Escolar Documentos
Profissional Documentos
Cultura Documentos
VS-2024-F
USERguide
March 2012
2012 Datacom Systems Inc
451-0131-U-B.00
Product Description
Datacom Systems Inc. VS-2024-F Data Access Switch provides an easy method to passively monitor fiber network traffic flowing between devices using your network analysis tools. Using your VS-2024-F Data Access Switch, your network analysis tools can be quickly and effectively deployed to the point of failure. Typically the VS-2024-F Data Access Switch is installed on a critical fiber link in the network where monitoring and analysis capabilities are important.
Contents
Table of Contents
Section 1 Terms of Use
1 2 3 4 5 6
Copyright ........................................................................................................................................ 9 License Agreement ........................................................................................................................................ 9 Trademark Attribution ........................................................................................................................................ 9 Proprietary Notice ........................................................................................................................................ 9 Certifications and Marks ........................................................................................................................................ 10 Safety Notices and Warnings ........................................................................................................................................ 10
11 13
Section 4 Small Form-Factor Support Section 5 Serial Console Configuration Section 6 Management Interface
1 2
15 17 19
21
System Settings ........................................................................................................................................ 21 NVRAM Settings ........................................................................................................................................ 22 Firmware Upgrade ........................................................................................................................................ 23 Reboot ........................................................................................................................................ 25 Load Balancer Policy ........................................................................................................................................ 26 IP Configuration ........................................................................................................................................ 27 Gateway Configuration ........................................................................................................................................ 28 Save Configuration ........................................................................................................................................ 29 Erase Configuration ........................................................................................................................................ 30 Restore Settings ........................................................................................................................................ 31 Tag Settings ........................................................................................................................................ 32
33
3 4 5
........................................................................................................................................ 35 RMON Ethernet Statistics RMON Events ........................................................................................................................................ 36 RMON History ........................................................................................................................................ 37
Section 9 TACACS
1 2
39
Section 10 Syslog
1 2
41
Section 11 SNMP
1 2 3 4 5 6 7 8 9
43
SNMP Community ........................................................................................................................................ 43 SNMP Group ........................................................................................................................................ 44 SNMP Group Access ........................................................................................................................................ 45 SNMP View ........................................................................................................................................ 46 SNMP Target Address ........................................................................................................................................ 47 SNMP Target Parameter ........................................................................................................................................ 48 SNMP User ........................................................................................................................................ 49 SNMP Trap Manager ........................................................................................................................................ 50 SNMP Filter Configuration ........................................................................................................................................ 51
Section 12 Statistic
1 2 3 4
53
Port Statistics ........................................................................................................................................ 53 Clear Port Statistics ........................................................................................................................................ 54 RMON Statistics ........................................................................................................................................ 55 Traffic Rate Statistics ........................................................................................................................................ 56
57
2 3 4
Ports ........................................................................................................................................ 61
.......................................................................................................................................................................... 62 Egress Filters
Contents
69 71
Terms of Use
Terms of Use
The following terms and conditions relate to the use of this document. Please note that Datacom Systems Inc. reserves the right, at its entire discretion, to change, modify, add, or remove portions of these Terms of Use at any time. Please read the Terms of Use carefully as your use of this document is subject to the Terms of Use stipulated herein.
1.1
Copyright
Copyright 2010 by Datacom Systems, Inc. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of Datacom Systems, Inc. To obtain this permission, write to the attention of the Datacom Systems legal department at 9 Adler Drive, East Syracuse, New York 13057-1290, or call 315-463-9541.
1.2
License Agreement
Notice To All Users: By using Datacom Systems, Inc. products, you agree to the terms set forth. No licenses, express or implied, are granted with respect to the technology described and Datacom Systems, Inc. retains all rights with respect to the technology described herein. If applicable, you may return the product to the place of purchase for a full refund.
1.3
Trademark Attribution
Access Your Network, DURAstream, DS3 ACTIVEtap, DS3switch, ETHERNETtap, Empowering Network Professionals, FDDIswitch, FIBERsplitter, FIBERswitch, FIBERSWITCHsystem, FLOWcontrol, GIGABITswitch, INSERTswitch, INSERTunit, LANswitch, MANAgents, MULTINETswitch, NETspan, PERMAlink, PROline, RMON SWITCHINGanalyzer, SINGLEstream, UNIVERSALswitch, VERSAstream, and WANswitch are trademarks of Datacom Systems, Inc. 1ST in Switching Solutions, DATACOMsystems, LANclipper, MANAgents, and MULTIview are registered trademarks of Datacom Systems, Inc. All other registered and unregistered trademarks are the sole property of their respective owners. All specifications may be changed without notice.
1.4
Proprietary Notice
This document contains proprietary information about the VS-2024-F family of products and is not to be disclosed or used except as authorized by written contract with Datacom Systems, Inc.
10
1.5
1.6
WARNING: Class 1 laser and LED product. A class 1 laser is safe under all conditions of normal use. Invisible laser radiation may be emitted from optical port openings when no fiber cable is connected, avoid exposure to laser radiation and do not stare into open optical ports.
11
Features:
Regeneration - Send copies of traffic from SPAN ports or external taps to multiple connected tools to share data sources Selective Aggregation - Combine multiple network links or channels into one stream for visibility into complete network conversations Filtering - Line-rate hardware-based filtering can eliminate port oversubscription and customize data flow to each tool Load Balancer configurations and Port Failover Protection - Maximizes both network and monitoring performance and uptime Media Conversion - Leverage existing monitoring tools regardless of media type Manage device remotely or locally with Web based management (HTTPS) or extensive CLI Management port with SSH connectivity System configurations, RMON configurations, TACACS configurations, SNMP configurations Statostocs
12
Overview
13
Overview
VS-2024-F Data Filtering Instead of tools attempting to keep up with high-speed aggregated traffic streams, the VS-2024-F (with data filtering) provides the option of applying filters to the data to increase tool efficiency and eliminate port over subscription. Line-rate hardware filtering on each port allows you to customize and streamline the amount and type of data each connected monitoring tool receives. Because they are receiving only traffic of interest, tools run faster, data is easier to work with, and issues are resolved quicker. Filters include IP and MAC ranges, VLAN, frame, port number, protocol type, even customizable offsets in the packet header. Reliable and Easy to Use Every unit comes with dual redundant power supplies to ensure monitoring uptime.
3.1
What Shipped?
1 VS-2024-F series Data Access Switch 2 AC Line Cords 1 Console Cable 1 Ethernet Management Cable
3.2
VS-2024-F Specifications
Any-to-Any Port: 24 - Supports SFP, SFP+, LR, SR, ER, LX, SX and BT Management Port: RJ45 @ 100 Mbps Full-Duplex The factory configured IP Address, Subnet Mask and Default Gateway are as follows: IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 Default Gateway: 0.0.0.0 Console Port: RJ45 - bit per second: 115200, data bits: 8, parity: none, stop: 1, flow control: none Filtering: IP Sources and Destinations, Subnets, Ranges MAC Source and Destination VLAN Ports User-defined Byte Input Power Requirement: 100 - 240VAC 47 - 63Hz, 1.4A max Power Consumption: less than 150.0W BTU/h: less than 511.5 Operating Temperature: 32 to 131 F 0 to 55 C Storage Temperature: -22 to 149 F -30 to 65 C
14
Operating Range Relative Humidity: 5 to 95% non-condensing Dimensions (H x W x D): includes rack mount bracket 1.75 x 19.00 x 18.00 inch 4.44 x 48.26 x 45.72 cm Weight: 12.2 lbs; shipping: 21.0 lbs 5.51 kg; shipping; 9.53 kg Warranty: One (1) year - see 'Warranty'
71
15
16
17
18
Management Interface
19
Management Interface
The VERSAstream 2024 Management Interface consists of the Command Line Interface (CLI) default management configuration and the Graphical User Interface (GUI) browser access management configuration.
6.1
Management Configuration
The default management, also known as cpu0, IP is 10.0.0.1. Users are able to configure the management IP on the CLI using following commands. end configure terminal interface cpu0 ip address { <ip_address> <subnet_mask> } Users can set the gateway IP address with the following commands. end configure terminal ip route 0.0.0.0 0.0.0.0 <gateway_ip>
6.2
Accessing GUI
Users may access the GUI, through the latest Internet Explorer, Mozilla Firefox or Google Chrome browsers with the address as set in the Management Configuration 19 section: http://<ip_address>
Users will be prompted with the login screen. Users can login with user root and password admin123.
2012 Datacom Systems Inc
20
System Configuration
21
System Configuration
The settings under system configuration are globally applied to the unit. This is the place where users can configure the following. System settings NVRAM settings Firmware upgrade Reboot IP Configuration Gateway IP Save, erase and restore configuration Tagging settings
7.1
System Settings
Users can view and set the device information such as the switch name, contact and location as well as setting the date and time. They can change database to authenticate users from the locally defined users in the system to a remote authentication tool such as TACACS. Users can change the http port number, management port routing, debug-logging, and commit items.
22
7.2
NVRAM Settings
The NVRAM settings page allows user to configure a default IP address. If users did not save the IP address configured under IP Configuration, the unit will be configured with IP address based on this setting. Since specifying gateway in NVRAM is not applicable, it is recommended to configure IP address using IP configuration and gateway using Gateway configuration page.
System Configuration
23
7.3
Firmware Upgrade
TFTP: Users will need to specify a server IP address with the firmware to upgrade the unit. The firmware should be placed in tftp server folder. After clicking apply, please wait a few minutes for the image download to be successful.
24
HTTP: Users will need to select the firmware from the window in the web browser after clicking the Browse button. The firmware should be placed on the machine from which the web UI is being accessed. After clicking apply, please wait a few minutes for the image download to be successful.
System Configuration
25
7.4
Reboot
Figure 6: Reboot
The system can be soft rebooted through this page. Users can reconnect in 1-2 minutes.
26
7.5
The load balancing parameters will only be available once a port group has been created. Once created, users can apply one or any combination of the available options. Configuring the load balancing policy is global for the whole device.
System Configuration
27
7.6
IP Configuration
Figure 8: IP Configuration
This page will allow user to configure an IP address for the management interface. Users changing the IP address will be logged out and will need to re-log back in. This page will take precedence if users have already configured an IP address on the NVRAM settings page.
28
7.7
Gateway Configuration
Configuring the gateway for the management port is made in this page.
System Configuration
29
7.8
Save Configuration
The units configuration can be saved onto the flash or saved remotely to a host.
30
7.9
Erase Configuration
The units startup-configuration, NVRAM, and flash files can be erased through this page.
System Configuration
31
7.10
Restore Settings
The units configuration can be restored through the flash. Users will have the option to restore the configuration after reboot or not.
32
7.11
Tag Settings
The unit can be configured to remove a single VLAN tag or two VLAN tags.
RMON Configuration
33
RMON Configuration
The unit supports Remote networking Monitoring (RMON). This section will guide users in the configuration of RMON.
8.1
RMON Basics
Enabling and disabling RMON can be done through RMON basics page.
34
8.2
RMON Alarms
The unit is able to send a notification should the rate fall or exceed a limit defined. The index value is a number that is generated by the user to assign a name to that rule. The threshold values take only bytes.
RMON Configuration
35
8.3
This page allows user to view the statistics of the RMON rules created.
36
8.4
RMON Events
This page allows the configuration of RMON events to be logged. The events include state changes, threshold, etc.
RMON Configuration
37
8.5
RMON History
Users can view the RMON history of the entries created on the system.
38
TACACS
39
TACACS
TACACS allows an external server to authenticate users to access the unit. The following will detail the configurations of TACACS on the GUI.
9.1
TACACS Configuration
Users can configure the multiple TACACS server address, secret, port, and timeout. Important note: users must go to the System Information and change the Login Authentication Mode to TACACS to use this tool.
40
9.2
Users may store multiple TACACS server onto the unit. Only one TACACS server may be active at a time.
Syslog
41
10
Syslog
Syslog allows administrators to configure and extract information from the unit to a Syslog server. The following will detail how to configure Syslog from the GUI.
10.1
Syslog Logging
Users can set the Syslog logging settings from this page. This will affect how the system will process and send Syslog messages to the Syslog server.
42
10.2
Syslog Forward
Users can specify Syslog servers where the messages will be forwarded to.
SNMP
43
11
SNMP
SNMP allows administrators to configure and extract information from the unit. The following will detail how to configure SNMP from the GUI.
11.1
SNMP Community
The system has two default communities in place, which should not be deleted. If users wish to add their own community, they may do so on this page.
44
11.2
SNMP Group
SNMP
45
11.3
Once the above has been defined, the unit can allow certain Groups to gain Access to the unit via SNMP.
46
11.4
SNMP View
Administrators are able to configure what information is viewable or restricted from various users.
SNMP
47
11.5
48
11.6
SNMP
49
11.7
SNMP User
SNMP Users can be crated here along with the authentication protocol designated to each user.
50
11.8
The unit can log and send SNMP traps for notification.
SNMP
51
11.9
52
Statistic
53
12
Statistic
The system keeps track of the counters passed through the unit since boot time. There are counters, traffic rate, and RMON statistics for every port. Users can clear the statistics of each port as well.
12.1
Port Statistics
Users can view the statistics of the receive and transmit counters of every port on this page.
54
12.2
Users can clear all the port data or individually through this page.
Statistic
55
12.3
RMON Statistics
56
12.4
This page shows the current and peak traffic rates of the unit since boot time.
Configuration Maps
57
13
Configuration Maps
Users are able to configure the flow of traffic through the configuration maps. This section will contain the options to create configuration maps, filter templates and port channels (bundles, bond, etc). It will also contain a section for the port options.
13.1
Configuration Maps
Users are able to create the configuration maps on this page; this will include load balancing, filtering, aggregation and mirroring. Multiple configuration maps can be made on the system. Users will have the capability to disable or enable each configuration map. When multiple configuration maps are made, users can set the priority of each to determine which rule should be looked at first.
58
1. This is the ports tab which updates what shows in section 4. A green colored bubble shows that a link has been established while a red colored bubble signifies that no link has been established. 2. This is the port groups tab which updates what shows in section 4. By default, it will be empty as there is no default port channels created. 3. This is the filter templates tab which updates what shows in section 4. Users can create filter templates and use them in the configuration map. 4. This area refreshes itself when tabs are changed between sections 1-3. Users can drag these icons to sections 6-8. 5. This section allows users to name and write a description for the configuration map without looking into detail. 6. Users can drag ports from section 4 when they are under the ports tab to this section. This will be the input port where traffic comes in. 7. Users can drag rules/filters from section 4 when they are under the filters tab to this section. This is the rule which will determine whether the type of traffic that is allowed to flow through to the output port or deny all traffic. 8. Users can drag ports and port groups from section 4 when they are under the ports or groups tab. This will be the output port(s).* *If no port groups are created and user wishes to create a port group, users can drag ports on top of each other. A new window will pop up allowing the user to create a port group or virtual trunk for load balancing purposes.
Configuration Maps
59
13.1.2 Graph
Users are able to view a graph representing the current traffic rate in packets per second or in bits per second. Users are also able to zoom in on a more specific time period of the graph.
60
Users are able to view statistics for specific ports and filters. To view statistics of a specific port, users can select the statistic button of a specific port from the configuration maps interface. To view statistics of a specific filter, users can select the statistic button of a specific filter from the configuration maps, or from the edit port page (to view egress filter statistics).
Configuration Maps
61
13.2
Ports
Users can re-label each ports name and description as well as change the icon when they highlight and edit a port. They can administratively bring a port up/down under the status column. They are also able to force the port up. Ports will be forced up under the following conditions. 1. The port is administratively up. 2. There is a SFP present. Editing a port allows users to apply egress filters to specific port(s),
62
Egress filters can be applied on a per-port basis. To apply an egress filter to a port, Click on the desired port from the Ports list and click the Edit button. An interface similar to the configuration maps interface will be shown, where users can add/edit a filter.
Configuration Maps
63
13.3
Port Groups
Users can create, edit and delete port groups (bundle/bonds) on this page.
64
Users can drag the ports under (Ports(24) into the blue box labeled Ports. A maximum of 8 ports can be applied to the port group. A port group can be named and contain a description.
Configuration Maps
65
13.4
Filter Templates
Filters are used to direct the flow of traffic on the Niagara 4224/4224-4XL/4232-4XL. Users can deny traffic, pass all traffic, pass traffic by certain criteria and tag packets with a VLAN. They can create a filter template such that it can be used in the configuration maps.
This page allows user to create, edit and delete custom filter templates.
66
When users create a new filter template, they can define a filter name and its description under the General tab.
Configuration Maps
67
Users can define the filter to pass all traffic, deny all traffic or pass it by certain criteria. The criteria are the following. 1. 2. 3. 4. Layer 2 Layer 3/4 (ipv4) IPv6 User defined byte (UDB)
68
13.4.4 Advanced
The system can tag packets, remove tags from packets, remove the payload for the packets (sending only the headers), or do nothing with it. Users that wish to tag packets will need to go under System -> Tag Settings and decide whether to remove one or two VLAN tags.
69
14
70
Customer Service
71
15
Customer Service
This USERguide was written to help you get to know your new DATA ACCESS SWITCH quickly and easily. We would welcome any comments or suggestions you may have regarding this USERguide. Please send your remarks and recommendations via mail, telephone, facsimile, or Internet E-mail. Datacom Customer Service is available via telephone, facsimile, and Internet E-mail. Please leave a voice message and our Customer Service Staff will return your call as soon as possible. You may also find the assistance you need at our website: http://www.datacomsystems.com. E-mail: Tel: FAX: WEB: support@datacomsystems.com (315) 463-9541 (315) 463-9557 www.datacomsystems.com
15.1
Internet
You can obtain additional information about Datacom Systems, Inc. and its products and services from the Internet at: http://www.datacomsystems.com.
15.2
Warranty
Datacom Systems, Inc. (DSI) warrants that the hardware which it supplies will be free from significant defects in materials and workmanship for a period of one year from the date of delivery (Warranty Period), under normal use and conditions. In the event of any such defect, you can return an item of defective hardware, freight prepaid, to DSI during the Warranty Period, and DSI will repair or replace the defective equipment and return it to you, freight prepaid. If DSI determines that the equipment is not defective, it will return it to you, freight collect. DSI shall have no responsibility for any deficiency resulting from accidents, misuse, modifications, power disturbances (including use of a power supply not specified by DSI), or various other forms of disaster, e.g., earthquakes, floods, etc. PLEASE DO NOT ATTEMPT TO RETURN ANY ITEM PRIOR TO RECEIVING A RETURN MATERIAL AUTHORIZATION (RMA) NUMBER FROM DATACOM CUSTOMER SERVICE AT (315) 463-9541 or support@datacomsystems.com
15.3
Limits of Liability
The warranties set forth above are exclusive and in lieu of all other warranties. Datacom Systems, Inc. (DSI) makes no other warranties, expressed or implied, and DSI expressly disclaims all other warranties, including but not limited to implied warranties of merchantability and fitness for a
72
particular purpose. Moreover, the provisions set forth above state DSIs entire responsibility and your sole and exclusive remedy with respect to any breach of warranty or contract. No liability for consequential damages. Under no circumstances and under no theory of Liability shall DSI be liable for costs of procurement of substitute products or services, lost profits, lost savings, loss of information or data, or any other special, indirect, consequential or incidental damages, arising in any way out of the sale of, use of, or inability to use, any DSI product or service, even if DSI has been advised of the possibility of such damages.
Customer Service
73