Typically,.full-duplex.monitoring.with.a.network.tap.requires.two.NICs.(or. a.dual.channel.NIC).–.one.interface.for.each.side.of.the.tapped.full-duplex. connection ..The.Dual.Port.Aggregator.Tap.combines.and.regenerates.these. streams,.sending.all.aggregated.data.out.two.separate.passive.monitoring. ports ..The.best.part.of.this.innovation.is.the.onboard.memory.to.make.sure. traffic isn’t dropped during bursts. Response Ready When active responses to network events are required, the first monitoring port.can.be.changed.to.an.Active.Response.Port.using.a.hardware.switch ..The. Active.Response.Port.buffers.and.transmits.into.the.network.link.any.type. of.Ethernet.packet,.from.a.simple.TCP.reset.to.ICMP.messages ..The.Active. Response.Port.can.be.easily.switched.back.to.passive.monitoring.via.the. hardware.switch .. The.combination.of.active.response.capability.and.passive.monitoring.in. the.Tap.reduces.the.number.of.devices.and.network.ports.required.for.active. response.functionality . Buffering Prevents Lost Data The.Dual.Port.Aggregator.Tap.with.Active.Response.is.designed.to.handle.the.
Page 6
10/100 Port Aggregator Tap Simple to Deploy Net Optics’ Dual Port Aggregator Tap with Active Response is a simple plug- and-play.solution.addressing.the.fact.that.many.monitoring.systems,.including most.software.based.solutions,.only.offer.a.single.channel.NIC,.limiting.full- duplex.visibility ..While.adding.a.second.NIC.can.help.maintain.data.integrity. and visibility, there is a tradeoff in flexibility and ease-of-use. An operating system.and.NICs.that.enable.binding.are.often.required.to.achieve.the.same. functionality.as.the.Dual.Port.Aggregator.Tap ..In.contrast,.the.Dual.Port. Aggregator Tap requires no additional components or configuration on the monitoring.devices ..
Power LEDs ® ® Port Aggregator Port Aggregator with with Active Response Active Response www.netoptics.com www.netoptics.com Figure 1: PA-CU-AR Front Panel Power LEDs ® ® Dual Port Aggregator Tap Dual Port Aggregator Tap with with Active Response Active Response www.netoptics.com www.netoptics.com...
. The.following.three.diagrams.illustrate.a.simple.example.of.a.100.Mbps.NIC.. moving.from.80.percent.utilization,.to.140.percent.utilization,.then.back.to.80. percent.utilization ..If.you.have.PA-CU-AR.model,.there.is.only.one.monitor. port . State 1: Side A + Side B is less than or equal to 100% of the NIC's receive capacity. Example: On a 100 Mbps link, Side A is at 30 Mbps and Side B is at 50 Mbps.
Page 11
State 2: Side A + Side B becomes greater than 100% Example: There is a burst of traffic, so Side A is now at 90 Mbps while Side B remains at 50 Mbps. The NIC's utilization is at 140%, requiring the use of memory to help prevent data loss.
® Passive Dual Passive Dual Port Aggregator with Port Aggregator with Active Response Active Response www.netoptics.com www.netoptics.com To network switch or router Figure 7: Connecting to the Network LINK LINK LINK LINK LINK LINK To network switch or router 10/100 Port Aggregator Tap...
Connecting to the Monitoring Device(s) 1 .. Supply.power.to.the.Tap.using.the.power.supplies.included.with.the.unit .. Two.power.supplies.are.included ..The.use.of.the.second.redundant.power. supply.is.optional . Note: ________________________________________________________________ The second power supply is available to support the flow of traffic to the moni- toring device, in the event that the first power supply becomes unavailable. If the first power supply is unavailable, the second power supply will supply all power for the Tap.
Positions thru are inac- tive. To manually configure ports A, B, and C/D, turn switch to the OFF position. Positions thru are active. ON for Half-Duplex; turn OFF for Full-Duplex ON for 10 Mbps; turn OFF for 100 Mbps ON for Half-Duplex;...
10/100 Port Aggregator Tap Active Response Tap FAQs Q: What types of active responses are supported? A:.With.an.Active.Response.Dual.Port.Aggregator.Tap,.an.administrator.can. transmit.any.type.of.Ethernet.packet.back.into.the.original.link,.supporting.all. common.types.of.active.responses.generated.by.intrusion.detection.systems,. and.by.intrusion.prevention.systems.deployed.in.passive.mode ..The.most. common response types are TCP resets, and firewall rule changes. While the Tap.can.support.both.types.of.responses,.we.advocate.extreme.caution.in.dy- namically updating firewall rules due to the risk of disabling network services. Because most firewalls are managed out-of-band, however, it is unlikely that the.Regeneration.Tap.will.be.part.of.a.rule.change.scenario ..
Page 16
10/100 Port Aggregator Tap Active Response Tap FAQs (Continued) Q: How much bandwidth is available on the Active Response Port? A:.The.average.amount.of.bandwidth.for.active.responses.is.determined.by. the.average.available.capacity.on.the.link ..For.example,.on.a.100.Mbps.full- duplex.link,.if.transmission.from.device.A.to.device.B.averages.30.Mbps,.and. transmission.from.device.B.to.device.A.averages.at.50.Mbps,.then.there.is.an. average capacity on the first side for 70 Mbps, and on the second side for up to 50 Mbps of active response traffic.
If.you.have.a.problem.and.require.service,.please.call.the.number.listed.at.the.end.of.this.section.and. speak.with.our.technical.service.personnel ..They.may.provide.you.with.an.RMA.number,.which.must. accompany.any.returned.product ..Return.the.product.in.its.original.shipping.container.(or.equivalent). insured.and.with.proof.of.purchase . Additional Information Net Optics, Inc. reserves the right to make changes in specifications and other information contained in.this.document.without.prior.notice ..Every.effort.has.been.made.to.ensure.that.the.information.in. this.document.is.accurate ..Net.Optics.is.not.responsible.for.typographical.errors . THE.WARRANTY.AND.REMEDIES.SET.FORTH.ABOVE.ARE.EXCLUSIVE.AND.IN.LIEU.OF. ALL.OTHERS,.EXPRESS.OR.IMPLIED ..No.Net.Optics.reseller,.agent,.or.employee.is.authorized. to make any modification, extension, or addition to this warranty.