Net Optics Director User Manual
  1. Manuals
  2. Brands
  3. Net Optics Manuals
  4. Switch
  5. Director
  6. User manual

Net Optics Director User Manual

Data monitoring switch
Hide thumbs Also See for Director:
Table of Contents

Advertisement

Quick Links

See also: User Manual
A
B
A
2
B
1
www.netoptics.com
Analyzer 1
IDS
Analyzer 2
Forensic
RMON 1
RMON 2

User Guide

Data Monitoring Switch
Doc. PUBDIRU Rev. 3, 11/08

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Director and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Net Optics Director

Summary of Contents for Net Optics Director

  • Page 1: User Guide

    Analyzer 1 Analyzer 2 Forensic RMON 1 RMON 2 User Guide Data Monitoring Switch Doc. PUBDIRU Rev. 3, 11/08...
  • Page 2 Trademarks and Copyrights © 2008 by Net Optics, Inc. Net Optics is a registered trademark of Net Optics, Inc. Director is a trademark of Net Optics, Inc. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

  • Page 3: Table Of Contents

    Configure a Matrix Switch connection in Director ........
  • Page 4 Understand pending and active filters ............36 Chapter 4 Daisy-chaining Multiple Director Chassis ... 40 Appendix A Director Specifications ...

  • Page 5: Introduction

    Monitor ports. Expandable Two 10 Gigabit ports on the rear of the unit enable daisy-chaining up to ten Director chassis to expand the number of available ports, for a total of 380 ports in a fully expanded system (when available).

  • Page 6: Key Features

    Unsurpassed Support • Net Optics offers technical support throughout the lifetime of your purchase. Our technical support team is available from 8:00 to 17:00 Pacific Time, Monday through Friday at +1 (408) 737-7777 and via e-mail at ts-support@netoptics.com. FAQs are also available on Net Optics Web site at www.netoptics.com.

  • Page 7: About This Guide

    About this Guide Please read this entire guide before installing Director. This guide applies to the following part numbers: Chassis Part Number Description DIR-3400 Director Main Chassis with 10 SFP monitor ports DIR-7400 Director Main Chassis with 10 SFP monitor ports, 2 XFP 10GbE ports, 2 XFP uplink ports...

  • Page 8: Director Architecture

    Director internal architecture Director can be viewed as a matrix switch with up to 28 inputs, or Network ports, and 14 outputs, or Monitor ports. Any number of inputs can be directed to each of the outputs; Director aggregates the traffic from those Network ports and sends them to the Monitor ports.

  • Page 9: Usb Port

    A USB port located on the back is reserved for future functionality. Director Management Director can be configured and managed using a command-line interface (CLI) that will be familiar to most network administrators. The CLI runs locally over an RS-232 serial port or remotely over a secure SSH connection.

  • Page 10: Typical Application

    In this example, eight network links are monitored by six monitoring devices. The company's external access is protect- ed by a firewall, shown in the upper left of the diagram. The link runs through a router, then in-line through Director, and then to a switch that distributes traffic throughout a department.
  • Page 11 Another reason to use identical monitoring tools is to provide redundancy in case one of the tools fails. In addition, Director can be configured to send different...

  • Page 12: In-Line Monitoring Of 10 Gigabit Links

    To create an in-line link on a 10 Gigabit network segment, use an external network Tap. Figure 4 shows an LC Fiber Tap being used to send two half-duplex data streams to two 10-Gigabit Director ports. This configuration creates a fully passive, secure in-line Tap for the 10 Gigabit network link. It is capable of transferring up to 20 Gbps of total traffic from the full-duplex link to Director.

  • Page 13: Director Front Panel

    Director Front Panel The features of the Director front panel are shown in the following diagram. 10 SFP Monitor Ports Director ™ www.netoptics.com Power LEDs Monitor Ports Figure 6: Director Front Panel Monitor Port LEDs Each Monitor port has two light-emitting diode (LED) indicators. The Link LED is illuminated when a link is estab- lished.

  • Page 14: Director Rear Panel

    Director Rear Panel The features of the Director rear panel are shown in the following diagram. Management USB Port Port RS232 Management Port RS-232 Port Figure 7: Director Rear Panel Major features of the rear panel include: • USB Port —Reserved for future functionality...

  • Page 15: Installing Director

    Connect the monitoring tools to Director Configure a Matrix Switch connection in Director Check the installation This chapter pertains to installing a single Director. Chapter 4 addresses daisy-chaining up to 10 Director chassis into a single logical system. Installing Director...

  • Page 16: Plan The Installation

    Gateway to the remote management console, if deployed over a WAN • Port assignments and filters for the Network and Monitor port connections Make sure you have a suitable location to install the Director device. For power redundancy, use two independent power sources. Unpack and Inspect the Director device Carefully unpack the Director device, power supplies, and all cables that are provided.

  • Page 17: Install Director Network Modules

    Rack Mount the Director device Director is designed for rack mounting in a 19-inch rack panel. The panel occupies one rack unit. To rack mount the Director device, simply slide it into the desired rack location and secure it using the four supplied screws.

  • Page 18: Connect Power To Director

    CLI locally over the RS-232 serial port or remotely over the Management port. If you choose to run the CLI locally, connect a DB9 cable from the RS-232 port on the back of the Director chassis to your computer;...

  • Page 19: Connect The Remote Cli Interface

    Connect the Director Management port to a network switch using a network cable. Open Director from an SSH client on the network, using the IP address you assigned using the local CLI. The SSH port is 22. Director displays the shell login prompt.

  • Page 20: Log Into The Cli

    Figure 13: Shell login Enter netoptics as the password. For security, the password is not displayed as you type it. The Director CLI runs and the CLI sign-on banner and login prompt are displayed. login as: customer customer@10.60.4.8's password: Last login: Thu Sep 4 09:40:31 2008 from 10.30.1.62...

  • Page 21: Configure Director Using The Cli

    Your CLI screen should be displaying the "Net Optics:" prompt as shown here: Net Optics> If you do not see the "Net Optics>" prompt, try typing Help followed by the Enter key. If the prompt is still not dis- played, repeat the instructions in the preceding section and log in again.
  • Page 22 If you are using the local RS-232 serial interface to access the CLI, then you need to configure the IP Address that Indigo management software, when available, will use to communicate with Director. If Director must communicate through a Gateway to reach the network, then set the Gateway IP Address for that Gateway.
  • Page 23 Set the Current Date and Time Director maintains a time-of-day clock which is used to record the time of traffic peak utilization events. Time is based on the 24-hour clock. The clock must be initialized using the CLI or another management tool.
  • Page 24 Using the CLI Help Command To view CLI help information: Help at the "Net Optics:" prompt. The list of help topics is displayed. Enter Net Optics> help commit - save local config to hardware date - set system date - delete file 'name'...

  • Page 25: Using The Cli Command History Buffer

    - show 'running', 'factory', 'default', or file 'name' Net Optics> list Current config file(s): test-1 test-7 Net Optics> help ping ping ipaddr - ping 'ipaddr' Net Optics> sysip show Current Sysip Info: IP addr: 10.60.4.178 IP mask: 255.0.0.0 Gateway: 10.0.0.1...

  • Page 26: Connect Span Ports To Director

    Connect Span Ports to Director To connect Director to the network using Span ports, be sure that at least one of your DNMs is a Span model. Use ports in that DNM to connect to the network. Span port numbering is shown in the following diagram. It is the same for Span DNMs and in-line DNMs.

  • Page 27: Connect Director With In-Line Network Links

    Connect Director With In-line Network Links To connect Director to the network using an in-line installation, be sure that at least one of your DNMs is an in-line model. Tap port-pairs for each link are located side by side, with three links across the top row and three links across the bottom row.

  • Page 28: Connect Monitoring Tools To Director

    Configure a Matrix Switch connection in Director In order to monitor a network link, Director must be configured to copy the traffic from a Network or Span port to a Monitor port. A simple connection is described in this section, operating Director as a Matrix Switch. For more complex switching and filtering, see Chapter 3.

  • Page 29: Configuring Filters Using The Cli

    For a complete listing of filter commands in the CLI, see Appendix B. Syntax In the CLI, Director ports are specified by alpha-numeric names as follows: • n1.1, n1.2, n1.3 .. n1.12 – Network ports in the first DNM (the slot on the left); for in-line DNM models, port n1.1, n1.2 are an in-line link pair;...

  • Page 30: Copy Traffic From Any Network Port To Any Monitor Port

    Copy Traffic From Any Network Port to Any Monitor Port Director can be used like a Matrix Switch to direct traffic from any Network port to any Monitor port. To create a simple switch connection, use a filter add command without specifying any filters.

  • Page 31: Regenerate Traffic To Any Set Of Monitor Ports

    Regenerate Traffic to Any Set of Monitor Ports Director can be used like a Regeneration Tap, copying traffic from a Network port (or aggregated group of Network ports) to multiple Monitor ports. The filter add command is used to do this. The only difference from using the command to connect a single or multiple Network ports to a single Monitor port is that a list of Monitor ports is specified.

  • Page 32: Create Filters

    Network Port 3 lter add in_ports=n1.3 ip4_prot=3 action=redir redir_ports=m.6,m.8 Figure 27: Simple IPv4 protocol filter (with regeneration) Available filter parameters are listed in Appendix B and include: • ip_proto Monitor Port 1 Monitor Port 6 Monitor Port 8 IP protocol Director...

  • Page 33: Create Complex Filters

    The filters are activated. IPv4 source address and mask IPv4 destination address and mask IPv6 source address and mask IPv6 destination address and mask MAC source address and mask MAC destination address and mask VLAN number Protocol = Monitor Port 1 Director...

  • Page 34: View Filters

    Figure 29: Logical OR filter connection View filters To view a list of all pending filters, enter filter list. To view the active filters, enter filter running. Net Optics> filter list Filter #1 src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00 src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0000 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=redir in_ports=t1.01...

  • Page 35: Work With Configurable 10 Gigabit Ports

    Enter UDP packets from 10 Gigabit Port 1.1 and copy them to Monitor Port 2. Enter filter add in_ports=t1.2 action=redir redir_ports=m.3. A filter has (switch) been defined to copy all traffic from10 Gigabit Port 1.2 to Monitor Port 3. Enter filter commit. The filters are activated.
  • Page 36 Protocol = Monitor Port 1 XFP Port 1.1 Network Port 11 XFP Port 1.2 lter add in_ports=t1.1 ip_proto=6 action=redir redir_ports=m.1 lter add in_ports=n1.11 action=redir redir_ports=t1.2 Figure 33: Configurable 10 Gigabit XFP ports used one Span port and one Monitor port Director...

  • Page 37: Understand Filter Interactions

    Understand filter interactions It is important to understand that Director uses Content Addressable Memory (CAM) technology to implement filters. As each filter is defined, it is stored in the next available entry in the CAM. Each packet header is compared in the CAM, and the CAM returns the index of the first filter that the packet header matched.
  • Page 38 Address Filter Monitor Port 1 n1.5 ip_src=192.186.10.0 m.1 n1.5 ip_proto=TCP m.2 Monitor Port 2 Address Filter Monitor Port 1 n1.5 ip_src=192.186.10.0 ip_proto=TCP m.1,m.2 Monitor Port 2 n1.5 ip_src=192.186.10.0 n1.5 ip_proto=TCP m.2 Director...
  • Page 39 Figure 38: Creating an exclusive filter Tip! ___________________________________________________________________________________________________ If you only define switch connections, with no filtering, the CAM is not involved and the switches do not interact. ________________________________________________________________________________________________________ Tip! ___________________________________________________________________________________________________ Filters that use exclusive sets of Network ports (each Network port is included in only a single filter) do not interact.

  • Page 40: Understand Pending And Active Filters

    CAM, activating that filter set-up. (Remeber that commit also changes Director's default configuration, but filter commit does not.)
  • Page 41 CAM. Enter Net Optics> filter running Filter #1 src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00 src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0017 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=drop in_ports= Filter #2 src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00 src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0000 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=redir in_ports=n1.1 redir_ports=m.1 IPv4 filter resource utilization: Net Optics> Figure 40: Filter running command filter sync. The contents of the CAM are copied to the pending filter list.
  • Page 42 Enter Net Optics> filter list Filter #1 src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00 src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0006 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=drop in_ports= Filter #2 src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00 src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0000 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=redir in_ports=n1.1 redir_ports=m.1 Filter #3 src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00 src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0000 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=redir in_ports=n1.2 redir_ports=m.2 IPv4 filter resource utilization: Net Optics>...
  • Page 43 CAM takes on the filter configuration from that user's pending filter list, and those become the active filters on Director. For this reason, it is a good idea to use a filter sync command to get the current contents of the CAM before adding or modifying filters;...

  • Page 44: Daisy-Chaining Multiple Director Chassis

    25 miles (40 kilometers), enabling monitoring of entire campuses or multiple campuses with a single Director system. Daisy-chaining chassis is not supported in the initial release of Director. This chapter will be expanded when daisy-chain functionality becomes available.

  • Page 45: Director Specifications

    CRC errors, collision packets Internal disk drive: 2.5-inch, SATA, 30 Gigabyte, 5400 RPM Software Net Optics Web Manager—compatible with all major Web browsers Net Optics System Manager—compatible with Windows XP, Windows 2000, and Windows 98 SNMP v3 support Appendix A Director Specifications...

  • Page 46: Available Models

    Available Models Models, Main Chassis DIR-3400 Director Main Chassis with 10 SFP monitor ports DIR-7400 Director Main Chassis with 10 SFP monitor ports, 2 XFP 10GbE ports, 2 XFP uplink ports DNMs DNM-100 6-Port 10/100/1000 Copper In-Line Module DNM-110 12-Port 10/100/1000 Copper Span Module DNM-200 6-Port Gigabit SX Fiber 62.5μm In-Line Module...

  • Page 47: Appendix B Command Line Interface

    (level 3) – can access only these CLI read-only commands: help, history, list, ping, show, exit, logout, quit The CLI commands are specified in the following table. Appendix B Command Line Interface user and passwd commands user and passwd Director...
  • Page 48 Arguments: <filename> is the name of the file to delete; a string; do not include an extension Deletes a previously saved Director configuration file (see save command) exit Exits the CLI shell (same as logout and quit) Note: To maintain system security, control is not returned to the command shell.
  • Page 49 Displays a numbered list of previously executed CLI commands; any command can be executed directly by entering the command number preceded by an exclamation point; up- and down-arrow keys can be used to scroll through the command history buffer (see ! command) Director...
  • Page 50 Lists the names of both system images and indicates which one is running, and which one is selected to boot from (arrow next to image name) list Shows a list of filenames of saved Director device configurations (see save command) load my_configuration-1 Arguments: <filename>...
  • Page 51 Exits the CLI shell (same as exit and logout) Note: To maintain system security, control is not returned to the command shell. reset Reboots the Director device; also called warm boot; similar to power-cycling the device; reloads the default configuration save my_configuration-1 Arguments: <filename>...
  • Page 52 <password> is the new password for the account to, a string <level> is 1, 2, or 3 (other values not applicable); 1=root; 2=admin; 3=user Modifies a user account user show Lists all the currently defined user accounts Director...

  • Page 53: Filter Parameters

    It also allows you to double-check your filter definitions before you activate them. The commit command also rewrites the default Director configuration (the defaultcfg file), while filter commit does not. Note that IPv6 and IPv4 filters are maintained separately. It is important to include the "ipv6=y" argument when dealing with IPv6 filters, and omit it when dealing with IPv4 filters.
  • Page 54 Director Filter Parameters <qual> <value> ip_proto Number* ip_src IPv4 address ip_src_mask IPv4 address mask ip_dst IPv4 address ip_dst_mask IPv4 address mask ip6_src IPv6 address ip6_src_ IPv6 address mask mask ip6_dst IPv6 address ip6_dst_ IPv6 address mask mask l4_src_port Port number...

  • Page 55: Appendix C Protocol Numbers

    Fragment Header for IPv6 IDRP Inter-Domain Routing Pro- tocol RSVP Reservation Protocol General Routing Encapsula- tion Dynamic Source Routing Protocol Encap Security Payload Authentication Header I-NLSP Integrated Net Layer Security TUBA SWIPE IP with Encryption NARP NBMA Address Resolution Protocol Director...
  • Page 56 Protocol Independent Mul- ticast ARIS ARIS SCPS SCPS Active Networks IPComp IP Payload Compression Protocol Sitara Networks Protocol Compaq- Compaq Peer Protocol Peer IPX-in-IP IPX in IP VRRP Virtual Router Redundancy Protocol PGM Reliable Transport Protocol any 0-hop protocol Director...
  • Page 57 Private IP Encapsulation within IP SCTP Stream Control Transmission Protocol Fibre Channel Keyword Protocol RSVP- E2E- IGNORE Mobility Header UDPLite MPLS- in-IP manet MANET Protocols Host Identity Protocol Unassigned Use for experimentation and testing Use for experimentation and testing Reserved Director...

  • Page 58: Limitations On Warranty And Liability

    Net Optics, Inc. warrants this Tap to be in good working order for a period of ONE YEAR from the date of purchase from Net Optics or an authorized Net Optics reseller.
  • Page 59 © 2008 by Net Optics, Inc. All Rights Reserved.

Table of Contents