Page 1 Smart Network Access Modular System X ™ SmartNA-X 1G/10G Network Tapping Device User Guide v1.4...
Page 2: Table Of Contents
2 | Contents | SmartNA-X 1G/10G Modular Contents About this guide............................ 9 Audience..................................9 Conventions..................................9 Safety information............................... 9 Grounding.................................9 Power supply..............................9 Servicing................................9 Electrostatic discharge (ESD)..........................9 Chapter 1: Introduction....................10 About SmartNA-X..............................10 System features................................10 SmartNA-X chassis..............................11 Default settings................................11 System Management..............................13 Configuration options..............................
Page 3 SmartNA-X 1G/10G Modular | Contents | 3 Using the CLI to restore a configuration......................31 Downloading the system configuration........................31 Uploading a system configuration..........................32 Upgrade system firmware............................32 To upgrade the system firmware........................32 Installing Feature Packs.............................33 Installing a Feature Pack..........................33 Configuring system security............................34 Managing public host keys..........................34...
Page 4 4 | Contents | SmartNA-X 1G/10G Modular Chapter 9: Working with the Intelligent Packet Processor (IPP) Module.....69 Physical..................................69 Overview of the IPP operation..........................69 Detailed operation of the IPP module........................69 Matches................................69 Actions................................70 Transforms..............................70 Packet slicing..............................71 Committing changes after configuring the IPP module................71 Configuring the IPP module............................72...
Page 5 SmartNA-X 1G/10G Modular | Contents | 5 show banner..............................96 Network configuration commands..........................97 show ntp.................................97 create ntp................................97 delete ntp................................97 show ipv4...............................98 set ipv4 static..............................98 set ipv4 gateway............................98 set ipv4 dns..............................99 set ipv4 dhcp..............................99 show ipv6..............................100 set ipv6 static............................... 100 set ipv6 gateway............................
Page 6 6 | Contents | SmartNA-X 1G/10G Modular Port mapping commands............................123 show maps..............................123 set map................................. 123 delete map..............................125 clear maps..............................126 Filtering and load balancing commands......................... 127 set filter any..............................127 set filter anyip.............................. 128 set filter ipv4..............................130 set filter ipv6..............................133 set filter arp..............................136...
Page 7 SmartNA-X 1G/10G Modular | Contents | 7 set vline heartbeat packet..........................163 set vline slicing............................163 set vline breakout............................164 set vline aggregate............................165 set vline inject..............................165 Intelligent Packet Processor (IPP) Card Module Commands................. 167 create packetprocessor transform........................ 167 delete packetprocessor transform........................ 167 show packetprocessor transform.........................
Page 8 8 | Contents | SmartNA-X 1G/10G Modular Transport header Matches............................193 GRE header matches............................... 194 Layer above TCP/UDP............................195 IPP module preset Transforms..........................196 Appendix E: Supported MIBs..................198 Hardware warranty.......................... 199 Contacting Network Critical......................200 ™ © SmartNA-X 1G/10G User Guide 1.4...
Page 9: About This Guide
Electrostatic discharge can damage electrical components. SmartNA-X components are wrapped in antistatic bags to prevent this damage. Before handling SmartNA-X components, attach an antistatic wrist strap to a grounded metal surface to prevent electrostatic discharge from damaging your hardware. If you do not have a wrist strap, just prior to removing the product from ESD packaging and installing or replacing hardware, touch an unpainted metal surface for a minimum of 5 seconds.
Page 10: Chapter 1: Introduction
The SmartNA-X system is designed to work as an enterprise solution custom fit for any data centre, no matter the size. It has advanced packet filtering capabilities and flexible port maps and is able to filter 10G traffic to 1G tools, or aggregate 1G links to a 10G tool.
Page 11: Smartna-X Chassis
33 for information about adding a Feature Pack. SmartNA-X chassis The SmartNA-X chassis supports four independently operating, hot-swappable TAP modules, and provides two 10G bps ports at the rear. Each module has four ports that operate in pairs for connecting to a live network and network monitoring tools.
Page 12 12 | Introduction | SmartNA-X 1G/10G Modular Table 1: SmartNA-X default settings Function Default settings • Baud Rate: 9600 bps Console port connection • Data bits: 8 • Stop bits: 1 • Parity: None • IPv4 address: 192.168.254.100 IPv4 settings •...
Page 13: System Management
SmartNA-X commands, either remotely or direct from a PC connected serially. In addition to the web and CLI interfaces, SmartNA-X contains an SNMP agent that allows the system to be managed from SNMP stations, and SNMP hosts to receive notifications when alerts requiring administrator assistance occur.
Page 14: Tap On Individual Servers
The following figure shows a configuration with three servers and three TAPs, one for each server. Each TAP is connected to the AB ports of a SmartNA-X module (one module per server). If necessary, the resulting traffic streams can be aggregated before sending to a network tool. A fully populated SmartNA-X device with four modules installed allows up to four servers to be tapped (or more if C&D ports are used in TAP/failsafe mode).
Page 15: Tap After A Load Balancer
SmartNA-X 1G/10G Modular | Introduction | 15 Figure 4: TAP configuration before a load balancer TAP after a load balancer You can place TAPs after a load balancer to monitor a group of servers with a single TAP. In this location, you'll be able to observe which servers are responding to the requested information.
Page 16: Tap Between Internet Router And Firewall
How to set up a TAP You set up a TAP by connecting the SmartNA-X to your LAN and directing the received traffic to your network monitoring tools for capture or analysis. Once the TAP has been installed its presence is transparent to traffic flowing along that segment.
Page 17 SmartNA-X 1G/10G Modular | Introduction | 17 1. Connect your live network to TAP ports A and B. If you are connecting to a 10G network, you must connect to the AB ports of a 10G module fitted in slot 1 of the chassis. If connecting to a 1G network, you may use any of the AB ports, including those in slot 1.
Page 18 18 | Introduction | SmartNA-X 1G/10G Modular Figure 9: Configure port settings The equivalent CLI commands for port 3A shown in the above figure are as follows: CONTROLLER>select slot 3 SLOT3>set port A usage network SLOT3>set port A autoneg SLOT3>set port A mdi auto SLOT3>set port A speed auto...
Page 19: Chapter 2: Getting Started
Please contact Network Critical Support (support@networkcritical.com) if any item is missing from the package. Installing the chassis To prevent unregulated access, the SmartNA-X chassis should be installed in a secure server rack with access to authorized personnel only. Caution: Static electricity can damage sensitive electronic components. To discharge static, fit an antistatic wrist- strap or touch a bare metal surface before handling SmartNA-X components.
Page 20: Installing The Tap Modules
Cabling for administrative connections SmartNA-X provides dual administration ports for networked or serial access to the management interfaces. In most cases, users will connect to the system remotely over a network. When first setting up, you may need to use the CONSOLE in order to configure the network interface address.
Page 21: Management Port Cabling For Serial Access
• Parity: None 3. If the COM settings are correct, the SmartNA-X username prompt will be displayed on your terminal screen. 4. To log on, enter your SmartNA-X administrator username and password. If login is successful, the CONTROLLER> prompt is displayed, as shown below.
Page 22: Management Port Cabling For Network Access
Connecting locally using the supplied serial cable You can set up a local connection to SmartNA-X by attaching the supplied serial cable to the CONSOLE port and connecting it to a PC running a terminal program. Local connections provide access to the CLI only.
Page 23: Connecting To The System
See the following figure. Figure 14: The SmartNA-X web UI login page 3. Enter the SmartNA-X user ID and password, and then click Log in to access the web UI, as shown in the following figure. ™...
Page 24 24 | Getting Started | SmartNA-X 1G/10G Modular Figure 15: The SmartNA-X web UI 4. Use the port diagram to configure system and port settings, create port maps, work with traffic filters, and view diagnostic information as follows: • Click anywhere within the chassis area to access the following system-wide options: •...
Page 25: Connecting From A Terminal Client
15 minute idle timeout if you forget to logout. Connecting from a terminal client You can connect from a terminal client and use SmartNA-X commands to manage the system. To connect from a terminal client, you'll need: •...
Page 26: Manual Network Configuration
26 | Getting Started | SmartNA-X 1G/10G Modular Figure 16: System identity tab network address options Manual network configuration You can manually assign an IPv4 or IPv6 addresses (or both) to the device. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment.
Page 27 SmartNA-X 1G/10G Modular | Getting Started | 27 2. Select the Use DHCP checkbox. 3. Click Review/apply, review the changes you have made, and then click Apply to implement the new settings. After a short delay you will be logged out while changes are implemented. The system will begin broadcasting service requests.
Page 28: Chapter 3: Smartna-X Administration
28 | SmartNA-X Administration | SmartNA-X 1G/10G Modular Chapter SmartNA-X Administration Managing local users Local users are directly authenticated by the device, rather than by an external RADIUS/TACACS+ Authentication Server. When setting up a local user, you need to provide a username, a password, and an authorization level, either Administrator, Operator, or Auditor.
Page 29: Managing User Accounts
SmartNA-X 1G/10G Modular | SmartNA-X Administration | 29 • Name—Enter a new username. Spaces or UTF-8 characters are not permitted. Usernames are case-sensitive. • Authorisation level—Select an access level. • Password—Enter a password. Spaces or UTF-8 characters are not permitted. Passwords are case-sensitive.
Page 30: Managing The System Time
For these reasons, it is important that the time configured on the all devices on the network be accurate. Note: The SmartNA-X device supports Network Time Protocol (NTP) and when enabled, the device dynamically synchronizes the device time with the NTP server time. The device operates only as an NTP client, and cannot provide time services to other devices.
Page 31: Loading A Configuration
Downloading the system configuration You can download the system configuration to a text file for backup or transfer to another SmartNA-X device. The configuration file is a complete backup of the system, and includes network interface settings and user accounts with passwords removed.
Page 32: Uploading A System Configuration
3. Enter the Administrator username and password, and browse to the firmware file. Caution: Applying incompatible firmware may render the device inoperable. Before applying a firmware update always check the file is compatible with your device. Contact Network Critical Support for advice if you are unsure.
Page 33: Installing Feature Packs
Figure 21: The Firmware update window Installing Feature Packs Feature Packs are add-ons that can be installed to add additional features to SmartNA-X device be installed to add extra port features for aggregation, filtering and load balancing. Each pack feature pack activates up to any eight device ports across the full compliment of ports that are available. For example, installing an Aggregation &...
Page 34: Configuring System Security
SmartNA-X’s. The first time you connect to SmartNA-X with an SSH client, the client will warn you that the host keys are not in your local cache and show you the actual host key presented by SmartNA-X. Your client will most likely give you the option of trusting the key, adding it to your local cache (see the following example output).
Page 35: Configuring Management Access
SmartNA-X 1G/10G Modular | SmartNA-X Administration | 35 Figure 23: Upload SSL certificate page 3. Enter the Administrator username and password, and browse to the certificate file. The certificate file must be in a .tar.bz2 file format, and must contain the following two files only: NetworkCritical.crt—X.509 certificate file (PEM-encoded;...
Page 36: Configuring Tacacs+ Authentication Servers
Figure 24: The Edit authentication types dialog Configuring TACACS+ authentication servers The SmartNA-X device can be configured as a Terminal Access Controller Access Control System (TACACS+) client that relies on a TACACS+ server to provide centralized security, authorizing and authenticating users attempting to access and administer the unit.
Page 37 SmartNA-X 1G/10G Modular | SmartNA-X Administration | 37 TACACS+ workflow This device uses CHAP (Challenge-Handshake Authentication Protocol) when authenticating users with the TACACS+ server. To use a TACACS+ server, do the following: 1. Open an account for a user on the TACACS+ server.
Page 38: Configuring Radius Authentication Servers
38 | SmartNA-X Administration | SmartNA-X 1G/10G Modular Figure 27: Add TACACS+ server window Configuring RADIUS authentication servers Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X or MAC-based network access control. The device is a RADIUS client that can use a RADIUS server to provide centralized security.
Page 39: Managing Transaction Logging
Accounting gives the ability to track usage, such as user access, the ability to log the data gathered to a database, and the ability to produce reports on the data gathered. Although the SmartNA-X does not locally support accounting, you can enable an AAA accounting server running RADIUS or TACACS+ and have accounting information logged by the AAA server.
Page 40 40 | SmartNA-X Administration | SmartNA-X 1G/10G Modular Add TACACS+ accounting servers 1. Click on the chassis and select the Security tab. Any existing TACACS+ accounting servers are shown in the TACACS+ accounting dialog, shown below. Figure 31: TACACS+ accounting servers list 2.
Page 41: Rebooting The System
SmartNA-X 1G/10G Modular | SmartNA-X Administration | 41 Figure 33: Add RADIUS server dialog 3. Click Add server. The server is added to the list of RADIUS accounting servers. Note: If you have multiple servers set up, you can organize server priority with the Arrange control by dragging the servers into the required order.
Page 42: Chapter 4: Configuring Ports
Configuring Ports The SmartNA-X chassis can house up to four independently operating modules. Each module contains four ports (A–D), which operate in pairs (AB and CD). At the rear of the chassis are two 10G ports (R0 and R1). All ports support full-rate data throughput at the advertised rate, and can be mapped to any other port regardless of any differing physical properties.
Page 43 The SmartNA-X TAP modules have a feature called "fast-failsafe" that minimises the interruption to traffic when power is restored, by reducing the probability of an auto-negotiation process. To take advantage of this feature, use LFP (not LMP), and it is advisable to set both sides to advertise only 1G full-duplex, and to set both sides' MDI settings to non- auto (that is, MDI or MDI-X).
Page 44: Configuring Port Settings
44 | Configuring Ports | SmartNA-X 1G/10G Modular The recommended advice on avoiding duplex mismatches is to: • Enable auto-negotiation on both ports, or • Turn off auto-negotiation and use the same fixed duplex setting on both ports. Configuring port settings Configure port settings to specify description and usage information, to secure ports by locking them or enabling auto- lock, and to specify communication options and a TAP failsafe mode when working with copper ports.
Page 45 SmartNA-X 1G/10G Modular | Configuring Ports | 45 Figure 35: Port configuration dialog (RJ/copper port) Configuring port traffic thresholds Traffic thresholds can be set on each port to warn when traffic levels are reaching the port's maximum carrying capacity (this option is not available for ports in V-Line modules). Should the traffic level exceed the high threshold level, an SNMP system notification will be sent to all configured SNMP hosts.
Page 46: Viewing Port Statistics
46 | Configuring Ports | SmartNA-X 1G/10G Modular Viewing port statistics For each port (except V-Line ports) the system provides details for the total number of bytes sent and received, port utilization percentages, undersized and fragmented packet errors, and other statistical information. For SFP ports, the system also provides transceiver and physical link information.
Page 47 SmartNA-X 1G/10G Modular | Configuring Ports | 47 Figure 38: Errors statistics for ports 1C and 2B Viewing SFP information The SFP tab shows information about the transceiver and physical link for the selected SFP port(s). Figure 39: SFP information for ports 1A and 1B ™...
Page 48: Chapter 5: Moving Traffic With Maps
48 | Moving Traffic With Maps | SmartNA-X 1G/10G Modular Chapter Moving Traffic With Maps Traffic is moved around the system by “maps” between source (ingress) and destination (egress) ports. To create a map in the web UI, select the source port and drag to the destination port to create a line between the two ports. To create a map in the CLI, use the set map command and specify the source and destination ports.
Page 49 SmartNA-X 1G/10G Modular | Moving Traffic With Maps | 49 Figure 43: A one-to-many (Replication) map ™ © SmartNA-X 1G/10G User Guide 1.4 2015 Network Critical Solutions Limited...
Page 50: Chapter 6: Restricting Traffic With Filters
50 | Restricting Traffic with Filters | SmartNA-X 1G/10G Modular Chapter Restricting Traffic with Filters By default, a map will send a copy of all packets that enter its source port(s) out of its destination port(s). You can apply “filters” to a map, so that only packets that match criteria you specify will pass.
Page 51: Packet Header Filtering Criteria
SmartNA-X 1G/10G Modular | Restricting Traffic with Filters | 51 3. Enter a unique name for the filter. The name will be used to label maps where the filter is applied. 4. From Packet type, select the packet type to filter on. The packet type corresponds approximately to the EtherType in the packet header, and determines which additional layer 2, 3 and 4 filter fields are available.
Page 52 52 | Restricting Traffic with Filters | SmartNA-X 1G/10G Modular Table 2: Layer 2 headers Header type Filtering options VLAN tag Filters by VLAN number. The following caveats should be noted when filtering by VLAN: • When a filter is set to permit VID 1, untagged packets will still be forwarded.
Page 53 SmartNA-X 1G/10G Modular | Restricting Traffic with Filters | 53 Header type Filtering options • 100, 150—Multiple labels. Multiple labels may each use a range or mask. Table 3: Layer 3 headers Header type Filtering options IPv4 addressing Filters by IPv4 address. You may give either a single...
Page 54 54 | Restricting Traffic with Filters | SmartNA-X 1G/10G Modular Header type Filtering options • 2000:abcd:0:0:0:0:77:88—A single address • 2000:abcd::77:88—A single address (eliding a single run of zero segments) 2000:abcd::77:88-99—A range address (inclusive) • 2000::*—A wildcard (here: 2000::0-ffff ) •...
Page 55: Defining Custom Fields
SmartNA-X 1G/10G Modular | Restricting Traffic with Filters | 55 Header type Filtering options • 0/1—A value/mask pair (here: all even types) • 10,12,14—Multiple types (use commas to separate values, no spaces). Types may each use a range or mask.
Page 56: Applying Filtering
56 | Restricting Traffic with Filters | SmartNA-X 1G/10G Modular Applying filtering To apply filtering, click on a map, select the relevant filter(s) from the list of defined filters, and choose either Ignore (let all packets pass), Require (let only matching packets pass), or Exclude (let only non-matching packets pass).
Page 57: Chapter 7: Load Balancing
Load-balancing scalability SmartNA-X supports up to eight independent load balancing groups. The packet headers used to balance each group may be different, but there is a limit of three headers per group. There is no fixed limit on how many ingress ports may be aggregated to feed into a group, and there is no fixed limit on how many egress ports a group’s traffic may be shared among.
Page 58: Load Balancing - Best Practices And Limitations
Egress ports for load balanced groups may still be used as destinations for the normal mapping and filtering functions of SmartNA-X systems. For example, if tools are monitoring a protocol that has separate control and data channels, it is possible to load balance the data channel traffic across a set of tool ports, but still to replicate all control channel data to all of those tool ports at the same time.
Page 59 SmartNA-X 1G/10G Modular | Load Balancing | 59 Figure 46: Map A and B ports 2. Select ports 3A and 3B and then drag to load balancing group LB1. Figure 47: Map ports 3A, 3B to LB1 3. Optionally add filters to remove unwanted packets prior to load balancing.
Page 60 60 | Load Balancing | SmartNA-X 1G/10G Modular Figure 50: Choose load balancing policy headers 7. Click Review/apply and review pending changes. To apply these changes to the system, click Apply changes or click 'X' to cancel. The complete set of CLI commands for the example configuration are shown below.
Page 61: Chapter 8: Working With The V-Line Module
Optionally, packets received on the live network ports (A, B) can be passed to other modules in the system with or without slicing the packets to a pre-set length. The slicing length can be set independently for each port. ™ © SmartNA-X 1G/10G User Guide 1.4 2015 Network Critical Solutions Limited...
Page 62: Breakout Mode
62 | Working with the V-Line Module | SmartNA-X 1G/10G Modular Figure 51: V-Line auto-bypass mode: Tool 4 has failed and is being bypassed but Tools 1-3 continue to receive data. Figure 52: V-Line reverse-bypass mode: Tool 4 has failed and the network has been stopped until Tool 4 is back online.
Page 63: Aggregation Mode
SmartNA-X 1G/10G Modular | Working with the V-Line Module | 63 Aggregation mode V-Line Module Aggregation mode allows traffic from the live ports (A, B) to be copied and aggregated to tool ports (C, D) in the same module or in a different mode, as shown in the following figures.
Page 64: Configuring The V-Line Operational Mode
64 | Working with the V-Line Module | SmartNA-X 1G/10G Modular Configuring the V-Line operational mode Depending on how you want to integrate your network tools into the TAP, V-Line Modules can be configured to operate in V-Line mode, Breakout mode, Aggregation mode, or Egress mode.
Page 65: Configure Breakout Mode
SmartNA-X 1G/10G Modular | Working with the V-Line Module | 65 Note: Slicing applies to the ingress traffic mapped to other system ports, not to the Live Ports themselves. 4. Configure port communication settings, noting the following requirements for effective port communications: Mapping to other TAP modules If a V-Line module is mapped to another TAP module, the V-Line module ports must be set to 1G bps.
Page 66: Configure Aggregation Mode
66 | Working with the V-Line Module | SmartNA-X 1G/10G Modular Breakout A → C—Select the check box to add a breakout mapping from Port A to Port C. Traffic received on A • is copied to C. • Breakout B → D—Select the check box to add a breakout mapping from Port B to Port D. Traffic received on B is copied to D.
Page 67: Configure Egress Mode
SmartNA-X 1G/10G Modular | Working with the V-Line Module | 67 • Inject C → A—Select the check box to inject traffic on Port C into Port A. When injecting packets back into the live network, the maximum packet size (MTU) supported is 1536 bytes.
Page 68 68 | Working with the V-Line Module | SmartNA-X 1G/10G Modular Figure 61: V-Line Module: Egress mode ™ © SmartNA-X 1G/10G User Guide 1.4 2015 Network Critical Solutions Limited...
Page 69: Chapter 9: Working With The Intelligent Packet Processor (Ipp) Module
1G bps module in slots 1 and R (the rear slot). No physical ports are present on the front panel – traffic flows are internal to the SmartNA-X and maps are created to and from other ports in the system in the usual way.
Page 70: Actions
70 | Working with the Intelligent Packet Processor (IPP) Module | SmartNA-X 1G/10G Modular The system allows for the creation of custom Matches, where the start bit, width and value are specified by the user, and pre-configured 'named Matches', where the user just needs to specify the name of a Match and the system automatically sets the start bit, width and value.
Page 71: Packet Slicing
SmartNA-X 1G/10G Modular | Working with the Intelligent Packet Processor (IPP) Module | 71 Packet slicing In addition to transforming bytes within the packet header, the IPP module can also be used to slice packets egressing from a port to a given byte length. The slice size includes the CRC, which is recalculated to match the modified packet.
Page 72: Configuring The Ipp Module
72 | Working with the Intelligent Packet Processor (IPP) Module | SmartNA-X 1G/10G Modular Configuring the IPP module Configure the IPP module by creating a Transform and a set of Matches and Actions. Add the Matches and Actions to the Transform and apply it to a port.
Page 73 SmartNA-X 1G/10G Modular | Working with the Intelligent Packet Processor (IPP) Module | 73 CONTROLLER>create packetprocessor transform "remove v2 header" Step 2: Create a set of Matches The next step is to add one or more Matches to the Transform. A Match consists of a start-bit, a length, and a value. You...
Page 74: Example Transforms
74 | Working with the Intelligent Packet Processor (IPP) Module | SmartNA-X 1G/10G Modular CONTROLLER> select slot 1 SLOT1>set port A packetprocessor transform 7 "remove v2 header" Step 5: Optionally set a packet slicing size to a port The next step is to optionally slice packets egressed from a IPP port to a given length. When slicing is applied, all packets egressed will be no longer than the specified Slice length, which is defined in bytes and includes the CRC bytes.
Page 75 SmartNA-X 1G/10G Modular | Working with the Intelligent Packet Processor (IPP) Module | 75 Matches: EtherType-IPv6 Version-IPv6 GRE-KS-L=3-IPv6 Delete the 10 word IPv6 header and 3 word GRE header: Action: action 112 delete 52 Saving and applying a Transform to remove delivery header and 8 byte GRE header from untagged 20 byte IPv4 packets create packetprocessor transform "IPv4:20 remove GRE:8"...
Page 76: Chapter 10: Snmp
76 | SNMP | SmartNA-X 1G/10G Modular Chapter SNMP Enabling SNMP The SNMP agent on this device is disabled by default. Enable the agent to allow SNMP hosts and management stations to connect with this device. 1. Click on the chassis and select the SNMP tab.
Page 77: Snmp Workflow
SmartNA-X 1G/10G Modular | SNMP | 77 • Authentication—Provides data integrity and data origin authentication. • Privacy—Protects against disclosure message content. Cipher Block- Chaining (CBC) is used for encryption. Either authentication alone is enabled on an SNMP message, or both authentication and privacy are enabled on an SNMP message.
Page 78: Defining Notification (Trap) Settings
78 | SNMP | SmartNA-X 1G/10G Modular Figure 64: The SNMP Local Engine ID Defining notification (trap) settings The Send notifications checkboxes allow you specify which SNMP notifications to send from this device. The recipients of the SNMP notifications can be configured in the SNMP Notification Hosts dialog (see the figure below).
Page 79: Configuring Notification Hosts
SmartNA-X 1G/10G Modular | SNMP | 79 • Port link-down state (linkDown) • Data rate above high threshold (nctapNotifyXSTrafficOver) • Data rate below low threshold (nctapNotifyXSTrafficUnder • TAP module inserted or removed (nctapNotifyCard) • Failed login attempt (ncUnauthorisedAccess) 3. Click Review/apply and review pending changes. To apply these changes to the system, click Apply changes or click 'X' to cancel.
Page 80: Define Snmpv1/V2 Communities
80 | SNMP | SmartNA-X 1G/10G Modular Figure 67: The SNMP Communities dialog for SNMP v1 and v2 Define SNMPv1/v2 communities 1. Click on the chassis and select the SNMP tab. 2. In the Traditional access control area, click Configure communities. The SNMP Communities dialog displays.
Page 81: Defining Snmp Users
SmartNA-X 1G/10G Modular | SNMP | 81 3. Create groups. 4. Define the views that the group will be restricted to. 5. Define an access policy for the group. Defining SNMP users An SNMP user is defined by the login credentials (username, passwords, and authentication method), and by the context and scope in which it operates by association with a group and an Engine ID.
Page 82: Mapping Snmpv1/V2 Users To Securitynames
82 | SNMP | SmartNA-X 1G/10G Modular Figure 70: The SNMP Add user dialog Mapping SNMPv1/v2 users to SecurityNames Clients that connect using SNMPv1/v2 must be mapped onto a “security name” and added to a group, the same as SNMPv3 users.
Page 83: Creating Snmp Groups
SmartNA-X 1G/10G Modular | SNMP | 83 6. Click Review/apply and review pending changes. To apply these changes to the system, click Apply changes or click 'X' to cancel. Figure 72: The SNMP Add community dialog for VACM Creating SNMP groups SNMPv3 provides for a way to control which events authorized and authenticated users can see and perform by associating each user with a group.
Page 84: Defining Snmp Views
84 | SNMP | SmartNA-X 1G/10G Modular 6. Click Review/apply and review pending changes. To apply these changes to the system, click Apply changes or click 'X' to cancel. Figure 74: The SNMP Add/Edit group member dialog Defining SNMP views A view is a user-defined label for a collection of MIB tree subtrees.
Page 85: Defining The Group Access Policy
SmartNA-X 1G/10G Modular | SNMP | 85 7. Click Review/apply and review pending changes. To apply these changes to the system, click Apply changes or click 'X' to cancel. Figure 76: The SNMP Add/Edit view member dialog Defining the group access policy The group access policy defines the access rights per group and the minimum security model and security level required to access the group.
Page 86 86 | SNMP | SmartNA-X 1G/10G Modular Security model—Specify the security model for the view, either any security model, SNMPv1, SNMPv2c, • SNMPv3 USM. Access will only be granted if the security model matches the request. • Security level—Specify the security level for the view. Access will only be granted if the security of the request meets the minimum requirement specified here.
Page 87: Chapter 11: Command Line Reference
Chapter Command Line Reference CLI notation This manual uses standard command-line notation for SmartNA-X CLI commands. Format Description Command Command keywords (not case-sensitive). Variable Placeholder for which you must supply a value. If more than one variable can be entered, angled brackets “< >” are used to differentiate placeholders.
Page 88: General Cli Commands
88 | Command Line Reference | SmartNA-X 1G/10G Modular General CLI commands This section provides reference information for general CLI commands. Help Use the help command to display help for the command interpreter (CLI), and usage information for authorization, network, filter, map, port, SNMP, and Load Balancing commands.
Page 89: Commit
SmartNA-X 1G/10G Modular | Command Line Reference | 89 'create settings <name>' allows you to save the current configuration to permanent memory under the specified name. 'restore <name>' discards any parameter changes you may have made and reverts to the settings previously saved as <name>.
Page 90: Create Settings
90 | Command Line Reference | SmartNA-X 1G/10G Modular create settings Use the create settings command to save the current configuration to permanent memory. The configuration includes port settings, port mappings, any filters that have been defined, and the current SNMP configuration.
Page 91: Reboot
OK reboot Use the reboot command to restart the SmartNA-X system Controller, or the currently selected module in the CLI. The system takes around two minutes to restart, during which time access to the management interfaces will not be available.
Page 92: Exit
92 | Command Line Reference | SmartNA-X 1G/10G Modular Parameters mins Specify a timeout, in minutes, for CLI sessions. Valid range 1–1440 (1 minute to 24 hours). Default value 15 minutes. Use 0 to disable session timeouts. Example Set the CLI session timeout to 30 minutes: CONTROLLER>set timeout 30...
Page 93: System Name, Contact And Location
SmartNA-X 1G/10G Modular | Command Line Reference | 93 System name, contact and location This section provides reference information for system name, contact and location commands. show system Use the show system command display information about the system, including device name, contact and location information, MAC, network interface addresses (IPv4 and IPv6), chassis up time and PSU status.
Page 94: Set Name
94 | Command Line Reference | SmartNA-X 1G/10G Modular Parameters This command has no arguments or keywords. Example Report the system name: CONTROLLER>show name NC-unit14 copper SFP+ mixed set name Use the set name command to enter a system name for the device installation.
Page 95: Show Contact
SmartNA-X 1G/10G Modular | Command Line Reference | 95 Example Set location information to “Secure rack A”: CONTROLLER>set location Secure rack A CONTROLLER>show location Secure rack A show contact Use the show contact command to report contact details (blank by default).
Page 96: Show Banner
96 | Command Line Reference | SmartNA-X 1G/10G Modular Example CONTROLLER>set banner 1 This SmartNA-X device is CONTROLLER>set banner 2 filtering for HTTP/S packets entering VLAN 23 on the CONTROLLER>set banner 3 main data network. show banner Use the show banner command to display the current banner message.
Page 97: Network Configuration Commands
SmartNA-X 1G/10G Modular | Command Line Reference | 97 Network configuration commands This section provides reference information for network configuration commands. show ntp Use the show ntp command to display the NTP time-server address. Syntax show ntp Parameters This command has no arguments or keywords.
Page 98: Show Ipv4
98 | Command Line Reference | SmartNA-X 1G/10G Modular show ipv4 Use the show ipv4 command to show the current network interface IPv4 settings, including mode (static or dynamic), IPv4 address, IPv4 gateway, netmask, and any configured DNS server. Syntax...
Page 99: Set Ipv4 Dns
SmartNA-X 1G/10G Modular | Command Line Reference | 99 Syntax set ipv4 gateway ipv4-address Parameters ipv4-address Specify the IPv4 address of the gateway, in dotted-decimal format (a.b.c.d). Example Define IPv4 gateway 192.168.0.1, and then exit the CLI to implement: CONTROLLER>set ipv4 gateway 192.168.0.1 Network settings will take effect when you exit CLI.
Page 100: Show Ipv6
100 | Command Line Reference | SmartNA-X 1G/10G Modular Parameters This command has no arguments or keywords. Example Configure the device to acquire an IP address from a DHCP server: CONTROLLER>set ipv4 dhcp CONTROLLER>exit Exiting CLI Connection to 192.168.0.122 closed.
Page 101: Set Ipv6 Gateway
SmartNA-X 1G/10G Modular | Command Line Reference | 101 CONTROLLER>set ipv6 static 2001:db8::52:0:21 64 gateway 2001:db8::52:0:10 Network settings will take effect when you exit CLI. exit to enable new network settings CONTROLLER>exit Exiting CLI exit to enable new network settings...
Page 102: Local Users Commands
102 | Command Line Reference | SmartNA-X 1G/10G Modular Local users commands This section provides reference information for local user accounts commands. show users Use the show users command to produce a list of local user accounts, including usernames and associated security levels.
Page 103: Delete User
SmartNA-X 1G/10G Modular | Command Line Reference | 103 delete user Use the delete user command to remove local user accounts. This command cannot be used to manage users on a RADIUS/TACACS+ server. Syntax delete user username Parameters username Specify the username of the account to be deleted.
Page 104 104 | Command Line Reference | SmartNA-X 1G/10G Modular CONTROLLER>set user Admin password myAdminPassword Changing password for user Admin ™ © SmartNA-X 1G/10G User Guide 1.4 2015 Network Critical Solutions Limited...
Page 105: Authentication And Accounting Services Commands
SmartNA-X 1G/10G Modular | Command Line Reference | 105 Authentication and accounting services commands This section provides reference information for server authentication and accounting services commands. set authentication Use the set authentication command to configure the authentication scheme for users logging in to the system. The scheme may contain one or more authentication methods specified in priority order.
Page 106: Delete Radius Authserver
106 | Command Line Reference | SmartNA-X 1G/10G Modular user1 Cleartext-Password := “User1Password Reply-Message = "audit" user2 Cleartext-Password := “User2Password Reply-Message = "user" user3 Cleartext-Password := “User3Password Reply-Message = "admin" Syntax create radius authserver ipv4 port-id shared-secret Parameters • ipv4 Specify the IPv4 address of the RADIUS Authentication server to add.
Page 107: Delete Radius Accserver
SmartNA-X 1G/10G Modular | Command Line Reference | 107 Parameters ipv4 Specify the IPv4 address of the RADIUS Accounting server to add. • • port Specify the RADIUS Accounting server port number (usually 1813). • shared-secret Specify the server-client shared secret (if set).
Page 108: Delete Tacacs Authserver
108 | Command Line Reference | SmartNA-X 1G/10G Modular This device uses CHAP (Challenge-Handshake Authentication Protocol) when authenticating users with the TACACS+ server. On the TACACS+ server, you must configure the user or group privileges to 1 for an Audit user, 2 for an Operator, or 3 for an Administrator.
Page 109: Delete Tacacs Accserver
SmartNA-X 1G/10G Modular | Command Line Reference | 109 • shared-secret Specify the server-client shared secret (if set). Example Add the following TACACS+ accounting server; show all TACACS+ servers: • Address: 192.168.10.26 • Shared-secret: tacacsSecret CONTROLLER>create tacacs accserver 192.168.10.26 tacacsSecret CONTROLLER>show tacacs No authentication servers Accounting server 192.168.10.26...
Page 110: Module Commands
110 | Command Line Reference | SmartNA-X 1G/10G Modular Module commands This section provides reference information for module commands. select Use the select command to select an installed chassis module by specifying its slot number. A slot must be selected before you can configure or query the module it contains.
Page 111: Show Counters
SmartNA-X 1G/10G Modular | Command Line Reference | 111 System Temperature High Threshold: 80 show counters Use the show counters command to display traffic volumes through each port of the currently selected module. Counters are reset following a system restart or can be reset manually with the clear counters command.
Page 112: Set Temperaturehigh
112 | Command Line Reference | SmartNA-X 1G/10G Modular CONTROLLER>select slot 3 SLOT3>show temperaturehigh Temperature High Threshold: 80 set temperaturehigh Use the set temperaturehigh command to specify a high-temperature value for the chassis or a slot/module. If the temperature exceeds this level, SNMP sends notifications to configured hosts when health notifications are enabled.
Page 113 SmartNA-X 1G/10G Modular | Command Line Reference | 113 Parameters This command has no arguments or keywords. Example Show traffic errors for slot 3: CONTROLLER>select slot 3 SLOT3>show errors Port UnderSize Fragments OverSize Jabber RxError FCS_Error The following table describes the errors reported:...
Page 114: Port Settings Commands
114 | Command Line Reference | SmartNA-X 1G/10G Modular Port settings commands This section provides reference information for port settings commands. show port Use the show port command to display a port's properties, including its speed, lock status, autolock status, and physical type.
Page 115: Set Port Autolock
SmartNA-X 1G/10G Modular | Command Line Reference | 115 : set mdi-x actual mdi-x mastering : set preferslave actual master autoneg : auto : off autolock : on lock : off description : Web router downstream port usage : network...
Page 116: Set Port Name/Description
116 | Command Line Reference | SmartNA-X 1G/10G Modular Parameters • port-id Specify the port letter to set or show. A–D for front ports; 0 or 1 for rear ports. Manual Use the port settings for speed and duplex. • • Auto Auto-negotiate the port speed and duplex with a link partner.
Page 117: Set Port Duplex
SmartNA-X 1G/10G Modular | Command Line Reference | 117 set port duplex (Copper ports only) Use the set port duplex command to specify a duplex setting for a port, either half-duplex, full- duplex, or auto-duplex (default). If using fixed duplex, ensure the link partner matches the same setting.
Page 118: Set Port Mastering
118 | Command Line Reference | SmartNA-X 1G/10G Modular autolock : on lock : on description: Web router downstream port usage : network port type : Registered Jack 45 (RJ45) PORT UP traffic threshold low : 0 traffic threshold high: 100 set port mastering (Copper ports only) Use the set port mastering command to set the port mastery mode for a copper port.
Page 119: Set Port Name
SmartNA-X 1G/10G Modular | Command Line Reference | 119 • MDI-X Set MDI-X (crossover) mode. Example Set port 3A MDI to MDI-X: CONTROLLER>select slot 3 SLOT3>set port A mdi mdi-x SLOT3>show port A speed : set auto actual 1G duplex : set auto actual full...
Page 120: Set Port Speed
120 | Command Line Reference | SmartNA-X 1G/10G Modular set port speed Use the set port speed command to set the maximum speed for the specified port. The maximum value permitted depends on the capabilities of the port type. Copper ports can also be set to auto (the default setting), whereby the port negotiates the maximum speed with the link partner.
Page 121: Set Port Traffichigh
SmartNA-X 1G/10G Modular | Command Line Reference | 121 Example Set port 3A to TAP mode LFP: CONTROLLER>select slot 3 SLOT3>set port A tap lfp speed : set auto actual 1G duplex : set auto actual full : set mdi-x actual mdi-x...
Page 122: Set Port Usage
122 | Command Line Reference | SmartNA-X 1G/10G Modular : set mdi-x actual mdi-x mastering : set preferslave actual master autoneg : auto : off autolock : on lock : off description: Web router downstream port usage : network port type...
Page 123: Port Mapping Commands
SmartNA-X 1G/10G Modular | Command Line Reference | 123 Port mapping commands This section provides reference information for packet mapping commands. show maps Use the show maps command to list details of each port map (committed and uncommitted). Details include source and destination ports for each map, and any required and excluded filters applied to the map.
Page 124 124 | Command Line Reference | SmartNA-X 1G/10G Modular Packets received on a starting port are sent to all mapped ending ports. Maps that originate from the same source port are independent of one another, so traffic flowing along a map is treated entirely separately from other maps originating from the same source.
Page 125: Delete Map
SmartNA-X 1G/10G Modular | Command Line Reference | 125 My Filter Destination Ports: Source Ports: Destination Ports: port 1C port 1D port 2C port 2D CONTROLLER>commit Committing maps and vline delete map Use the delete map command to remove the specified map, as identified by its map number when you run the show maps command.
Page 126: Clear Maps
126 | Command Line Reference | SmartNA-X 1G/10G Modular Destination Ports: Source Ports: Excluded Filters: SMTP Destination Ports: CONTROLLER>delete map 4 CONTROLLER>show maps Source Ports: Destination Ports: Source Ports: Destination Ports: Source Ports: Excluded Filters: HTTP Destination Ports: Source Ports:...
Page 127: Filtering And Load Balancing Commands
SmartNA-X 1G/10G Modular | Command Line Reference | 127 Filtering and load balancing commands This section provides reference information for packet filtering commands. set filter any Use the set filter any command to create filters for packets that match ether-types IPv4, IPv6, ARP or MPLS. The filter can be further refined by specifying layer 2, 3 and/or layer 4 headers, plus any user pre-defined custom fields.
Page 128: Set Filter Anyip
128 | Command Line Reference | SmartNA-X 1G/10G Modular CONTROLLER> Define a filter that matches any packets with a pre-defined custom field ("CF-1") value of 123 . Review and commit to the system. CONTROLLER>set filter "Example filter" any customfield "CF-1" 123 CONTROLLER>show filters...
Page 129 SmartNA-X 1G/10G Modular | Command Line Reference | 129 MAC src, dest, either mac-id Filter by MAC address source, destination, or either. Use one of the following formats to specify a single MAC address or multiple MAC addresses: • 01:23:45:67:89:ab 01:23:45:67:89:ab,01:23:45:67:89:ac (use commas to separate values, no spaces) •...
Page 130: Set Filter Ipv4
130 | Command Line Reference | SmartNA-X 1G/10G Modular Committing maps and vline Committing filters CONTROLLER> Define a filter that matches IP packets with the TCP RST flag set. Review and commit to the system. CONTROLLER>set filter "Example filter" anyip protocol tcp rst 1 CONTROLLER>show filters...
Page 131 SmartNA-X 1G/10G Modular | Command Line Reference | 131 Parameters filter-name Specify a unique, case-sensitive, name for the filter. The name may contain spaces, but if it does it must be contained in quotes "..." (the name cannot itself contain quotes).
Page 132 132 | Command Line Reference | SmartNA-X 1G/10G Modular • 80, 8080—HTTP • 443—HTTPS • 25—SMTP • 20-21—FTP • 989, 990—FTPS • 22—SSH • 23—Telnet FIN, SYN, RST, PSH, ACK, URG, ECE, CWR value Filter on the specified flag when filtering by TCP packets (protocol number 6).
Page 133: Set Filter Ipv6
SmartNA-X 1G/10G Modular | Command Line Reference | 133 port source : 80,8080,443 ipv4 source : 10.10.0.* destination : 192.168.0.* CONTROLLER>commit Committing maps and vline Committing filters CONTROLLER> Define a filter that matches IPv4 packets with an ICMP type field of 6, and a pre-defined custom field (called "CF-1") value of 8.
Page 134 134 | Command Line Reference | SmartNA-X 1G/10G Modular 100,150 several tags (use commas to separate values, no spaces) • PCP level Filter by Priority Code Point (user priority) from a VLAN header. You may use the following formats when specifying levels: •...
Page 135 SmartNA-X 1G/10G Modular | Command Line Reference | 135 • 20-21—FTP • 989, 990—FTPS • 22—SSH • 23—Telnet FIN, SYN, RST, PSH, ACK, URG, ECE, CWR value Filter on the specified flag when filtering by TCP packets (protocol number 6). For each flag the following values may be set: •...
Page 136: Set Filter Arp
136 | Command Line Reference | SmartNA-X 1G/10G Modular set filter arp Use the set filter arp command to create filters for packets that match packets of ether-type ARP. The filter may be further refined by specifying ARP layer 2 and/or layer 3 headers, plus any user pre-defined custom fields within the ARP scope.
Page 137: Set Filter Mpls
SmartNA-X 1G/10G Modular | Command Line Reference | 137 Use commit command to configure the switch with these. filters Example filter packetType : arp ipv4 source : 10.10.0.* destination : 01:23:45:67:89:ab,01:23:45:67:89:ac CONTROLLER>commit Committing maps and vline Committing filters CONTROLLER> Define a filter that matches ARP packets to destination 192.168.1.1 with a custom field ("CF-1") value of 7. Review and commit to the system.
Page 138: Set Customfield
138 | Command Line Reference | SmartNA-X 1G/10G Modular Example Define a filter that matches MPLS packets with MPLS labels 0-3, 24 and 25. Review and commit to the system. CONTROLLER>set filter "Example filter" mpls label 0-3,24,25 CONTROLLER>show filters Use commit command to configure the switch with these.
Page 139: Set Lbheaders
SmartNA-X 1G/10G Modular | Command Line Reference | 139 Parameters customfield-name Specify a unique name for the custom field. The name you enter here will be used later when • defining filters. The name may contain spaces, but if it does it must be contained in quotes "..." (the name cannot itself contain quotes).
Page 140: Delete Filter
140 | Command Line Reference | SmartNA-X 1G/10G Modular Changes are only activated following a commit command. Syntax set lbheaders LoadBalancerGroup { LB1 | LB2 | LB3 | LB4 } { vlan | mac_src | mac_dest | ipv4_src | ipv4_dest | ipv6_src | ipv6_dest | port_src | port_dest } Parameters LoadBalancerGroup Specify the Load Balancer Group for the load balance policy configuration, for example LB1.
Page 141: Delete Customfield
SmartNA-X 1G/10G Modular | Command Line Reference | 141 Committing maps, filters and vline delete customfield Use the delete customfield command to delete a custom field definition. Syntax delete customfield customfield-name Parameters customfield-name Specify the name of the custom field. The name may contain spaces, but if it does it must be contained in quotes "...".
Page 142: Show Lbheaders
142 | Command Line Reference | SmartNA-X 1G/10G Modular Example CONTROLLER>show customfields Use commit command to configure the switch with these. Custom fields CF-1 scope : ipv4 anchor : l3header offset : 22 bits length : 16 bits show lbheaders Use the show lbheaders command to list load balance policy headers for each Load Balancer Group (committed and uncommitted).
Page 143: Snmp Commands
SmartNA-X 1G/10G Modular | Command Line Reference | 143 SNMP commands This section provides information for SNMP commands: Note: The apply command must be entered before configuration commands take effect snmp show agent Use the snmp show agent command to show the enabled/disabled status of the SNMP agent. By default the SNMP agent is disabled and must be enabled with the snmp enable command in order to expose system management data to an SNMP manager and for SNMP notifications (traps) to be sent.
Page 144: Snmp Show All
144 | Command Line Reference | SmartNA-X 1G/10G Modular Example Disable the SNMP agent: CONTROLLER>snmp disable agent CONTROLLER>snmp show agent SNMP : Disabled CONTROLLER>apply snmp show all Use the snmp show all command to show all SNMP information, including agent status, enabled notifications, communities, users, and other SNMP details.
Page 145: Snmp Show Engineid
SmartNA-X 1G/10G Modular | Command Line Reference | 145 read view : v1 write view : v1 notify view : v1 snmp show engineid Use the snmp show engineid command to return the SNMP Engine ID. The Engine ID is only used by SNMPv3 entities to uniquely identify them.
Page 146: Snmp Enable Notify
146 | Command Line Reference | SmartNA-X 1G/10G Modular SNMP notify : on system notify : on health notify : off snmp enable notify Use the snmp enable notify command to turn on SNMP notifications. An SNMP notification is a message sent from the device to the SNMP management station indicating that a certain event has occurred, such as a link up/down (see the parameters list below for a list of triggering events for each notification type).
Page 147: Snmp Show Host
SmartNA-X 1G/10G Modular | Command Line Reference | 147 type). This device supports three notifications types: SNMP, system, and health. All notifications are disabled on the device by default. Note that the snmp apply command is not required after use of the snmp enable notify command.
Page 148: Snmp Create Host
148 | Command Line Reference | SmartNA-X 1G/10G Modular Version Set : v2c sec name : public snmp create host Use the snmp create host command to configure recipients (hosts) for SNMP notifications. If several notify directives are specified for the same host, multiple copies of each notification (in the appropriate formats) are generated.
Page 149: Snmp Show Community
SmartNA-X 1G/10G Modular | Command Line Reference | 149 If no transport-specifier or port is given then UDP and port 162 are assumed. • v1, v2c, v3 Select the SNMP version used by the host. • community/user Specify the community string (SNMPv1/v2c) or user (SNMPv3).
Page 150: Snmp Delete Community
MIB tree rooted at the specified object identifier (OID). If an OID • is not specified, access to the MIB defaults to OID .1 (the complete MIB tree). Network Critical MIBs start at 1.3.6.1.4.1.31645.
Page 151: Snmp Create User
SmartNA-X 1G/10G Modular | Command Line Reference | 151 Syntax snmp show user Parameters This command has no arguments or keywords. Example Show SNMPv3 users: CONTROLLER>snmp show user User number 0 Engine : local EngineId : Name : user8 Auth type : sha...
Page 152: Snmp Delete User
152 | Command Line Reference | SmartNA-X 1G/10G Modular SHA sha-passphrase Set Secure Hash Algorithm (SHA) encryption and a passphrase consisting of 8–64 ASCII • non-control characters used to authenticate the user. SHA is a cryptographic hash function producing a 512-bit hash value.
Page 153: Snmp Create Sectogroup
SmartNA-X 1G/10G Modular | Command Line Reference | 153 The VACM sectoGroup table is used to store group information and is indexed by a securityModel and securityName. Several group directives can specify the same group name, allowing a single access setting to apply to several users and/or community strings.
Page 154: Snmp Delete Sectogroup
154 | Command Line Reference | SmartNA-X 1G/10G Modular snmp delete sectogroup Use the snmp delete sectogroup command to unmap (delete) an SNMPv3 user/securityName from a sectoGroup. A group will no longer exist once all securityNames have been unmapped from it.
Page 155: Snmp Create View
MIB. CONTROLLER>snmp create view viewName exclude .1 CONTROLLER>apply • Create a viewName with access to the OID subtree starting at .1.3.6.1.4.1.31645 (Network Critical proprietary MIBs). CONTROLLER>snmp create view viewName include .1.3.6.1.4.1.31645 CONTROLLER>apply •...
Page 156: Snmp Delete View
156 | Command Line Reference | SmartNA-X 1G/10G Modular CONTROLLER>snmp create view viewName include .iso 0xf0 CONTROLLER>snmp create view viewName include .iso CONTROLLER>snmp create view viewName include .iso.org.dod.mgmt 0xf0 CONTROLLER>apply snmp delete view Use the snmp delete view command to delete a viewName.
Page 157: Snmp Create Access
SmartNA-X 1G/10G Modular | Command Line Reference | 157 snmp create access Use the snmp create access command to create a VACM Access Table group. The VACM Access Table is used to store the access rights deﬁned for groups. In determining if access is allowed, one entry must be selected and the proper viewName from that entry must be used for further access checking.
Page 158: Snmp Show Comtosec
158 | Command Line Reference | SmartNA-X 1G/10G Modular Syntax snmp delete access groupName { Any | USM | v1 | v2c } { noAuth | Auth | Priv } read-viewname write- viewname notify-viewname Parameters • groupName Specify a group name that this access right applies.
Page 159: Snmp Delete Comtosec
SmartNA-X 1G/10G Modular | Command Line Reference | 159 ("mynet"/"private"), but what appears in the group directive is the security name, regardless of the original community string. Syntax snmp create comtosec securityName community [ source SOURCE ] { IPv4 | IPv6 } Parameters securityName Specify a security name to map to the source/community pair.
Page 160: V-Line Module Commands
160 | Command Line Reference | SmartNA-X 1G/10G Modular V-Line module commands This section provides reference information for V-Line module commands. show vline Use the show vline command to list V-Line settings. The information reported shows the V-Line mode, bypass mode, heartbeat rate and timeout, and ingress slicing settings.
Page 161: Set Vline Bypass
SmartNA-X 1G/10G Modular | Command Line Reference | 161 CONTROLLER>select slot 4 SLOT4>set vline mode vline SLOT4>show vline vline mode : aggregation Aggregate ab -> c : off Aggregate ab -> d : off Inject ca : off Inject cb : off...
Page 162: Set Vline Heartbeat Rate
162 | Command Line Reference | SmartNA-X 1G/10G Modular set vline heartbeat rate Use the set vline heartbeat rate command to specify the rate at which heartbeat packets are sent to inline devices connected in V-Line mode. Changes must be committed before they are implemented on the system.
Page 163: Set Vline Heartbeat Packet
SmartNA-X 1G/10G Modular | Command Line Reference | 163 Heartbeat status BDCA : OK Slicing a ingress : 0 Slicing b ingress : 0 SLOT4>commit Committing maps and filters set vline heartbeat packet Use the set vline heartbeat packet command to specify custom heartbeat packet data to replace the default broadcast ARP heartbeat packet data.
Page 164: Set Vline Breakout
164 | Command Line Reference | SmartNA-X 1G/10G Modular Parameters • Ain, Bin, Aout, Bout, Cout, Dout Select the input port (ingress packets) or output port (egress packets) to apply packet slicing. Only one port can be specified per instruction. size Specify a packet slicing size in bytes. Valid range is 16–9216 bytes.
Page 165: Set Vline Aggregate
SmartNA-X 1G/10G Modular | Command Line Reference | 165 set vline aggregate Use the set vline aggregate command to specify the output port for AB aggregated traffic, either C or D port. Use separate commands if you want to aggregate AB to both ports. This command is only valid when the module is operating in Aggregation mode.
Page 166 166 | Command Line Reference | SmartNA-X 1G/10G Modular SLOT3>set vline mode aggregation SLOT3>set vline inject ca on SLOT3>set vline inject db on SLOT3>show vline Use commit command to configure the vline with these settings vline mode : aggregation Aggregate ab -> c : off Aggregate ab ->...
Page 167: Intelligent Packet Processor (Ipp) Card Module Commands
SmartNA-X 1G/10G Modular | Command Line Reference | 167 Intelligent Packet Processor (IPP) Card Module Commands This section describes the CLI commands for the optional IPP module. Note: After entering IPP commands, a commit command is required to replace the live settings on the device with your new configuration.
Page 168: Show Packetprocessor Transforms
168 | Command Line Reference | SmartNA-X 1G/10G Modular Syntax show packetprocessor transform transform-name Parameters transform-name The name of the packet processor Transform to show. Example Show information for packet processor Transform "remove v2 header". CONTROLLER>show packetprocessor transform "remove v2 header"...
Page 169: Show Packetprocessor Matches
SmartNA-X 1G/10G Modular | Command Line Reference | 169 show packetprocessor matches Use the show packetprocessor matches command to display all named matches. Syntax show packetprocessor matches Parameters This command has no arguments or keywords. Example Show all packet processor named matches.
Page 170 170 | Command Line Reference | SmartNA-X 1G/10G Modular 499, width:1, match:1 (0x1) "GTP-v2-L=2-TCP-IPv4" 436, width:1, match:0 (0x0) "GTP-v2-L=2-TCP-IPv6" 596, width:1, match:0 (0x0) "GTP-v2-L=2-UDP-IPv4" 340, width:1, match:0 (0x0) "GTP-v2-L=2-UDP-IPv6" 500, width:1, match:0 (0x0) "GTP-v2-TCP-IPv4" 432, width:3, match:2 (0x2) "GTP-v2-TCP-IPv6" 592, width:3, match:2 (0x2) "GTP-v2-UDP-IPv4"...
Page 171: Set Packetprocessor Transform Match
SmartNA-X 1G/10G Modular | Command Line Reference | 171 216, width:8, match:6 (0x6) "t-IPv4-protocol-UDP" 216, width:8, match:17 (0x11) "t-IPv6-protocol-GRE" 192, width:8, match:47 (0x2F) "t-IPv6-protocol-TCP" 192, width:8, match:6 (0x6) "t-IPv6-protocol-UDP" 192, width:8, match:17 (0x11) "t-TCP-Data-Offset=5-IPv4" 400, width:4, match:5 (0x5) "t-TCP-Data-Offset=5-IPv6" 560, width:4, match:5 (0x5) "t-Version-IPv6"...
Page 172: Set Packetprocessor Transform Named-Match
172 | Command Line Reference | SmartNA-X 1G/10G Modular start-bit The position of the starting match bit within the field. Bits are counted in network order from zero starting from the first transmitted/received bit of the MAC destination address in the Ethernet header, and ignoring the preamble.
Page 173: Set Packetprocessor Transform Clear Match
SmartNA-X 1G/10G Modular | Command Line Reference | 173 Example Add the named-match "Ethertype-C-tag" to the Transform named "remove v2 header". CONTROLLER>set packetprocessor transform "remove v2 header" named-match Ethertype-C-tag CONTROLLER>show packetprocessor transform "remove v2 header" matches: 17, width:1, match:1 (0x1)
Page 174: Set Packetprocessor Transform Action
174 | Command Line Reference | SmartNA-X 1G/10G Modular set packetprocessor transform action Use the set packetprocessor transform action command to set up one or more actions to modify the packet. The command accepts a starting-byte and a decimal or hex value for XOR, AND, OR, replace, delete and obfuscate. Each byte may be the subject of a maximum of one action.
Page 175: Set Packetprocessor Speed
SmartNA-X 1G/10G Modular | Command Line Reference | 175 Truncate Truncate (delete) the specified byte and all bytes beyond it. Examples Add an action to Transform "remove v2 header" to exclusive OR the 48th byte with 30. CONTROLLER>set packetprocessor transform "remove v2 header" action 48 xor 30 Add an action to Transform "remove v2 header"...
Page 176: Set Port Packetprocessor Transform
176 | Command Line Reference | SmartNA-X 1G/10G Modular Examples Show packet processor speed. CONTROLLER>show packetprocessor speed Configured as 4 x 1G set port packetprocessor transform Use the set port packetprocessor transform command to apply a Transform to a port.
Page 177: Set Port Packetprocessor Slicing
SmartNA-X 1G/10G Modular | Command Line Reference | 177 Examples Clear Transform 7 on port 1A. SLOT1>set port A packetprocessor clear Transform 7 set port packetprocessor slicing Use the set port packetprocessor slicing command to slice a packet to a given size, specified in bytes. Slicing size includes the CRC fields.
Page 178: Chapter 12: Troubleshooting
Connecting to the IPv6 link local address In addition to the IPv4 address, each SmartNA-X device has a unique IPv6 link local address. To discover the IPv6 link local address of your network interface, ping the network's IPv6 link-local address (ff02::1) and look for hex address sequence 1d:ffff:fe.
Page 179: Troubleshooting Slow Transmission Rates (Copper Ports)
In most deployments you can configure copper ports to use auto-negotiation (Auto-neg on), as this will allow the link partner ports to automatically negotiate the optimum communication settings themselves. On network critical links, you may prefer to specify fixed port settings, in which case the following settings are recommended for the two link partner ports: •...
Page 180: Troubleshooting The Cli
We recommend updating your browser so that it uses the Sun/Oracle Java plugin instead. Troubleshooting the CLI If you are unable to connect to SmartNA-X CLI, we suggest running your SSH client in verbose mode in order to print debug messages: $ ssh -v admin@192.168.254.100...
Page 181: Troubleshooting Snmp
SmartNA-X 1G/10G Modular | Troubleshooting | 181 debug1: Server host key: RSA 52:5a:1d:41:2c:77:de:3f:30:d1:b8:d2:6e:e4:bb:c1 debug1: Host '192.168.254.100' is known and matches the RSA host key. debug1: Found key in /home/user/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received...
Page 182: Troubleshooting The Web Ui
Internet Explorer, Firefox, Chrome, Opera, and Safari. The SmartNA-X web UI complies with W3C recommendations and uses standard Java 1.5. It should run on any platform that supports web standards, including the latest versions of Internet Explorer, Firefox, Chrome, Opera, and Safari.
Page 183: Appendix A: Physical And Electrical Specifications
Appendix Physical and electrical specifications Table 5: Physical specifications for the SmartNA-X device. ™ Feature Specifications Ports Management ports: 1 Ethernet, 1 serial User definable: (copper, single-mode fiber, multi-mode fiber, SFP/SFP+ cage ports available) Max. 16 x 1Gb Max. 4 x 10Gb...
Page 184 184 | Physical and electrical specifications | SmartNA-X 1G/10G Modular Feature Specifications Management CLI via SSH Web UI via HTTPS SNMPv1/v2v/v3 Authentication / Local Authorization RADIUS TACACS+ MTU (Maximum 10240 (untagged traffic) Transmission Unit) 10244 (802.1q tagged traffic) ™ ©...
Page 185: Appendix B: V-Line Module Specifications
Storage temperature: -20°C to +70°C (-4°F to +158°F) • Power: 10W V-Line module data interfaces SmartNA-X V-Line Modules are available in the following copper (RJ45), multi-mode fiber (MM-SFF), single-mode fiber (SM-SFF), and SFP/SFP+ port configurations. 5611 (RJ/RJ V-Line Module) 2x 10/100/1000Mbps RJ45 Network Ports...
Page 186: Live Ports (A & B)
186 | V-Line Module Specifications | SmartNA-X 1G/10G Modular 5642 (SM/SFP V-LINE Module) 2x 1000Mbps Multi Mode LC Network Ports 2x 100/1000Mbps SFP TAP Ports Live ports (A & B) Feature Copper Ports Fiber Ports Interface 2x RJ45 2x LC connectors...
Page 187: V-Line Module Led Indicators
SmartNA-X 1G/10G Modular | V-Line Module Specifications | 187 V-Line Module LED Indicators Figure 81: V-Line front panel ports Note that the reset push button is not currently available. Port LED Status Indicators Description Type POWER Module power status Blue /...
Page 188 188 | V-Line Module Specifications | SmartNA-X 1G/10G Modular V-Line Mode Breakout/Aggregation TAP Mode YELLOW REVERSE GREEN [Not Used] BYPASS Triggered (Port A not connected to B) GREEN [Not Used] ™ © SmartNA-X 1G/10G User Guide 1.4 2015 Network Critical Solutions Limited...
Page 189: Appendix C: Intelligent Packet Processor (Ipp) Module Specifications
Power: 5W IPP module data interfaces SmartNA-X Intelligent Packet Processor Module has no external data interfaces. (Traffic is mapped to and from the module internally.) Speed 4 x 1G (All Slots) or 2 x 10G (Slot 1 and Rear slot only)
Page 190: Ipp Module Front Panel
190 | Intelligent Packet Processor (IPP) Module Specifications | SmartNA-X 1G/10G Modular IPP Module front panel Figure 82: Front panel Table 6: Chassis LED Status Power (on board) Module not powered. BLUE Module booted. Chassis 12V detected. Module not booted.
Page 191: Appendix D: Ipp Module Preset Matches And Transforms
128, 16, 34525 t-Ethertype-ARP 128, 16, 2054 t-Ethertype-C-tag 128, 16, 33024 t-Ethertype-S-tag 128, 16, 34984 tt-Ethertype-IPv4 160, 16, 2048 tt-Ethertype-IPv6 160, 16, 34525 tt-Ethertype-ARP 160, 16, 2054 ™ © SmartNA-X 1G/10G User Guide 1.4 2015 Network Critical Solutions Limited...
Page 192: Ip Header Matches
192 | IPP Module Preset Matches and Transforms | SmartNA-X 1G/10G Modular IP header matches The following Matches can be used to match IPv4 and IPv6 headers. The following preset matches test the length of the IPv4 header and check the IPv4 version is indeed 4. Defined matches on later parts of the packet assume it is 5 words long.
Page 193: Transport Header Matches
SmartNA-X 1G/10G Modular | IPP Module Preset Matches and Transforms | 193 Match name Match definition (start bit, width, value) tt-Version-IPv6 176, 4, 6 Table 12: IPv6 header protocol matches Match name Match definition (start bit, width, value) IPv6-protocol-ICMP 160, 8, 1,...
Page 194: Gre Header Matches
194 | IPP Module Preset Matches and Transforms | SmartNA-X 1G/10G Modular Transport header port number matches The following Matches can be used to match Transport headers. GTP is identified by port number and travels over UDP (or optionally TCP for GTP version 2) TCP and UDP port numbers are in the same location in the header, so this works for either.
Page 195: Layer Above Tcp/Udp
SmartNA-X 1G/10G Modular | IPP Module Preset Matches and Transforms | 195 Match name Match definition (start bit, width, value) GRE-CKS-L=4-IPv6 432, 9, 97 Table 17: PPTP GRE header using Key, Sequence and Acknowledgement fields Match name Match definition (start bit, width, value)
Page 196: Ipp Module Preset Transforms
196 | IPP Module Preset Matches and Transforms | SmartNA-X 1G/10G Modular Match name Match definition (start bit, width, value) GTP-v1-L=2-IPv6 501, 3, 0 Table 21: GTPv2 over UDP Match name Match definition (start bit, width, value) GTP-v2-UDP-IPv4 336, 3, 2...
Page 197 SmartNA-X 1G/10G Modular | IPP Module Preset Matches and Transforms | 197 Table 25: IPP Transforms Transform name Matches Actions ipv4-L=5-remove-GRE- • Ethertype -IPv4 • 96 (byte 12), delete 24 (0x18) • IPv4-IHL=5 • 304 (byte 38), delete 8 (0x8) •...
Page 198: Appendix E: Supported Mibs
Supported MIBs List of MIBs supported by this device. Please note that some MIBs are only partially supported. To request a copy of the MIB files used by Network Critical devices, please contact support at the following address: support@networkcritical.com. •...
Page 199: Hardware Warranty
This warranty does not apply if, in the judgement of NETWORK CRITICAL SOLUTIONS, the product fails due to damage from shipment, handling, storage, accident, abuse or misuse, or if it has been used or maintained in a manner not conforming to the product manual instructions, has been modified in any way, or has had any serial number removed or defaced.
Page 200: Contacting Network Critical
200 | Contacting Network Critical | SmartNA-X 1G/10G Modular Contacting Network Critical Europe and Asia Network Critical Solutions Limited East Throp House 1 Paddock Road Caversham Reading Berkshire RG4 5BY United Kingdom Tel: +44 (0)118 954 3210 support@networkcritical.com North America and South America...

Network Critical SmartNA-X User Manual

About this Guide

Chapter 1: Introduction

Chapter 2: Getting Started

Chapter 3: Smartna-X Administration

Chapter 4: Configuring Ports

Chapter 5: Moving Traffic with Maps

Chapter 6: Restricting Traffic with Filters

Chapter 7: Load Balancing

Chapter 8: Working with the V-Line Module

Chapter 9: Working with the Intelligent Packet Processor (IPP) Module

Chapter 10: SNMP

Chapter 11: Command Line Reference

Chapter 12: Troubleshooting

Appendix A: Physical and Electrical Specifications

Appendix B: V-Line Module Specifications

Appendix C: Intelligent Packet Processor (IPP) Module Specifications

Appendix D: IPP Module Preset Matches and Transforms

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for Network Critical SmartNA-X

Summary of Contents for Network Critical SmartNA-X