Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for ProfiTap X3 Series
Summary of Contents for ProfiTap X3 Series
- Page 1 X3-SERIES X3-440G X3-880G ADVANCED NETWORK PACKET BROKERS USER MANUAL...
- Page 2 If you have any questions, you can contact us through our website: www.profitap.com or by email: support@profitap.com For the latest documentation and software, visit our Resource Center: https://resources.profitap.com/...
-
Page 3: Table Of Contents
TABLE OF CONTENTS 1. Overview 2. Hardware Guide 2.1 Included Accessories 2.2 Physical Description 2.3 Ports Description 2.3.1 Console Port 2.3.2 Management Port 2.3.3 USB Port 2.4 Unpacking and Installing the Device 2.5 Troubleshooting and Maintenance 2.5.1 Replacing FAN Module 2.5.2 Replacing PSU 3. - Page 4 4.8.5 Tunnel Stripping 4.8.6 Tunnel Termination 4.8.7 Tunnel Creation 4.8.8 Traffic Management Legal Disclaimer Copyright Trademarks...
-
Page 5: Overview
1. Overview This document provides information about the configuration and operation of X3-Series Network Packet Brokers. 2. Hardware Guide 2.1 Included Accessories ● DB9 to RJ45 serial cable ● (2) Front-mounting ears with (8) screws ● (2) Rear-mounting ears ● (2) AC power cords 2.2 Physical Description Front View Rear View... -
Page 6: Ports Description
2.3 Ports Description 2.3.1 Console Port This serial port is intended to be used for local configuration and administration of the X3 device with Command Line Interface (CLI). Port parameters: RJ45, RS232, 115200, N, 8, 1 Default username and password for serial connection: ●... -
Page 7: Replacing Psu
2.5.2 Replacing PSU X3 power tray contains two PSU modules. If a PSU module fails, you should replace it, however X3 will function with one failed PSU module. You can remove individual PSU module using the following procedure: 1. Disconnect the power cord from the PSU (#17) to be replaced; 2. -
Page 8: Web Ui
4. Web UI This chapter describes method to connect to the Web UI. Use a supported browser and go to https://192.168.2.100 Depending on the browser you might need to accept the self-signed certificate and/or type “thisisunsafe”. Default username and password for Web UI connection: ●... -
Page 9: System Overview
4.1 System Overview This page provides system information about: ● PSU and FAN state; ● System temperature; ● System resource; ● Global Throughput; ● Firmware version. -
Page 10: Device Administration
4.2 Device Administration 4.2.1 Network Configuration Navigate to System > Network Config to modify the network settings of the management interface. The device supports IPv4 and IPv6. 4.2.2 Local Users Navigate to User Management > User Management to add or edit users. Local and remote user accounts and type of account must be specified in this configuration panel. -
Page 11: Snmp
The TACACS+ and RADIUS server information can be provided respectively on the User Management > TACACS+ Certification and User Management > RADIUS Certification pages. You must provide the server IP address/port and server secret. 4.2.4 SNMP SNMP Config The SNMP > SNMP Config page can be used to control the device's SNMP(v2c/v3) service. The SNMP Server Config tab allows the configuration of SNMP server settings, the SNMP V3 Users tab allows the configuration of SNMPv3 user settings, and the SNMP Trap Config allows the configuration of SNMP Traps and InformRequests. -
Page 12: Update
System Trap Config The SNMP > System Trap Config page allows the user to turn specific traps on or off, and modify trap thresholds. MIB File Management The SNMP > MIB File Management page allows the import and export of MIB files. 4.2.5 Update Navigate to System >... -
Page 13: Traffic Flow Overview
4.4 Traffic Flow Overview 4.4.1 Functional Blocks Description FUNCTIONAL BLOCK FUNCTION Ingress Port Strip Tunnels: GRE, GTP, VXLAN, MPLS, ERSPAN, Cisco FabricPath Per port inner/outer filtering option Ingress Port Group Form a logical group of port(s) Wildcard Match Forward traffic based on: IPv4/6 addresses, L4 Ports, VNI, MPLS (3 labels), outer VLAN, inner VLAN, Protocol, EtherType, DSCP, VNI, IP Fragment, Packet Type, Packet Size, TCP Flag, HTTP method Additional action:... -
Page 14: Theory Of Operation
4.4.2 Theory of Operation Ingress rules priority is managed by the rule number ID. User can define the rule ID at rule creation, but rule ID can’t be modified when the rule is applied. For this reason, it is highly recommended to partition the rule table IDs by filter type, that way it is easy to insert rules before or after the applied rules. -
Page 15: Port Configuration And Statistics
4.5 Port Configuration and Statistics 4.5.1 Port Configuration Ports can be configured on the Ports > Config page. Enable Individual ports can be enabled or disabled via the Enable button. All ports are enabled by default. Port Type By default, all ports are set to Egress. To accept traffic, a port must be set to Ingress. Port type configuration details: ●... -
Page 16: Statistics
Port Category The Category option is purely informative, and can be used to describe the function of the port (e.g. mixed for mixed traffic source, mirror for SPAN port, monitor for TAP). Port Speed The port speed can be set depending on the type of port: ●... -
Page 17: Traffic Policy
4.6 Traffic Policy Traffic Policy can be configured on the Forwarding Policy > Policy page. It defines the routing between Ingress and Egress ports, the filters, and the traffic manipulation. A typical workflow is as follows: 1. Add a new Forward Policy by pressing the + Forward Policy button. 2. -
Page 18: Ingress Port Group Options
Note: An Ingress port can only be part of one Ingress Port Group at a time. An Egress Port can be part of multiple Egress Port Groups. 4.6.1 Ingress Port Group Options On the Forwarding Policy > Policy page, click an Ingress Port Group to open its configuration. Some Ingress Port Group features may not be available with the running firmware. -
Page 19: Ingress Port Options
4.6.2 Ingress Port Options On the Forwarding Policy > Policy page, click an Ingress Port Group to open its configuration, then click Port Config to open the additional port configuration options. In this section, ports can be organized into subgroups, and the following settings can be configured for each subgroup: SETTING OPTION DESCRIPTION... -
Page 20: Egress Port Group Options
4.6.3 Egress Port Group Options On the Forwarding Policy > Policy page, click an Egress Port Group to open its configuration. The Egress Port Group type can be defined. This option defines the way traffic will egress the ports that are part of the port group. -
Page 21: Egress Port Options
4.6.4 Egress Port Options On the Forwarding Policy > Policy page, click an Egress Port Group to open its configuration, then click Port Config to open the additional port configuration options. In this section, ports can be organized into subgroups, and the following settings can be configured for each subgroup: SETTING OPTION DESCRIPTION... -
Page 22: Filtering
4.7 Filtering 4.7.1 Mode Configuration The X3 system can be configured in two different rule modes: ● Ingress Rule ● Ingress Rule & Egress Rule The configured mode has an impact on the number of configurable rules. The number of rules available for each mode is as follows: ●... -
Page 23: Ingress Rule
4.7.2 Ingress Rule Wildcard Match Wildcard match rules is a flexible type of rule that can be used to match packets by several fields. One rule can contain key values for any of the listed fields. FIELD EXPECTED VALUE EXAMPLE Source IPv4/6 IP / Mask 10.10.10.0/255.255.255.0... -
Page 24: Egress Rule
One or more actions can be associated for each rule. Possible actions are: ● VLAN (add, delete double) ● Hit Counter 4.7.3 Egress Rule Navigate to the Forwarding Policy > Egress Filter List page to set up egress rules. Select a port group, then add one or more egress rules to target specific traffic. Targeted traffic can be either allowed to egress (permit), or dropped (deny). -
Page 25: Advanced Features
4.8 Advanced Features 4.8.1 Packet Deduplication The Packet Deduplication feature discards duplicated packets from a physical port, a port group, or across any port. As duplication may have various causes, X3 provides several options to configure the feature. Packet fields used for deduplication: ●... -
Page 26: Ssl Decryption
4.8.2 SSL Decryption To enable SSL Decryption, first upload a private key file (.key) and its associated configuration file (.json) on the Advanced Function > SSL page. Example files can be downloaded from this page. The files should be formatted as follows: {"pkey_index":1,"srv_ip":"192.168.10.168","file_password":"","srv_port": example.json 443,"filename":"example.key","ip_type":4,"pkey_type":"PEM"}... -
Page 27: Data Masking
4.8.3 Data Masking Data Masking allows you to obfuscate specific data in egress. To configure data masking, navigate to the Forwarding Policy > Policy page, click an Egress Port Group to open its configuration, and enable Desensitization. With Desensitization enabled, select the mode. Depending on the selected mode, the configuration options are defined below. -
Page 28: Netflow
4.8.4 NetFlow The X3 NetFlow feature enables generation and export of NetFlow statistics. NetFlow can be enabled and configured on the Advanced Function > NetFlow page. NetFlow Version: v5 / v9 SETTING OPTION DESCRIPTION NetFlow Version v5 / v9 Select the NetFlow version to use IP Version IPv4 / IPv6 Select the IP version for the NetFlow packets... - Page 29 2. Click Port Config to open the port configuration menu. 3. Remove all ports from the port list except for those for which you wish to activate tunnel stripping. 4. Select the type(s) of tunnel(s) to strip, for instance ERSPAN. 5.
-
Page 30: Tunnel Creation
4.8.7 Tunnel Creation To encapsulate the traffic in an IPGRE or NVGRE tunnel, navigate to the Forwarding Policy > Policy page, click an Egress Port Group to open its configuration, set Egress Type to IPGRE or NVGRE, and fill in the fields. -
Page 31: Legal
Neither this manual, nor any of the material contained herein, may be reproduced without written consent of the author. Trademarks The trademarks mentioned in this manual are the sole property of their owners. Profitap HQ B.V. High Tech Campus 84 5656AG Eindhoven The Netherlands sales@profitap.com www.profitap.com © 2023 Profitap — v1.2...
Need help?
Do you have a question about the X3 Series and is the answer not in the manual?
Questions and answers