000 action 1 in ports 00 002 ip src 00000000 ffffffff ip dst 00000000 ffffffff ip proto 0000 14 sr
49. ltering data can be used to assemble XML based end user reports or it may be exported to a third party reporting tool such as a protocol analyzer e Text based command line interface CLI available through RS 232 serial port e CLI also available remotely over secure SSH connection e Field upgradeable software Compatible with all major manufacturers monitoring devices including protocol analyzers probes and intrusion detection and prevention systems Monitor port Filtering e 1 000 filter elements per a chassis Exclusive drop matched packets and inclusive pass matched packets filters e Filters based on IP protocol IP addresses layer 4 ports MAC addresses and VLANs e Source and destination MAC addresses e Source and destination IP addresses or ranges of addresses e Source and destination ports e VLAN Network port utilization Protocols all IP protocols such as ICMP TCP UDP and RDP Passive Secure Technology e Passive access at up to 10 Gbps e In line links do not interfere with the data stream or introduce a point of failure e Optimized and tested for 10 100 and 1OOOMbps copper and 1 and 10 Gpbs fiber networks e Redundant power to maximize uptime e In line links default to open under a complete power fail condition ensuring network availability e FCC CE VCCI C Tick and WEEE certified Fully RoHS compliant Unsurpassed Support Net Optics offers technical support throughout the
50. m porary WB MON WIDEBAND Monitoring 79 WB WIDEBAND EXPAK EXPAK KECAT 82 SECURE SECURE VMTP VMTP 50 IGP Sprite Sprite RPC Protocol RPC LARP Locus Address Resolution Protocol Multicast Transport Protocol AX 25 AX 25 Frames IP within IP Encapsulation Protocol MICP Mobile Internetworking Con trol Pro SCC SP Semaphore Communications Sec Pro ETHERIP Ethernet within IP Encapsu lation 85 87 88 91 92 93 94 95 97 ENCAP Encapsulation Header any private encryption scheme 100 G E TP Protocol ticast P 107 Al Active Networks 108 IPComp IP Payload Compression Protocol 109 Sitara Networks Protocol 110 Compaq Compaq Peer Protocol Peer 111 IPX in IP IPX in IP 112 VRRP Virtual Router Redundancy Protocol 1 PGM PGM Reliable Transport Protocol EE any O hop protocol Ed a Ter E El Da al Ld EN E De Dos E m EN 13 14 1 Confidential DO NOT Distribute oJ vf 4Optics 115 L2TP Layer Two Tunneling Protocol 116 D II Data Exchange DDX 117 IATP Interactive Agent Transfer Protocol STP Schedule Transfer Protocol AC e Radio Protocol e sean e Message Protocol Moo Transparency Protocol ISIS over IPv4 CRTP EE Radio Transport Protocol CRUDP Combat Radio User Data gram Secure Packet Shield 131 PIPE Private IP Encapsulation within IP SCTP Stream Control Transmission Protocol Ls ee Feecmme
51. me of the file where the configuration is saved a string do not include an extension Saves the Director device configuration to a file saved information includes port set up and filters show lt filename gt show my configuration 1 Parameters filename is the name of the file to display a string do not include an extension Displays the contents of the specified saved configuration file see save command stats clear ports all lt portlist gt Stats clear ports all Clears RMON statistics for the designated ports show ports all lt portlist gt Stats show ports m 2 n1 4 Displays RMON statistics for the designated ports 45 Confidential DO NOT Distribute amd 1hDOptics Director Sub Command Example and description sysip commit sysip commit Activates pending changes defined with sysip set set ipaddr lt address gt sysip ipaddr 192 168 1 2 netmask 255 255 0 0 gt netmask lt netmask gt Parameters gw lt gateway gt lt address gt is the IP address default 192 168 1 2 lt netmask gt is the netmask default 255 0 0 0 lt gateway gt is the gateway IP address default 192 168 1 1 Sets the Director IP address netmask and gateway IP address requires a sysip commit command to activate the new settings show sysip show Displays the current Director IP address information time lt time gt time 13 02 00 Parameters lt time gt is hh mm ss Sets the system time of day if lt time gt is omit
52. ned it is stored in the next available entry in the CAM Each packet header is compared in the CAM and the CAM returns the index of the first filter that the packet header matched That filter and only that filter controls which monitoring ports receive a copy of the packet Other filters are not executed for that packet Therefore filters are not completely independent one filter can affect the operation of another Let s walk through an example of a filter interaction that may be unexpected First we will set up a filter for an IP address filter add in_ports n1 5 ip_src 192 186 10 0 action redir redir_ports m 1 filter commit Source IP Address Filter 168 10 Monitor Port 1 _ d 1 nt5ipsrcs192 186 000m 1 filter add in ports n1 5 ip_src 192 168 10 0 ip src mask 240 action redir redir Figure 34 A simple IP address filter Shown with CAM All traffic from Network Port 5 that comes from IP address 192 186 10 0 matches the first CAM entry and therefore is copied to Monitor Port 1 Next suppose we want another monitoring tool to see all the TCP traffic from Network Port 5 so we set up this filter filter add in_ports n1 5 ip proto 6 action redir redir_ports m 2 filter commit TN Address Filter 192 186 10 0 LEE n1 5 ip_src 192 186 10 0 m 1 Filter interactions n1 5 ip_proto TCP m 1 ve idol Protocol TCP Monitor Port 2 filter add in_ports n1 5 ip_src 192 186 10 0 action
53. nfigurable TO Gigabit ports en n ca iure had dao am Rom ae Pee n ad 31 Understand Ter TET AC HOS s oe occa ra ee bose ti ER eee i eb icd Rd Doce Rd S 33 Understand pending and active BEES uacua aae cns cR a de thee woes See CR acr a eden t Oc E UL RE aia ta 36 Chapter 4 Daisy chaining Multiple Director Chassis OD Appendix A Director Specifications L Lr rere rere rre een nna nua naannnnnnaaaanaanaaaa 4O Appendix B Command Line Interface ccn eunuuunuuunuunuuuuuuuuuuuuuuuruuursuursuursanaans 42 Piller parate CTS coste era a e sme Pacco ame dy dea a atat atat ami na ERI Sd ee PEE S E eite ne 48 Appendix C Protocol NumbDOTrs uiseesua a nu li n lu i a iu nl a i iii it aia uta a GO Limitations on Warranty and Liability 92 Confidential DO NOT Distribute oJ TDOptics Director Chapter 1 Introduction Net Optics Director is a key component for building a comprehensive consolidated monitoring infrastructure for both network management and security It extends the range of visibility for data monitoring across converged data and digital voice networks while eliminating monitoring port contention and minimizing the number of tools needed to optimally manage the network A single Director device enables you to tap into multiple network links and direct their traffic to multiple moni
54. nk LEDs with speed indication on Copper ports All ports Activity LEDs 1 Alarm LED 2 Power LEDs Performance Hardware throughput 74Gbps TapFlow Smart filtering More than 1 000 filter elements per chassis filter by IP source address IP destination ad dress MAC source address MAC destination address source port destination port protocol network port or port group VLAN utilization threshold RMON statistics for each network and monitor port Current utilization peak utilization peak time total packets total bytes CRC errors collision packets oversize packets undersize packets Alarms Programmable utilization threshold alarm for each network and monitor port Internal disk drive 2 5 inch SATA 30 Gigabyte 5400 RPM Software Net Optics Web Manager compatible with all major Web browsers Net Optics System Manager compatible with Windows XP Windows 2000 and Windows 98 SNMP v3 support 40 Confidential DO NOT Distribute o 2 1DOptics Director Specifications DNM Copper Interface 12 RJ45 Network Ports 10 100 1000Mbps 6 In line links or 12 Span ports depending on model 22 24 AWG unshielded twisted pair cable CAT5e or better recommended Fiber Optic Interface 12 Gigabit SX LX or ZX Network Ports LC type 6 In line links or 12 Span ports depending on model Fiber Types Corning Multimode 62 5 125um Corning Multimode 50 125um Corning Singlemode 8 5 125um Transceiver
55. ort 1 and copy them to Monitor Port 1 Enter filter add in_ports t 1 ip_proto 17 action redir redir_ports m 2 A filter has been defined to select all IPv4 UDP packets from 10 Gigabit Port 1 and copy them to Monitor Port 2 Enter filter add in_ports t 2 action redir redir_ports m 3 A filter has been defined to copy all traffic from10 Gigabit Port 2 to Monitor Port 3 Enter filter commit The filters are activated Protocol TCP Monitor Port 1 XFP Port 1 Protocol UDP Monitor Port 2 XFP Port 2 Monitor Port 3 filter add t 1 ip proto 6 action redir redir ports m 1 filter add t 1 ip proto 17 action redir redir_ports m 2 filter add t 2 action redir redir_ports m 3 Figure 31 Configurable 10 Gigabit XFP ports used as Network ports To use both XFP ports as Monitor ports I Enter filter add in_ports n1 1 n1 4 action redir redir_ports t 1 A filter has been defined to aggregate the traffic from the first four 1 Gigabit Network Ports and copy the aggregated traffic to 10 Gigabit Port 1 Enter filter add in_ports n1 11 action redir redir_ports t 2 A filter switch has been defined to copy all the traffic from 1 Gigabit Network Port 11 to 10 Gigabit Port 2 Enter filter commit The filters are activated 31 Confidential DO NOT Distribute o 2 1DOptics Director Network Port 1 Network Port Dei J XFP Port 1
56. ower source becomes unavailable due to an interruption in AC power or failure of the power brick the other power source keeps Director operating normally If both power sources become unavailable Director passively keeps all in line network links open passing all traffic between the network ports When power is not available no data is seen at the Monitor ports Management RS232 INPUT OUTPUT Model 48V lel Dual Gig Copper Port Agg Tap P N PAD GCU 48V e i E ds x aS Figure 9 Connecting redundant power supplies Supply power to Director using the power cords that were included with the unit If you plan to use redundant power make sure that you connect the power supplies to two separate independent power sources for maximum protection One or both Front Panel Power LEDs are illuminated depending on whether you used one power supply or two Connect the local CLI Interface All configuration options filters and status can be accessed using the Director Command Line Interface CLI You can run the CLI locally over the RS 232 serial port or remotely over the Management port If you choose to run the CLI locally connect a DB9 cable from the RS 232 port on the back of the Director chassis to your computer the computer needs to have terminal emulation software such as HyperTerminal to access the Director CLI To connect the CLI for local use over the R
57. ple the colored circles in the diagram indicate that traffic from four links is being aggregated and sent to this port Four streams of traffic are also being aggregated to the red monitoring tool on the upper left Since this is a 1 Gbps Monitor port aggregated data up to 1 Gbps can be sent to the red tool If the aggregated traffic exceeds 1 Gbps packets will be dropped To avoid dropping packets filters should be configured to reduce the aggregated traffic load to 1 Gbps or less The two green RMON monitoring tools at the bottom are the same type of tool Two identical tools provide the capabil ity of monitoring a greater amount of data than a single tool can handle Another reason to use identical monitoring tools is to provide redundancy in case one of the tools fails In addition Director can be configured to send different types of traffic to each tool for example all the TCP traffic to one tool and the UDP traffic to the other 7 Confidential DO NOT Distribute amd TDOptics P Director In line Monitoring of 10 Gigabit Links To create an in line link on a 10 Gigabit network segment use and external iBypass Switch or network Tap These two methods are explained in the following sections iBypass Switch Method One method for creating a fail safe passive in line 10 Gigabit network connection with Director is to use an external iBypass Switch as shown in the following diagram 10 Gbps ed Switch full duplex
58. raffic resumes flowing Purple line indicates an aa in line Tap Figure 3 Detail of in line Taps shown in Figure 2 In the middle of Figure 2 three other departmental switches are monitored through their Span ports One of the switches handles IOGDbE traffic so its Span port goes to one of the Director IOGbE XFP ports One of the other switches IGbE Span ports carries three distinct types of traffic e mail VoIP and Web pages as indicated by the three colored circles on the Span link 6 Confidential DO NOT Distribute o 2 1hDOptics E In this installation Director has ten additional Span ports and one in line link that are available for expansion when more links need to be monitored Monitoring Tools Still referring to Figure 2 six monitoring tools are connected to Director They include protocol and performance analyzers RMON probes and an intrusion detection system IDS Any of the monitoring tools can be used to observe any of the connected network links and the connections can be switched easily using the Director CLI without ever moving a cable or touching the tools A set of possible data flows is indicated by the colored circles on the links in the diagram One of the network monitoring tools is capable of handling more than 1 Gbps so it is attached to a 10 Gigabit XFP port Through this port the tool can be sent aggregated traffic up to 10 Gbps For exam
59. rameters username is the user name of the account you wish to delete Deletes a user account This command is only available at root level user mod name bill pw billpw Parameters username is the user name of the account you want to change a string password is the new password for the account to a string level is 1 2 or 3 other values not applicable 1 root 2 admin 3 user Modifies a user account This command is only available at root level Confidential DO NOT Distribute o 2 ThDOptics Director Filter parameters Switches and filters are defined using the filter add and filter ins commands The filter add command syntax is filter add in_ports lt portlist gt filter parameter list action lt redir drop gt redir_ports lt portlist gt The lt filter_parameter_list gt is a sequence of zero or more of the filter qualifiers as listed in the following table If the lt filter_parameter_list gt is empty the filter add command specifies an aggregation of the traffic received on all of the in_ports If the action redir the aggregated traffic stream is regenerated to all of the redir_ports If the lt filter_parameter_list gt contains filters aggregation and regeneration take place as described in the previous paragraph However the filters are applied to the aggregated traffic stream before it is copied to the Monitor ports If multiple filter qualifiers are specified a packet m
60. rector can be used like a Regeneration Tap copying traffic from a Network port or aggregated group of Network ports to multiple Monitor ports The filter add command is used to do this The only difference from using the command to connect a single or multiple Network ports to a single Monitor port is that a list of Monitor ports is specified To regenerate traffic from Network Port 1 to Monitor Ports 3 4 and 5 1 Enter filter add in_ports n1 1 action redir redir_ports m 3 m 5 The regeneration connection is pending 2 Enter filter commit The regeneration connection is activated Monitor Port 3 Network Port 1 Monitor Port 4 Monitor Port 5 filter add in_ports n1 1 action redir redir_ports m 3 m 5 Figure 24 Traffic regeneration To aggregate traffic from Network Port 10 and Network Port 11 and regenerate the resulting stream to Monitor Ports 9 and 10 1 Enter filter add in_ports n1 10 n1 11 action redir redir_ports m 9 m 10 The aggregation regeneration connection is pending 2 Enter filter commit The aggregation regeneration connection is activated Network Port 10 j Monitor Port 9 OA Monitor Port 10 Network Port 11 1 filter add in portszn1 10 n1 11 action redir redir_ports m 9 m 10 Figure 25 Combined aggregation and regeneration 27 Confidential DO NOT Distribute oJ TDOptics E Create Filters Filters process a traffic stream by selecting packets based on criteria in the packe
61. rts 01 redir_ports 13 1p_src 00010101 ffffffff ip_dst 00000000 ffffffff ip_proto 0000 14 src port 0000 14 dst port 0000 vlan 0000 action 1 in ports 00 05 ip src 00000000 ffffffff ip dst 00000000 ffffffff ip proto 0000 14 src port 0000 14 dst port 0025 vlan 0000 action 3 in ports 00 redir_ports 12 Net Optics gt Figure 30 Filter list command The ID numbers shown at the left of each filter in the filter list are the IDs that apply for filter del id lt id gt and filter inc id lt id gt commands because all three commands act on the pending filter lsit Do not use the IDs ina filtrer running ist as the reference for filter del or filter ins commands 30 Confidential DO NOT Distribute oJ TDOptics Director Work with configurable 10 Gigabit ports The two configurable 10 Gigabit XFP ports on the front panel are designated t 1 on the left and t 2 on the right They can be used in network port lists and monitor port lists The 10 Gigabit ports are configured for Network or Monitor as required by the filter add commands you enter Some examples follow If separate filter add commands require differ ent configurations for the same XFP port the port is configured as required for the command that was entered last To use both XFP ports as Network ports l Enter filter add in_ports t 1 ip_proto 6 action redir redir_ports m 1 A filter has been defined to select all IPv4 TCP packets from 10 Gigabit P
62. ss Netmask and Gateway IP Address are made pending 3 Enter sysip show Verify that the displayed IP Address Netmask and Gateway IP Address are the desired values 4 Enter sysip commit to activate the new IP Address Netmask and Gateway IP Address Example sysip set ipaddr 10 60 4 180 netmask 255 0 0 0 gw 10 0 0 1 sysip commit Tip The sysip command accepts one two or three parameters so you only need to include the ones you want to change For example to change the IP Address but leave the Netmask and Gateway IP Address the same enter sysip set ipaddr lt new ip address gt Assign a New Manager IP Address Configure the Manager IP Address to the IP Address of the remote management server for example an IBM Tivoli or HP OpenView server To assign a new Manager IP address to Director TBA Change Port Modes To change the port mode 1 Enter port set ports lt portlist gt autoneg lt on off speed lt 10 1001 1000 gt duplex lt full half to set the mode of a 10 100 1000 Copper port Example Enter port set ports n1 5 autoneg off speed 100 to set Network Port 5 in DNM 1 to 100Mbps fixed speed Duplex mode is left in its default state of full duplex 2 Repeat Step 1 as desired for ports n1 2 to n1 12 n2 1 ton2 12 m 1 to m 12 and t 1 to t 2 this procedure only affects 10 100 1000 Copper ports 18 Confidential DO NOT Distribute o 2 ThDOptics Director Tip You can change th
63. t header A filter is defined using a filter add command which also specifies the Network ports and Monitor ports the filters apply to The filter add command specifies the following behavior e Traffic is aggregated from all the listed Network ports Then the filter parameters are applied e Packets which match all of the specified filter parameters are copied to all of the listed Monitor ports assuming the action redir e If the action drop the matching packets are not copied to any Monitor port this mechanism is used to create exclusive filters To send Monitor Port 1 all traffic received at Network Port 5 from IP addresses 192 168 10 0 to 192 168 10 15 1 Enter filter add in_ports n1 5 ip_src 192 168 10 0 ip src mask 240 action redir redir_ports m 1 A filter has been defined to select all IPv4 packets from Network Port 5 with a source IP addresses of 192 168 10 0 and the lowest four address bits masked out ignored packets matching the filter are copied to Monitor Port 1 2 Enter filter commit The filter is activated Source IP Monitor Port 1 192 168 10 15 filter add in portszn1 5 ip src 192 168 10 0 ip src mask 240 action redir redir_ports m 1 Figure 26 Simple IP address filter To create a filter that selects IPv4 packets by protocol 1 Enter filter add in ports n1 3 ip4_prot 3 action redir redir_ports m 6 m 8 A filter has been defined to select all IPv4 packets that use the TCP protocol received at Network
64. table that follows this table Specify redir or drop as the filter action if redir packets matching all of the qual are copied to all of the Monitor ports specified in the portlist lt monitor_portlist gt if drop packets matching all of the qual are dropped Defines a filter including the Network and Monitor ports involved in the filter filter is pending inactive until activated by a filter commit or commit command Note If the filter command does not include any qual it defines aggregation regeneration and matrix switching functions without filtering clear filler clear Clears all active filters Ni DEM filter commit Activates pending filters previously defined using filter add and filter ins commands filter del id 3 Parameters ipv6 y for IPv6 addressing ipv6 n for IPv4 ad dressing defaults to IPv4 if parameter is omitted id is a decimal number from 1 to 999 that identifies which filter is to be deleted Deletes a pending filter discard filler discard Clears all pending filters filter ins id myfilter 1 in ports n1 1 n1 3 ip src 10 1 1 1 action drop Parameters ipv6 y for IPv6 addressing ipv6 n for IPv4 ad dressing defaults to IPv4 if parameter is omitted id is a decimal number from 1 to 999 that specifies the priority of this filter the address for the filter in the filter CAM The rest of the filters parameters are as defined for the filter add command Defines and prioritizes a f
65. ted the current time is displayed upgrade srvip svrip upgrade srvip 168 192 20 2 user bob pw bobpw user lt username gt filename image021108 2 pw lt passwd gt Parameter filename lt filename gt lt svrip gt is the IP address of the server that the new image file is on username is the user name needed for FTP access to the server lt passwd gt is the password needed for FTP access to the server filename is the name of the image file Replaces the current system boot image with the image in the specified file see image command all parameters must be included and they must be in the order shown 46 Confidential DO NOT Distribute o 2 i 3iOptics Sub Command Example and description show user This command is only available at root level name lt username gt pw lt password gt priv lt level gt Notes All three parameters are required and they must be in the order shown name username name lt username gt pw lt password gt priv lt level gt 47 user show Lists all the currently defined user accoounts This command is only available at root level user add name bob pw bob pw priv 3 Parameters username is the username a string lt password gt is the password a string lt level gt is 1 2 or 3 other values not applicable 1 root 2 admin 3 user Creates a new user account This command is only available at root level user del name bill Pa
66. th is greater than about 300 Mbps the two Link LEDs blink Repeat for all desired Span port connections A E VN et L 31Optics Direct E 1 2 3 4 5 Spn 1 1 I eed ois Spanii o or m 10 100 1000 don GigaBit 20 P A B x m Ka m a va v a vav Ae foe E x EN id SS CA F 5 Lon w UI JC 6 if 8 9 10 o1 fo2 o3 o aif o12 l Figure 19 Span port connections 22 Confidential DO NOT Distribute oJ WioOptics P Director Connect Director With In line Network Links To connect Director to the network using an in line installation be sure that at least one of your DNMs is an in line model Tap port pairs for each link are located side by side with three links across the top row and three links across the bottom row This is true for both Fiber and 10 100 1000 DNMs Link 1 2 3 Link 7 8 9 Port n1 1 2 3 A 5 6 Port n2 1 2 3 A 5 6 d Li um m i m 10 em n Lin B A B A B B XC BEBE BBB ESS 8 8 CJ PBBI BBB BEE O Port n1 7 8 9 10 11 12 Port n2 7 8 9 10 11 12 Link 4 5 6 Link 10 11 12 Port numbers in purple In line link numbers in green Figure 20 Port and link numbering for in line DNM models To connect an in line network link 1 Plug the appropriate cable into an odd numbered Network port Port Nm o 2 Plug the other end of the cable into the source switch or router The
67. tistics show and set system network IP address set system time upgrade image file manage user account exit current cli session Figure 16 Director CLI Help command 2 To view the syntax for changing Director filter parameters enter help filter 3 Repeat with the command of interest to view the syntax for all commands available from the CLI For a complete description of all of the CLI commands see Appendix B 20 Confidential DO NOT Distribute o 2 ThDOptics Director Using the CLI Command History Buffer You can save a lot of typing by using the command history buffer maintained by the CLI The up and down arrow keys scroll forward and backward through the history buffer To execute a command again simply scroll to that com mand and press enter Alternately you can scroll to a command and then edit it inline before executing it You can see a history of all the buffered commands by entering the history command Any command in the history buffer can be accessed directly by entering where is the number of the command in the buffer Operation of the command history buffer is illustrated in the following example Net Optics gt show show name show all files name Net Optics list current config file lannie 090208 Net Optics help ping ping ipaddr ping ipaddr Net Optics sysip show Network Interface Info Ipaddr 10 60 4 180 NetMask 255 0 0 0 Gateway 10 0 0 1 Net Optics h
68. toring ports It includes aggregation and regeneration functions so the link to monitor port mapping can be one to one one to many many to one or many to many In addition it provides filtering Each Monitor port can be programmed to receive only traffic meeting user defined filter criteria based on protocol source and destination addresses and network utilization This filtering capability enables specific types of traffic such as voice over IP VoIP to be directed to particular monitoring tools Matrix switching aggregation and regeneration Each Director chassis supports up to 12 in line network links or 26 Span ports For monitoring up to 12 ports are provided Network and Span ports can be aggregated and regenerated to output ports in almost any combination Modular design Director is modular to provide configuration flexibility e Director Network Modules DNMs support SX multi mode and LX single mode fiber links and 10 100 1000 Copper links e Each DNM provides either 6 in line network links or 12 Span ports The Director Chassis includes two DNM slots they can be populated with the same or different DNM types e Ten 1 Gigabit Monitor ports are SFP based accepting any mix of Copper SX and LX interface modules Four 10 Gigabit ports are XFP based accepting SR LR and ER interface modules Flexible 10 Gigabit support Two 10 Gigabit ports on the front of the unit can be configured as Network Span or Monitor ports
69. ust satisfy all of the filter qualifiers in order to be copied to the Moni tor ports In other words the filter qualifiers are combined with a logical AND condition A logical OR condition can be created by using multiple filter add commands with identical port lists The filter add and filter ins commands define filters but do not activate them A subsequent filter commit or commit command must be executed to the filters This mechanism enables an interrelated group of filters to be activated simul taneously It also allows you to double check your filter definitions before you activate them It is important to note that packets are filtered using a Content Addressable Memory or CAM Each filter is a CAM entry and the CAM is filled in the order that the filter add commands are received Filter ins commands create filters in specific locations in the CAM When a packet is processed the first filter in the CAM that matches the packet is the only filter that is activated Each packet can activate exactly zero or one filters See Understand filter interactions near the end of Chapter 3 for examples All supported filter qualifiers are shown in the following table Director Filter Parameters qua aue Exampe Descripton ip dst IP destination address ip dst mask Mask for IP destination address I4 dst port Layer 4 destination port See Appendix C for a complete list of protocol numbers Some common protocols include Num
70. you are deploying multiple Director devices Net Mask for Director P address of the remote management console if deployed over a WAN this address is used for SNMP traps Gateway to the remote management console if deployed over a WAN Port assignments and filters for the Network and Monitor port connections Make sure you have a suitable location to install the Director device For power redundancy use two independent power sources Unpack and Inspect the Director device Carefully unpack the Director device power supplies and all cables that are provided Director is delivered with the following e 1 Director device e 2 Power cords e Director Quick Install Guide one sheet 1 CD containing the Director User Guide this document e Network and monitor cables e RS 232 DB9 cable for use with the CLI e Extended Warranty if purchased Check the packing slip against parts received If any component is missing or damaged contact Net Optics Customer Service immediately at 1 408 737 7777 Note XFP modules are ordered and shipped separately 12 Confidential DO NOT Distribute md 1DOptics Director Install Director Network Modules If the Director Network Modules DNMs are not already installed when you receive the unit install them by sliding them into the DNM slots in the front panel If there is a plate covering the DNM slot remove it by unscrewing two thumb screws and then install t
Download Pdf Manuals
Related Search