User Guide
Data Monitoring Switch
A
B
A
B
2
1
Analyzer 1
IDS
Analyzer 2
RMON 1
Forensic
RMON 2
Doc. PUBDIRU Rev. 3, 11/08
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Contents
Chapter 1
Introduction
Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
About this Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Director Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
USB port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Director Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Typical Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
In-line Monitoring of 10 Gigabit Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Director Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Director Rear Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Chapter 2
Installing Director
Plan the Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Unpack and Inspect the Director device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Install Director Network Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Install SFP and XFP Monitor port Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Rack Mount the Director device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Connect Power to Director . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Connect the local CLI Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Connect the remote CLI Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Log into the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Configure Director using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Using the CLI Command History Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Connect Span Ports to Director. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Connect Director With In-line Network Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Connect Monitoring Tools to Director . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Configure a Matrix Switch connection in Director. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Check the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Chapter 3
Configuring Filters Using the CLI
Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Copy Traffic From Any Network Port to Any Monitor Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Aggregate Traffic From Any Set of Network Ports to Any Monitor Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Regenerate Traffic to Any Set of Monitor Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Create Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Create Complex Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
View filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Work with configurable 10 Gigabit ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Understand filter interactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Understand pending and active filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Chapter 4
Daisy-chaining Multiple Director Chassis .............................................. 40
Appendix A
Director Specifications........................................................................... 41
Appendix B
Command Line Interface ........................................................................ 43
Filter parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Appendix C
Protocol Numbers................................................................................... 51
Limitations on Warranty and Liability.................................................... 54
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Chapter 1
Introduction
Net Optics Director is a key component for building a comprehensive, consolidated monitoring infrastructure for both
network management and security. It extends the range of visibility for data monitoring across converged data and
digital voice networks, while eliminating monitoring port contention and minimizing the number of tools needed to
optimally manage the network.
A single Director device enables you to tap into multiple network links, and direct their traffic to multiple monitoring
ports. It includes aggregation and regeneration functions, so the link-to-monitor-port mapping can be one-to-one,
one-to-many, many-to-one, or many-to-many. In addition, it provides filtering: Each Monitor port can be programmed
to receive only traffic meeting user-defined filter criteria based on protocol, source and destination addresses, and
other criteria. This filtering capability enables specific types of traffic such as voice over IP (VoIP) to be directed to
particular monitoring tools.
Matrix switching, aggregation, and regeneration
Each Director chassis supports up to 12 in-line network links or 28 Span ports. For monitoring, up to 14 ports are
provided. Network and Span ports can be aggregated and regenerated to output ports in almost any combination.
Modular design
Director is modular to provide configuration flexibility.
• Director Network Modules (DNMs) support SX (multi-mode) and LX (single-mode) fiber links and 10/100/1000
Copper links.
• Each DNM provides either 6 in-line network links or 12 Span ports.
• The Director Chassis includes two DNM slots; they can be populated with the same or different DNM types.
• Ten 1-Gigabit Monitor ports are SFP-based, accepting any mix of Copper, SX, and LX interface modules.
• Four 10-Gigabit ports are XFP-based, accepting SR, LR, and ER interface modules.
Flexible 10 Gigabit support
Four 10 Gigabit ports can be configured as Network, Span, or Monitor ports. They can be configured for the same or
different functions. Traffic from multiple 1-Gigabit Network or Span ports can be aggregated to a 10-Gigabit Monitor
port. Conversely, traffic from a 10 Gigabit Network or Span port can be dis-aggregated to multiple 1 Gigabit Monitor
ports through appropriate filtering. For example, traffic from different IP address ranges could be directed to separate
Monitor ports.
Expandable
Two 10 Gigabit ports on the rear of the unit enable daisy-chaining up to ten Director chassis to expand the number of
available ports, for a total of 380 ports in a fully expanded system (when available).
Monitor port-based filtering
Director avoids the confusion of pre-filtering versus post-filtering by strictly tying filtering to the Monitor ports. Each
Monitor port can be configured to have traffic from any number of Network or Span ports directed to it, and each Monitor
port applies up to 30 protocol-, address-, and utilization-based filters to the traffic.
1
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Key Features
Ease of Use
• Tap, aggregation, regeneration, matrix switch, and filter functions in a single device
• 19-inch rack frame, 1U high
• Front-mounted connectors for quick and easy installation
• LED indicators show Power, Link, and Activity status
• Modular design for configuration flexibility
• RMON statistics, including network utilization filtering; data can be used to assemble XML-based end-user reports,
or it may be exported to a third party reporting tool such as a protocol analyzer
• Text-based command-line interface (CLI) available through RS-232 serial port
• CLI also available remotely over secure SSH connection
• Field-upgradeable software
• Compatible with all major manufacturers’ monitoring devices, including protocol analyzers, probes, and intrusion
detection and prevention systems
Monitor port Filtering
• 1,000 filter elements per a chassis
• Exclusive (drop matched packets) and inclusive (pass matched packets) filters
• Filters based on IP protocol, IP addresses, layer 4 ports, MAC addresses, and VLANs
• Source and destination MAC addresses, or ranges of addresses
• Source and destination IP addresses, or ranges of addresses
• Source and destination ports, or ranges of ports
• Supports IPv4 and IPv6 protocols
• VLAN
• Protocols: all IP protocols such as ICMP, TCP, UDP, and RDP
Passive, Secure Technology
• Passive access at up to 10 Gbps
• In-line links do not interfere with the data stream or introduce a point of failure
• Optimized and tested for 10, 100, and 1000Mbps copper and 1 and 10 Gpbs fiber networks
• Redundant power to maximize uptime
• In-line links default to open under a complete power-fail condition, ensuring network availability
• FCC, CE, VCCI, C-Tick, and WEEE certified
• Fully RoHS compliant
Unsurpassed Support
• Net Optics offers technical support throughout the lifetime of your purchase. Our technical support team is
available from 8:00 to 17:00 Pacific Time, Monday through Friday at +1 (408) 737-7777 and via e-mail at
2
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
About this Guide
Please read this entire guide before installing Director. This guide applies to the following part numbers:
Chassis Part Number Description
DIR-3400
DIR-7400
Director Main Chassis with 10 SFP monitor ports
Director Main Chassis with 10 SFP monitor ports, 2 XFP 10GbE ports, 2 XFP uplink ports
DNM Part Number
DNM-100
Description
6-Port 10/100/1000 Copper In-Line Module
12-Port 10/100/1000 Copper Span Module
6-Port Gigabit SX Fiber 62.5μm In-Line Module
12-Port Gigabit SX Fiber 62.5μm Span Module
6-Port Gigabit SX Fiber 50μm In-Line Module
12-Port Gigabit SX Fiber 50μm Span Module
6-Port Gigabit LX Fiber In-Line Module
12-Port Gigabit LX Fiber Span Module
6-Port Gigabit ZX Fiber In-Line Module
12-Port Gigabit ZX Fiber Span Module
DNM-110
DNM-200
DNM-210
DNM-220
DNM-230
DNM-300
DNM-310
DNM-320
DNM-330
3
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Director Architecture
The following diagram shows a schematic view of the architecture of the Director device shown as a Matrix Switch with
filtering. The black dots indicate aggregating Matrix Switch connections between Network Ports and Monitor Ports.
n1.1
n1.3
n1.5
n1.7
n1.9
n1.11
n1.2
n1.4
DNM with
6 in-line
network ports
n1.6
n1.7
n1.10
n1.12
n2.1
n2.2
n2.3
n2.4
n2.5
n2.6
n2.7
n2.8
n2.9
n2.10
n2.11
n2.12
DNM with
12 Span or
out-of-band
network ports
t1.1
t1.2
t2.1
Four configurable
10GbE XFP ports
t2.2
Filters
t1.1 t1.2 t2.1 t2.2 m.1 m.2 m.3 m.4 m.5 m.6 m.7 m.8 m.9 m.10
K ey :
Network or Span port
Monitor Port
10 SFP monitor ports
Aggregating switch conection
Dim Alternate configurations for 10 GbE XFP ports
Figure 1: Director internal architecture
Director can be viewed as a matrix switch with up to 28 inputs, or Network ports, and 14 outputs, or Monitor ports.
Any number of inputs can be directed to each of the outputs; Director aggregates the traffic from those Network ports
and sends them to the Monitor ports. For example, the diagram shows:
• Traffic from the first in-line Network link (n1.1-n1.2) is being directed to the first SFP Monitor port (m.1)
• Traffic from two in-line Network links (n1.3-n1.4 and n1.7-n1.8) plus three Span Network ports (n2.3, n2.7,
and n2.11) is being aggregated and directed to the second SFP Monitor port (m.2)
• Traffic from one in-line Network link (n1.11-n1.12) is being regenerated to two SFP Monitor ports (m.9 and m.10)
The traffic from the in-line Network links to the Monitor ports may include the traffic being received at the odd-
numbered Network port (at the left side of the diagram), at the even-numbered Network port (at the right side of the
diagram), or both; the diagram doesn't include this level of detail.
In addition, filters (shown at the bottom of the diagram) are configured independently for each Monitor port, one or
more filters per port, and applied on the aggregated traffic for that port. For example, the second SFP Monitor port
could have two filters, where one filter selects the TCP traffic from the two in-line Network links and the second filter
selects the UDP traffic from the three Span Network ports.
4
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
The inputs are divided into three groups: two DNMs plus the 10GbE ports. In-line DNM models support 6 in-line links,
while Span DNM models support 12 Span ports. The diagram shows one in-line and one Span DNM. Both in-line and
Span DNMs are available with either Copper or SX, LX, or ZX Fiber interfaces. Different DNM types can be mixed in
the same chassis, for example, one in-line Copper DNM and one Span Fiber DNM. The modules are hot-pluggable
for easy serviceability. One or both DNM slots can be populated. The DNM slots are numbered 1 for the slot on the left
and 2 for the slot on the right. If only one slot is populated, it should be slot 1.
The four configurable 10-Gigabit XFP ports are shown in the first four columns and last four rows of the diagram. The
four dark black rows indicate that all four ports are configured as Span inputs. The four dimmed columns indicate that
the ports can alternately be configured as Monitor ports. The four ports may be configured as:
• Both Span
• Both Monitor
• One Span and one Monitor
In addition, the two 10 Gigabit ports on the back of the chassis (t2.1, t2.2) can be used as uplink ports to daisy-chain
chassis for expansion.
USB port
A USB port located on the back is reserved for future functionality.
Director Management
Director can be configured and managed using a command-line interface (CLI) that will be familiar to most network
administrators. The CLI runs locally over an RS-232 serial port or remotely over a secure SSH connection.
Net Optics GUI-based Indigo management tools, which will be available soon, include:
• Web Manager—A Web-browser based tool to manage a single Director (at a time) from anywhere in the world
• System Manager—An SNMP platform-based tool to mange all the Director and other Net Optics iTap-enabled
devices on your network
5
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Typical Application
The following diagram shows a typical application using Director to implement a comprehensive, consolidated monitoring
infrastructure.
A
B
A
B
2
1
Analyzer 1
IDS
Analyzer 2
RMON 1
Forensic
RMON 2
Figure 2: Director-centric network monitoring infrastructure
In this example, eight network links are monitored by six monitoring devices. The company's external access is protect-
ed by a firewall, shown in the upper left of the diagram. The link runs through a router, then in-line through Director,
and then to a switch that distributes traffic throughout a department.
Network Links
The rest of the department's switches are shown, but only the connections to Director are illustrated. The four depart-
ment switches shown in the lower right are cross-connected for fault tolerance. All four of the cross-connected links
are passed in-line through Director (as indicated by the slanting purple lines) so they can be thoroughly monitored for
performance tuning, security, and trouble-shooting. Because so many critical links pass in-line through Director, it's
good to know that they are completely passive connections—Director does not slow down or interfere with the in-line
traffic, and the links stay open to pass traffic even if both of the Director power supplies are removed. (When power
is removed, 10/100/1000 Copper in-line links may be dropped for a short period of time—less than 1 second—while
relays switch to open the link. Subsequently, the network re-establishes the links and traffic resumes flowing.)
Purple line
indicates an
in-line Tap
Figure 3: Detail of in-line Taps shown in Figure 2
In the middle of Figure 2, three other departmental switches are monitored through their Span ports. One of the
switches handles 10GbE traffic, so its Span port goes to one of the Director 10GbE XFP ports. One of the other
switches' 1GbE Span ports carries three distinct types of traffic–e-mail, VoIP, and Web pages–as indicated by the three
colored circles on the Span link.
6
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
In this installation, Director has ten additional Span ports and one in-line link that are available for expansion, when
more links need to be monitored.
Monitoring Tools
Still referring to Figure 2, six monitoring tools are connected to Director. They include protocol and performance analyzers,
RMON probes, and an intrusion detection system (IDS). Any of the monitoring tools can be used to observe any of the
connected network links, and the connections can be switched easily, using the Director CLI, without ever moving a
cable or touching the tools. A set of possible data flows is indicated by the colored circles on the links in the diagram.
One of the network monitoring tools is capable of handling more than 1 Gbps, so it is attached to a 10 Gigabit XFP
port. Through this port, the tool can be sent aggregated traffic up to 10 Gbps. For example, the colored circles in the
diagram indicate that traffic from four links is being aggregated and sent to this port.
Four streams of traffic are also being aggregated to the red monitoring tool on the upper left. Since this is a 1 Gbps Monitor
port, aggregated data up to 1 Gbps can be sent to the red tool. If the aggregated traffic exceeds 1 Gbps, packets will be
dropped. To avoid dropping packets, filters should be configured to reduce the aggregated traffic load to 1 Gbps or less.
The two green RMON monitoring tools at the bottom are the same type of tool. Two identical tools provide the capabil-
ity of monitoring a greater amount of data than a single tool can handle. Another reason to use identical monitoring
tools is to provide redundancy in case one of the tools fails. In addition, Director can be configured to send different
types of traffic to each tool, for example, all the TCP traffic to one tool, and the UDP traffic to the other.
7
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
In-line Monitoring of 10 Gigabit Links
To create an in-line link on a 10 Gigabit network segment, use an external network Tap.
Figure 4 shows an LC Fiber Tap being used to send two half-duplex data streams to two 10-Gigabit Director ports. This
configuration creates a fully passive, secure in-line Tap for the 10 Gigabit network link. It is capable of transferring up
to 20 Gbps of total traffic from the full-duplex link to Director.
LC Fiber Tap
10 Gbps
10 Gbps
Router
Switch
Director
A
B
A
B
2
1
Monitoring tools
Figure 4: 10 Gigabit in-line network connection using a network Tap
Figure 5 shows a 10 GigaBit Port Aggregator Tap being used to combine the traffic moving in both directions on a
full-duplex 10 Gigabit link, and send the resulting traffic stream to a single 10-Gigabit Director port. This Tap is also
fully passive and secure. The aggregated traffic from both directions on the link should be less than 10 Gbps; otherwise,
it will exceed the capacity of the Port Aggregator's monitor port and packets may be dropped. However, this should not
be a problem in most cases because network links typically operate at 30 percent or less capacity to prevent congestion.
Port Aggregator Tap
Router
Switch
< 10 Gbps total
Director
A
B
Monitoring tools
Figure 5: 10 Gigabit in-line network connection using a Port Aggregator Tap
8
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Director Front Panel
The features of the Director front panel are shown in the following diagram.
10 SFP
Monitor
Ports
2 XFP
Configurable
10GbE Ports
DNM with 10/100/1000
Copper Network Ports
(6 In-line or 12 Span Ports)
DNM with SX Fiber
Network Ports
(6 In-line or 12 Span Ports)
1
6
2
3
4
5
A
B
A
B
A
B
10 LINK
100 ACT
1000
In-Line
GigaBit
In-Line
10/100/1000
™
Director
2
1
A
B
A
B
1
2
3
4
5
6
7
8
9
10
11
12
7
8
9
10
2 Director Network Module (DNM) Slots
Network Ports
Power LEDs
Monitor Ports
Figure 6: Director Front Panel
Monitor Port LEDs
Each Monitor port has two light-emitting diode (LED) indicators. The Link LED is illuminated when a link is estab-
lished. The Activity LED blinks when traffic is passing through the port. They are located in the middle between the
two rows of SFPs.
DNM / Network Port LEDs
Each 10/100/1000 Network or Span port has two LEDs. The Link LED is illuminated when a link is established. The
Activity LED blinks when traffic is passing through the port. The Link LED also indicates the link speed: amber for
10Mbps, yellow for 100Mbps, and green for a 1000Mbps (1 Gbps). They are integrated in the RJ-45 connectors, Link
on the left and Activity on the right.
Each 1-Gigabit Fiber Network or Span port has a single LED. It illuminates solid when a link is established, and it
flashes when traffic is passing through the port. These Link LEDs are located below the LC fiber connectors.
10 Gigabit Port LEDs
Each configurable 10-Gigabit port has a single LED. It illuminates solid when a link is established, and it flashes when
traffic is passing through the port. These Link LEDs are located to the left of the XFP fiber connectors.
Power LEDs
Two LED indicators for power, one for each of the redundant power supplies.
9
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Director Rear Panel
The features of the Director rear panel are shown in the following diagram.
2 XFP
Daisy-chain
10GbE Ports
Power Supply
Module
Power Supply
Module
Management
Port
USB Port
RS232
Management
Port
INPUT
OUTPUT
SERIAL
NUMBER
XXXXXX
SR, LR, or ER
Fiber XFP Modules
RS-232 Port
Redundant Hot-swappable
Power Supplies
Figure 7: Director Rear Panel
Major features of the rear panel include:
• USB Port—Reserved for future functionality
• RS-232 Port—DB9 serial port for the CLI
• Management Port—A 10/100/1000 network port for the remote management interfaces and software updates;
the CLI runs over an SSH connection through this port; Indigo management tools, when available, will connect
through this port
• XFP Daisy-chain 10GbE Ports—Accepts SR, LR, and ER XFP transceiver modules for daisy-chaining up to
10 chassis
• Power Supply Modules—Universal-input (100-240VAC, 0.5Amp, 47-63Hz), hot-swappable power supplies
with integrated cooling fans; each supply can power the unit independently; dual supplies provide redundancy
to maximize uptime; -48VDC models are also available
10
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Chapter 2
Installing Director
This chapter describes how to install and connect Director devices. The procedure for installing Director follows these
basic steps:
1. Plan the installation
2. Unpack and inspect the Director device
3. Install the DNM modules
4. Install the SFP and XFP modules
5. Rack mount the Director device
6. Connect power to Director
7. Connect the command line interface (CLI) RS-232 DB9 port or the Management port
8. Log into the CLI
9. Configure Director parameters using the CLI
10.Connect Director to the network with Span ports and in-line links
11.Connect the monitoring tools to Director
12.Configure a Matrix Switch connection in Director
13.Check the installation
This chapter pertains to installing a single Director. Chapter 4 addresses daisy-chaining up to 10 Director chassis into a
single logical system.
11
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Plan the Installation
Before you begin the installation of your Director device, determine the following:
• IP address of the Director device, or a range of IP addresses if you are deploying multiple Director devices
• Net Mask for Director
• IP address of the remote management console, if deployed over a WAN; this address is used for SNMP traps
• Gateway to the remote management console, if deployed over a WAN
• Port assignments and filters for the Network and Monitor port connections
Make sure you have a suitable location to install the Director device. For power redundancy, use two independent
power sources.
Unpack and Inspect the Director device
Carefully unpack the Director device, power supplies, and all cables that are provided. Director is delivered with the
following:
• (1) Director device
• (2) Power cords
• Director Quick Install Guide (one sheet)
• (1) CD containing the Director User Guide (this document)
• Network and monitor cables
• RS-232 DB9 cable for use with the CLI
• Extended Warranty if purchased
Check the packing slip against parts received. If any component is missing or damaged, contact Net Optics Customer
Service immediately at +1 (408) 737-7777. (Note: XFP modules are ordered and shipped separately.)
12
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Install Director Network Modules
If the Director Network Modules (DNMs) are not already installed when you receive the unit, install them by sliding
them into the DNM slots in the front panel. (If there is a plate covering the DNM slot, remove it by unscrewing two
thumb-screws, and then install the DNM module.) The DNM circuit boards ride in the rails provided in the slots. Push in
the DNM firmly until you feel the connectors mate and the bezel is flush with the front panel, but do not force them. If you
encounter resistance, withdraw the module and try again, making sure to align the circuit board in the rails and slide the
module straight in. When the DNM is fully seated, fasten it to the front panel with the two captured thumbscrews.
If you are only using a single DNM, it should be installed in the left slot (Slot 1).
Slot 1
Slot 2
Figure 8: Installing Director Network Modules
Install SFP and XFP Monitor port Modules
SFP and XFP modules are shipped separately. Install them as desired in the SFP and XFP slots in the front on the chassis,
and the two XFP slots in the rear. For each module, remove the temporary plug from the SFP or XFP slot and insert the
module until it clicks into place. The photograph on the cover of this Guide shows properly installed SFP and XFP modules.
Rack Mount the Director device
Director is designed for rack mounting in a 19-inch rack panel. The panel occupies one rack unit. To rack mount the
Director device, simply slide it into the desired rack location and secure it using the four supplied screws.
13
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Connect Power to Director
For power fault protection, Director is equipped with redundant power connections. If one power source becomes
unavailable due to an interruption in AC power or failure of the power brick, the other power source keeps Director
operating normally. If both power sources become unavailable, Director passively keeps all in-line network links open,
passing all traffic between the network ports. (When power is not available, no data is seen at the Monitor ports.)
Management
Port
RS232
INPUT
OUTPUT
SERIAL
NUMBER
Model: Dual Gig Copper Port Agg Tap, -48V
P/N: PAD-GCU-48V
XXXXXX
Figure 9: Connecting redundant power supplies
Supply power to Director using the power cords that were included with the unit. If you plan to use redundant power,
make sure that you connect the power supplies to two separate, independent power sources for maximum protection.
One or both Front Panel Power LEDs are illuminated, depending on whether you used one power supply or two.
Connect the local CLI Interface
All configuration options, filters, and status can be accessed using the Director Command Line Interface (CLI). You can
run the CLI locally over the RS-232 serial port or remotely over the Management port.
If you choose to run the CLI locally, connect a DB9 cable from the RS-232 port on the back of the Director chassis to your
computer; the computer needs to have terminal emulation software such as HyperTerminal to access the Director CLI.
To connect the CLI for local use over the RS-232 serial port:
1. Connect a PC with terminal emulation software, such as HyperTerminal (or a Linux workstation running minicom),
to Director using the RS-232 DB9 cable supplied with Director.
Management
Port
RS232
INPUT
OUTPUT
SERIAL
NUMBER
Model: Dual Gig Copper Port Agg Tap, -48V
P/N: PAD-GCU-48V
XXXXXX
To computer with
terminal emulation software
Figure 10: Connecting RS-232 Cable to Director
14
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
2. Launch terminal emulation software and set communication parameters to:
115200 baud
8 data bits
No parity
1 stop bit
No flow control
The Net Optics CLI banner and login prompt are displayed in the Terminal Emulation software.
**********************************************************
*
*
*
*
*
*
Net Optics Command Line Interface (CLI)
Copyright (c) 2008 by Net Optics, Inc.
Restricted Rights Legend
*
*
*
*
*
*
* Use, duplication, or disclosure by the Government is *
* subject to restrictions as set forth in subparagraph *
* (c) of the Commercial Computer Software - Restricted *
* Rights clause at FAR sec. 52.227-19 and subparagraph *
* (c)(1)(ii) of the Rights in Technical Data and Computer*
* Software clause at DFARS sec. 252.227-7013.
*
*
*
*
*
*
*
*
*
*
*
*
*
Net Optics, Inc.
5303 Betsy Ross Drive
Santa Clara, California 95054 USA
+1-408-737-7777
**********************************************************
login user:
Figure 11: CLI sign-on banner
Connect the remote CLI Interface
If you choose to run the CLI remotely, connect a network cable from a switch to the Management port on the back of
the Director chassis. Use any computer with an SSH client to access the CLI over the network.
Note __________________________________________________________________________________________________
Before connecting to the remote CLI interface for the first time, you must connect to the CLI locally and use the
procedure on page 18 to assign Director an IP address that is available on your network.
________________________________________________________________________________________________________
Tip! ___________________________________________________________________________________________________
PuTTY is a freeware SSH client for Windows that can be downloaded from many sites on the Internet.
________________________________________________________________________________________________________
To connect the CLI for remote use over the Management port:
1. Connect the Director Management port to a network switch using a network cable.
2. Open Director from an SSH client on the network, using the IP address you assigned using the local CLI. The SSH
port is 22. Director displays the shell login prompt.
login as:
Figure 12: Shell login prompt
15
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
3. Enter customer to log into the shell. The shell asks for the password.
login as: customer
[email protected]'s password:
Figure 13: Shell login
4. Enter netoptics as the password. For security, the password is not displayed as you type it. The Director CLI runs
and the CLI sign-on banner and login prompt are displayed.
login as: customer
[email protected]'s password:
Last login: Thu Sep 4 09:40:31 2008 from 10.30.1.62
**********************************************************
*
*
*
*
*
*
Net Optics Command Line Interface (CLI)
Copyright (c) 2008 by Net Optics, Inc.
Restricted Rights Legend
*
*
*
*
*
*
* Use, duplication, or disclosure by the Government is *
* subject to restrictions as set forth in subparagraph *
* (c) of the Commercial Computer Software - Restricted *
* Rights clause at FAR sec. 52.227-19 and subparagraph *
* (c)(1)(ii) of the Rights in Technical Data and Computer*
* Software clause at DFARS sec. 252.227-7013.
*
*
*
*
*
*
*
*
*
*
*
*
*
Net Optics, Inc.
5303 Betsy Ross Drive
Santa Clara, California 95054 USA
+1-408-737-7777
**********************************************************
login user:
Figure 14: Shell login as customer (password "netoptics" is not displayed)
Log into the CLI
Each Director maintains a list of accounts for users authorized for access to that particular Director. The default account
for new systems is User Name admin and Password netoptics.
To log into the CLI:
1. Enter the user name. (The default user name is admin.) The Enter Password prompt is displayed.
2. Enter the password. (The default password is netoptics.) For security, the password is not displayed as you type it.
The CLI prompt is displayed.
login user: admin
password:
Net Optics>
Figure 15: Logging into the CLI
16
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Configure Director using the CLI
You should be logged into the Director CLI. The factory-set default values for Director are:
• Username: admin
• Password: netoptics
• IP Address: 10.60.4.180 (address for remote CLI, and for Indigo manager software, when available)
• Netmask: 255.0.0.0 (associated with IP Address)
• Manager IP Address: 192.168.1.2 (address for SNMP traps)
• Gateway IP Address: 10.0.0.1 (associated with Manager IP Address)
• All ports enablesd
A complete list of CLI commands can be viewed by typing Help at the CLI prompt. It is also provided in Appendix B.
You will now use the CLI to:
• Change the login password
• Assign a new IP Address, Netmask, and Gateway IP Addresses
• Assign new remote manager IP Address
• Change port modes
• Set the date and time
• Save and load Director configurations
• Try out the CLI Help command
Your CLI screen should be displaying the "Net Optics:" prompt as shown here:
Net Optics>
If you do not see the "Net Optics>" prompt, try typing Help followed by the Enter key. If the prompt is still not dis-
played, repeat the instructions in the preceding section Connect the local CLI Interface or Connect the remote
CLI Interface and log in again.
Change Director Password
It is strongly recommended that you change the login password from the default to provide security against
unauthorized access.
To change the login password:
1. Enter user mod name=admin pw=<new password> priv=1. The password is changed.
2. Record the new password in a secure location.
If you wish to change the user name, use the user add command to create a new user account under that name. You can
use the user del command to delete the admin account if you wish.
17
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Assign a New Director IP Address, Netmask, and Gateway IP Address
If you are using the local RS-232 serial interface to access the CLI, then you need to configure the IP Address that
Indigo management software, when available, will use to communicate with Director. If Director must communicate
through a Gateway to reach the network, then set the Gateway IP Address for that Gateway.
If you are running the CLI remotely, you can change the IP Address, but when you do, you will lose your SSH
connection since it is talking to the old IP Address. In that case, initiate a new SSH session to the new IP address and
you can continue using the CLI remotely.
To assign a new IP Address, Netmask, and Gateway IPAddress to Director:
1. Enter sysip show. The current IP Address, Netmask, and Gateway IP Address are displayed.
2. Enter sysip set ipaddr=<new ip address> mask=<new netmask> gw=<new gateway>. The IP Address, Netmask,
and Gateway IP Address are made pending.
3. Enter sysip show. Verify that the displayed "Pending Sysip Info" IP Address, Netmask, and Gateway IP Address are
the desired values.
4. Enter sysip commit to activate the new IP Address, Netmask, and Gateway IP Address.
Example: sysip set ipaddr=10.60.4.180 mask=255.0.0.0 gw=10.0.0.1
sysip commit
Tip! ___________________________________________________________________________________________________
The sysip set command requires that all three arguments are present.
________________________________________________________________________________________________________
Assign a New Manager IP Address
Configure the Manager IP Address to the IP Address of the remote management server, for example an IBM Tivoli or
HP OpenView server.
To assign a new Manager IP address to Director:
TBA
Change Port Modes
To change the port mode:
1. Enter port set ports=<portlist> autoneg=< on | off> speed=< 10 | 100 | 1000 > duplex=< full | half> to set the
mode of a 10/100/1000 Copper port.
Example: Enter port set ports=n1.5 autoneg=off speed=100 to set Network Port 5 in DNM 1 to 100Mbps fixed
speed. Duplex mode is left in its default state of full duplex.
2. Repeat Step 1 as desired for ports n1.2 to n1.12, n2.1 to n2.12, m.1 to m.12, and t1.1 to t2.2; this procedure only
affects 10/100/1000 Copper ports.
Tip! ___________________________________________________________________________________________________
You can change the modes of multiple ports in a single command by specifying the ports in the portlist. Use a comma to
separate items in the list, and use a dash (-) to indicate a range. For example, this portlist includes the first three ports
in DNM 1 and the first port in DNM 2: ports=n1.1-n1.3,n2.1
________________________________________________________________________________________________________
18
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Set the Current Date and Time
Director maintains a time-of-day clock which is used to record the time of traffic peak utilization events. Time is based
on the 24-hour clock. The clock must be initialized using the CLI or another management tool.
To change the current date and time:
1. Enter time hh:mm:ss where hh is hour, mm is minutes, and ss is seconds.
2. Enter date mm/dd/yyyy where mm is month, dd is day of the month, and yyyy is year.
Example: time 12:20:00
date 06/24/2008
Save and Load Director Configurations
The entire configuration of Director, including port configurations and filters, can be saved to and loaded from files
stored on Director's internal disk drive. When working with these files from within the CLI, specify only a filename (up
to 32 characters long) without an extension. The current configuration is automatically kept in a file named defaultcfg.
This file is automatically loaded at power up or when the system is reset, so your configuration is persistent. However,
you may wish to save copies of various configurations that you use for different purposes. For example, each person
that uses the device can maintain a separate configuration.
To save the Director configuration:
• Enter save <filename> where <filename> is the name for this configuration. The configuration is saved.
To load a Director configuration:
• Enter load <filename> where <filename> is the name of a saved configuration. The configuration is loaded.
To view a list of all saved Director configurations:
• Enter list. A list of Director configurations is displayed.
To view a saved Director configuration:
• Enter show <filename> where <filename> is the name of a saved configuration. The configuration is displayed.
19
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Using the CLI Help Command
To view CLI help information:
1. Enter Help at the "Net Optics:" prompt. The list of help topics is displayed.
Net Optics> help
commit
date
- save local config to hardware
- set system date
del
filter
help
- delete file 'name'
- set for filter command
- view cli usage
history
image
list
- display command history list
- switch image
- list xml file
load
- load file 'name'
logout
module
passwd
ping
- logout from cm server
- show installed modules in the system
- change password for ssh user's account
- ping 'ipaddr'
port
- set port command
reset
save
show
stats
sysip
time
- reset the whole system
- save file 'name'
- show 'running', 'factory', 'default', or file 'name'
- show/clear ports statistics
- show and set system network IP address
- set system time
upgrade
user
quit or exit
- upgrade image file
- manage user account
- exit current cli session
Net Optics>
Figure 16: Director CLI Help command
2. To view the syntax for changing Director filter parameters, enter help filter.
3. Repeat Step 2 with the command of interest to view the syntax for any command available in the CLI.
For a complete description of all of the CLI commands, see Appendix B.
Tip! ___________________________________________________________________________________________________
Help for an individual command is also displayed if the command is entered without the proper arguments.
________________________________________________________________________________________________________
Tip! ___________________________________________________________________________________________________
The tab key can be used to automatically complete words in the CLI. This function works for commands as well as
arguments. For example, typing the letter "t" followed by the tab key results in "time" being entered in the command
line. Likewise, "da<tab>" auto-completes to the "date" command. However, "d<tab>" does not auto-complete,
because it is ambiguous between the "date" and "del" commands.
________________________________________________________________________________________________________
Tip! ___________________________________________________________________________________________________
To display a list of sub-commands and arguments for any command, press the tap key twice after entering the
command. (A space is required between the command and the <tab><tab>.) For example, type "filter add
<tab><tab>" to display a list of all the arguments that can be used to complete the command.
________________________________________________________________________________________________________
20
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Using the CLI Command History Buffer
You can save a lot of typing by using the command history buffer maintained by the CLI. The up- and down-arrow
keys scroll forward and backward through the history buffer. To execute a command again, simply scroll to that com-
mand and press enter. Alternately, you can scroll to a command and then edit it in-line before executing it. You can
see a history of all the buffered commands by entering the history command. Any command in the history buffer can
be accessed directly by entering ![#] where [#] is the number of the command in the buffer. Operation of the command
history buffer is illustrated in the following example.
Net Optics> show
show name - show 'running', 'factory', 'default', or file 'name'
Net Optics> list
Current config file(s):
test-1
test-7
Net Optics> help ping
ping ipaddr - ping 'ipaddr'
Net Optics> sysip show
Current Sysip Info:
IP addr: 10.60.4.178
IP mask: 255.0.0.0
Gateway: 10.0.0.1
Net Optics> history
1: show
2: list
3: help ping
4: sysip show
Net Optics> !3
Net Optics> help ping
ping ipaddr - ping 'ipaddr'
Net Optics>
Figure 17: CLI command history buffer
21
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Connect Span Ports to Director
To connect Director to the network using Span ports, be sure that at least one of your DNMs is a Span model. Use ports
in that DNM to connect to the network.
Span port numbering is shown in the following diagram. It is the same for Span DNMs and in-line DNMs.
Port # n1.1 .2 .3
.4
.5 . 6
Port # n2.1 .2
.3 .4
.5 . 6
10 LINK
100 ACT
1000
Span
GigaBit
Span
10/100/1000
B
1
2
3
4
5
6
7
8
9
10
11
12
Port # n1.7 .8
.9
.10 .11 .12
Port # n2.7 .8
.9 .10 .11 .12
Port numbers in purple
Figure 18: Port numbering for Span DNM models
Note:__________________________________________________________________________________________________
DNM 1 is on the left and DNM 2 is on the right. In the CLI, the Network ports are designated using the letter "n"
followed by the DNM number, a dot, and then the port number. For example, the Network port on the upper left is n1.1
and the Network port on the lower right is n2.12.
________________________________________________________________________________________________________
To connect a Span port:
1. Plug the appropriate cable into a Director Span port.
2. Plug the other end of the cable into the Span port of the switch. The Link LED for the port illuminates after a short
delay to indicate that a link has been established. If the traffic if flowing from the Span port, two Link LEDs blink.
Repeat for all desired Span port connections.
1
6
2
7
3
8
4
9
5
10 LINK
100 ACT
1000
Spn
10/100/1000
Span
GigaBit
™
Director
2
1
A
B
A
B
1
2
3
4
5
6
7
8
9
10
11
12
10
Figure 19: Span port connections
22
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Connect Director With In-line Network Links
To connect Director to the network using an in-line installation, be sure that at least one of your DNMs is an in-line
model. Tap port-pairs for each link are located side by side, with three links across the top row and three links across
the bottom row. This is true for both Fiber and 10/100/1000 DNMs.
Link #
1
2
3
Link #
7
8
9
Port # n1.1 .2 .3
.4
.5 . 6
Port # n2.1 .2
.3 .4
.5 . 6
A
B
A
B
A
B
10 LINK
100 ACT
1000
In-Line
GigaBit
In-Line
10/100/1000
B
1
2
3
4
5
6
7
8
9
10
11
12
Port # n1.7 .8
.9
.10 .11 .12
6
Port # n2.7 .8
Link # 10
.9 .10 .11 .12
11 12
Link #
4
5
Port numbers in purple
In-line link numbers in green
Figure 20: Port and link numbering for in-line DNM models
To connect an in-line network link:
1. Plug the appropriate cable into an odd-numbered Network port (Port m.o).
2. Plug the other end of the cable into the source switch or router. The Link LED for the port illuminates after a short
delay to indicate that a link has been established.
3. Plug another cable into the connector immediately to the right of Port m.o. It will be numbered 1 higher, or Port
m.(o+1).
4. Plug the other end of the cable into the destination switch or router. The Link LED for the port illuminates after a
short delay to indicate that a link has been established. If present, traffic passes between the source and destination
switches or routers and the two Link LEDs blink.
Repeat for all desired in-line network connections.
23
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
1
6
2
7
3
8
4
9
5
A
B
A
B
A
B
10 LINK
100 ACT
1000
In-Line
10/100/1000
In-Line
GigaBit
™
Director
2
1
A
B
A
B
1
2
3
4
5
6
7
8
9
10
11
12
10
Figure 21: In-line Network connections
Connect Monitoring Tools to Director
To connect a monitoring tool to Director, simply plug the appropriate cable into the desired 1 Gigabit or 10 Gigabit
Monitor port and plug the other end into the monitoring tool. The Link LED for the port should illuminate after a short
delay to indicate that a link has been established. Repeat for all desired monitoring tool connections.
Note:__________________________________________________________________________________________________
In the CLI, the Monitor ports are designated using the letter "m" followed by a dot, and then the port number. For
example, the Monitor port on the upper left is m.1 and the Monitor port on the lower right is m.10.
________________________________________________________________________________________________________
Configure a Matrix Switch connection in Director
In order to monitor a network link, Director must be configured to copy the traffic from a Network or Span port to a
Monitor port. A simple connection is described in this section, operating Director as a Matrix Switch. For more complex
switching and filtering, see Chapter 3.
To monitor Network Port 1 (in DNM 1) on Monitor Port 2:
1. Enter filter add in_ports=n1.1 action=redir redir_ports=m.2. The switch connection is pending.
2. Enter filter commit. The switch connection is activated.
3. Verify that traffic present on Network Port 1 is visible on Monitor Port 2.
Check the Installation
You have connected Director to the network, monitoring tools, and power. It should now be functioning correctly. Check
the status of the following:
• Check that at least one power LED is illuminated.
• Check the link status LEDs located on the front panel to verify that the links are connected.
• Verify that traffic is flowing through in-line connections to attached network devices.
• Verify that traffic present on Network port 1 is visible on Monitor Port 2.
24
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Chapter 3
Configuring Filters Using the CLI
This chapter describes how to use the CLI to determine which monitoring tools are connected to which Network ports.
It also explains how to create filters to limit the amount of traffic copied to Monitor ports, so the monitoring tools
receive only the traffic that is of interest to them.
In this chapter, you will learn to:
• Copy traffic from any Network port to any Monitor port
• Aggregate traffic from any set of Network ports to any Monitor port
• Regenerate traffic from any aggregated set of Network ports to any set of Monitor ports
• Create filters
• Create complex filters
• View filters
• Work with configurable 10 Gigabit ports
• Understand filter interactions
For a complete listing of filter commands in the CLI, see Appendix B.
Syntax
In the CLI, Director ports are specified by alpha-numeric names as follows:
• n1.1, n1.2, n1.3 .. n1.12 – Network ports in the first DNM (the slot on the left); for in-line DNM models, port
n1.1, n1.2 are an in-line link pair; so are n1.3, n1.4, and so on.
• n2.1, n2.2, n2.3 .. n2.12 – Network ports in the second DNM (the slot on the right); for in-line DNM models,
port n2.1, n2.2 are an in-line link pair; so are n2.3, n2.4, and so on.
• m.1, m.2, m.3 .. m.10 – Monitor ports
• t1.1, t1.2 – Configurable 10 Gigabit ports (on the front panel)
• t2.1, t2.2 – Configurable 10 Gigabit ports (on the rear panel)
Most commands accept lists of ports. In port lists, port names are separated by commas and a dash (-) desig-
nates a range. Do not include any space characters in the list (do not put a space after the comma). For example,
n1.1,n1.2,n1.3,n1.4,n1.5-n1.10 is a list that includes Network Ports 1 through 10 on DNM 1.
When you define a filter, you specify an action to be taken when the filter conditions are met. The action can be either
drop or redir (meaning redirect). If the action is drop, then packets which meet the filter criteria are dropped, that is,
they are not copied to any Monitor port. If the action is redir, then packets which meet the filter criteria are copied to
all Monitor ports listed in the redir_ports=<portlist> argument.
25
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Copy Traffic From Any Network Port to Any Monitor Port
Director can be used like a Matrix Switch to direct traffic from any Network port to any Monitor port. To create a
simple switch connection, use a filter add command without specifying any filters.
The filter add command creates pending filters (including switch settings); they are not activated until a filter commit
command is executed. Any number of filter add commands may be issued prior to executing the filter commit command.
Other CLI commands may be executed between the filter add commands as well.
Note:__________________________________________________________________________________________________
The filter commit command is similar to the commit command. However, filter commit activates the new filter in
a dynamic fashion; when Director is reset, the default filters are restored and the new filter is lost. When a commit
command is executed, the new filter is activated AND it is stored as the new default configuration, so it survives a
Director reset.
________________________________________________________________________________________________________
To monitor Network Port 1 on Monitor Port 2, and Network Port 3 on Monitor Port 1:
1. Enter filter add in_ports=n1.1 action=redir redir_ports=m.2. The switch connection is pending.
2. Enter filter add in_ports=n1.3 action=redir redir_ports=m.1. The switch connection is pending.
3. Enter filter commit. The switch connection is activated.
Network Port 1
Network Port 3
Monitor Port 2
Monitor Port 1
ꢀlter add in_ports=n1.1 action=redir redir_ports=m.2
ꢀlter add in_ports=n1.3 action=redir redir_ports=m.1
Figure 22: Matrix switch connections
Aggregate Traffic From Any Set of Network Ports to Any Monitor Port
Director can be used like a Port Aggregator or a Link Aggregator, copying traffic from multiple Network ports to any
Monitor port. The filter add command is again used to do this. The only difference from using the command to connect
a single Network port to a single Monitor port is that a list of Network ports is specified.
To copy aggregated traffic from Network Port 1 and Network Port 2 to Monitor Port 3:
1. Enter filter add in_ports=n1.1,n1.2 action=redir redir_ports=m.3. The aggregation connection is pending.
2. Enter filter commit. The aggregation connection activated.
Note that in this example, Network Port 1 and Network Port 2 may be Span ports, or they can be a paired in-line
network link. The Network port list in the filter add command always applies to the traffic received at the port, not the
traffic transmitted out the port. Therefore, if Network Port 1 and Network Port 2 are an in-line link, then Director has
been configured to act as a Port Aggregator, combining the traffic from both directions on the in-line link and copying it
to the Monitor port.
26
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Network Port 1
Network Port 2
+
Monitor Port 3
ꢀlter add in_ports=n1.1,n1.2 action=redir redir_ports=m.3
Figure 23: Traffic aggregation
Regenerate Traffic to Any Set of Monitor Ports
Director can be used like a Regeneration Tap, copying traffic from a Network port (or aggregated group of Network
ports) to multiple Monitor ports. The filter add command is used to do this. The only difference from using the command
to connect a single or multiple Network ports to a single Monitor port is that a list of Monitor ports is specified.
To regenerate traffic from Network Port 1 to Monitor Ports 3, 4, and 5:
1. Enter filter add in_ports=n1.1 action=redir redir_ports=m.3-m.5. The regeneration connection is pending.
2. Enter filter commit. The regeneration connection is activated.
Monitor Port 3
Network Port 1
Monitor Port 4
Monitor Port 5
ꢀlter add in_ports=n1.1 action=redir redir_ports=m.3-m.5
Figure 24: Traffic regeneration
To aggregate traffic from Network Port 10 and Network Port 11 and regenerate the resulting stream to Monitor
Ports 9 and 10:
1. Enter filter add in_ports=n1.10,n1.11 action=redir redir_ports=m.9,m.10. The aggregation/regeneration
connection is pending.
2. Enter filter commit. The aggregation/regeneration connection is activated.
Network Port 10
Monitor Port 9
+
Monitor Port 10
Network Port 11
ꢀlter add in_ports=n1.10,n1.11 action=redir redir_ports=m.9,m.10
Figure 25: Combined aggregation and regeneration
27
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Create Filters
Filters process a traffic stream by selecting packets based on criteria in the packet header. A filter is defined using a
filter add command, which also specifies the Network ports and Monitor ports the filters apply to. The filter add
command specifies the following behavior:
• Traffic is aggregated from all the listed Network ports
• Then the filter parameters are applied
• Packets which match all of the specified filter parameters are copied to all of the listed Monitor ports, assuming
the action=redir.
• If the action=drop, the matching packets are not copied to any Monitor port; this mechanism is used to create
exclusive filters.
To send Monitor Port 1 all traffic received at Network Port 5 from IP addresses 192.168.10.0 to 192.168.10.15:
1. Enter filter add in_ports=n1.5 ip_src=192.168.10.0 ip_src_mask= 255.255.255.240 action=redir redir_
ports=m.1. A filter has been defined to select all IPv4 packets from Network Port 5 with a source IP addresses
of 192.168.10.0 and the lowest four address bits masked out (ignored); packets matching the filter are copied to
Monitor Port 1.
2. Enter filter commit. The filter is activated.
Source IP =
192.168.10.0 -
192.168.10.15
Network Port 5
Monitor Port 1
ꢀlter add in_ports=n1.5 ip_src=192.168.10.0 ip_src_mask=255.255.255.240 action=redir redir_ports=m.1
Figure 26: Simple IP address filter
To create a filter that selects IPv4 packets by protocol:
1. Enter filter add in_ports=n1.3 ip4_prot=3 action=redir redir_ports=m.6,m.8. A filter has been defined to select
all IPv4 packets that use the TCP protocol received at Network Port 3 and copy them to Monitor Port 6 and Monitor
Port 8. (Protocols are designated by an industry-standard numbering system. See Appendix C for details.)
2. Enter filter commit. The filter is activated.
Monitor Port 6
Protocol =
TCP
Network Port 3
Monitor Port 8
ꢀlter add in_ports=n1.3 ip4_prot=3 action=redir redir_ports=m.6,m.8
Figure 27: Simple IPv4 protocol filter (with regeneration)
Available filter parameters are listed in Appendix B and include:
• ip_proto
IP protocol
28
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
• ip_src, ip_src_mask
• ip_dst, ip_dst_mask
• ip6_src, ip6_src_mask
• ip6_dst, ip6_dst_mask
IPv4 source address and mask
IPv4 destination address and mask
IPv6 source address and mask
IPv6 destination address and mask
• l4_src_port, l4_src_port_mask Layer 4 source port and mask
• l4_dst_port, l4_dst_port_mask Layer 4 destination port and mask
• mac_src, mac_src_mask
• mac_dst, mac_dst_mask
• vlan
MAC source address and mask
MAC destination address and mask
VLAN number
Create Complex Filters
Multiple filter parameters can be specified in a single filter add command. Packets must satisfy all of the filter
parameters to be selected; in other words, the filter parameters have a logical AND connection.
To select all TCP traffic arriving from IP address 192.186.10.0:
1. Enter filter add in_ports=n1.5 ip_src=192.186.10.0 ip_proto=6 action=redir redir_ports=m.1. A filter has been
defined to select all IPv4 TCP packets from Network Port 5 with a source IP address of 192.186.10.0; packets
matching the filter are copied to Monitor Port 1.
2. Enter filter commit. The filter is activated.
Source IP =
192.186.10.0
Protocol =
TCP
Network Port 5
Monitor Port 1
ꢀlter add in_ports=n1.5 ip_src=192.186.10.0 ip_proto=6 action=redir redir_ports=m.1
Figure 28: Logical AND filter connection
A logical OR connection can be made between filters by specifying multiple filters with the same network and monitor
port lists.
To select all packets which are either TCP or UDP protocol:
1. Enter filter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.1. A filter has been defined to select all IPv4
TCP packets from Network Port 5 and copy them to Monitor Port 1.
2. Enter filter add in_ports=n1.5 ip_proto=17 action=redir redir_ports=m.1. Another filter has been defined to
select all IPv4 UDP packets from Network Port 5 and copy them to Monitor Port 1.
3. Enter filter commit. The filters are activated.
29
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Protocol =
TCP
Network Port 5
+
Monitor Port 1
Protocol =
UDP
ꢀlter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.1
ꢀlter add in_ports=n1.5 ip_proto=17 action=redir redir_ports=m.1
Figure 29: Logical OR filter connection
View filters
To view a list of all pending filters, enter filter list. To view the active filters, enter filter running.
Net Optics> filter list
Filter #1
src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00
src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0000
l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=redir
in_ports=t1.01
redir_ports=t1.02
Filter #2
src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00
src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0000
l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=redir
in_ports=t1.02
redir_ports=t1.01
Filter #3
src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00
src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0000
l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=redir
in_ports=n1.01,n1.02,n1.03,n1.04
redir_ports=m.01,m.10
IPv4 filter resource utilization: 2%
Net Optics>
Figure 30: Filter list command
Tip! ___________________________________________________________________________________________________
The ID number (Filter #) shown above each filter in the filter list is the ID that applies for filter del id=<id> and
filter ins id=<id> commands, because all three commands act on the pending filter list. Do not use the IDs in a
filter running list as the reference for filter del or filter ins commands.
________________________________________________________________________________________________________
30
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Work with configurable 10 Gigabit ports
The two configurable 10 Gigabit XFP ports on the front panel are designated t1.1 (on the left) and t1.2 (on the right),
and the two on the rear panel are t2.1 (on the left) and t2.2 (on the right). They can be used in Network port lists and
Monitor port lists. The 10 Gigabit ports are configured for Network or Monitor as required by the filter add commands
you enter. Some examples follow. If separate filter add commands require different configurations for the same XFP
port, the port is configured as required for the command that was entered last.
To use both front-panel XFP ports as Network ports:
1. Enter filter add in_ports=t1.1 ip_proto=6 action=redir redir_ports=m.1. A filter has been defined to select all IPv4
TCP packets from 10 Gigabit Port 1.1 and copy them to Monitor Port 1.
2. Enter filter add in_ports=t1.1 ip_proto=17 action=redir redir_ports=m.2. A filter has been defined to select all IPv4
UDP packets from 10 Gigabit Port 1.1 and copy them to Monitor Port 2.
3. Enter filter add in_ports=t1.2 action=redir redir_ports=m.3. A filter has (switch) been defined to copy all traffic
from10 Gigabit Port 1.2 to Monitor Port 3.
4. Enter filter commit. The filters are activated.
Protocol =
Monitor Port 1
TCP
XFP Port 1.1
Protocol =
Monitor Port 2
UDP
XFP Port 1.2
Monitor Port 3
ꢀlter add t1.1 ip_proto=6 action=redir redir_ports=m.1
ꢀlter add t1.1 ip_proto=17 action=redir redir_ports=m.2
ꢀlter add t1.2 action=redir redir_ports=m.3
Figure 31: Configurable 10 Gigabit XFP ports used as Network ports
To use both front-panel XFP ports as Monitor ports:
1. Enter filter add in_ports=n1.1-n1.4 action=redir redir_ports=t1.1. A filter has been defined to aggregate the traffic
from the first four 1 Gigabit Network Ports and copy the aggregated traffic to 10 Gigabit Port 1.1.
2. Enter filter add in_ports=n1.11 action=redir redir_ports=t1.2. A filter (switch) has been defined to copy all the
traffic from 1 Gigabit Network Port 11 to 10 Gigabit Port 1.2.
3. Enter filter commit. The filters are activated.
31
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Network Port 1
Network Port 2
Network Port 3
Network Port 4
+
XFP Port 1.1
XFP Port 1.2
Network Port 11
ꢀlter add in_ports=n1.1-n1.4 action=redir redir_ports=t1.1
ꢀlter add in_ports=n1.11 action=redir redir_ports=t1.2
Figure 32: Configurable 10 Gigabit XFP ports used as Monitor ports (with aggregation)
To use one XFP port as a Span port and the other XFP port as a Monitor port:
1. Enter filter add in_ports=t1.1 ip_proto=6 action=redir redir_ports=m.1. A filter has been defined to select all IPv4
TCP packets from 10 Gigabit Port 1.1 and copy them to Monitor Port 1. 10 Gigabit XFP Port 1.1 is configured as a
Span port.
2. Enter filter add in_ports=n1.11 action=redir redir_ports=t1.2. A filter has been defined to copy all the traffic from 1
Gigabit Network Port 11 to 10 Gigabit Port 1.2. 10 Gigabit XFP Port 1.2 is configured as a Monitor port.
3. Enter filter commit. The filters are activated.
Protocol =
TCP
Monitor Port 1
XFP Port 1.2
XFP Port 1.1
Network Port 11
ꢀlter add in_ports=t1.1 ip_proto=6 action=redir redir_ports=m.1
ꢀlter add in_ports=n1.11 action=redir redir_ports=t1.2
Figure 33: Configurable 10 Gigabit XFP ports used one Span port and one Monitor port
32
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Understand filter interactions
It is important to understand that Director uses Content Addressable Memory (CAM) technology to implement filters.
As each filter is defined, it is stored in the next available entry in the CAM. Each packet header is compared in the
CAM, and the CAM returns the index of the first filter that the packet header matched. That filter, and only that filter,
controls which monitoring ports receive a copy of the packet. Other filters are not executed for that packet. Therefore,
filters are not completely independent; one filter can affect the operation of another.
Let's walk through an example of a filter interaction that may be unexpected.
First, we will set up a filter for an IP address:
filter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1
filter commit
CAM
Address Filter
n1.5 ip_src=192.186.10.0 m.1
Source IP =
192.168.10.0 -
192.168.10.15
Network Port 5
Monitor Port 1
1
ꢀlter add in_ports=n1.5 ip_src=192.168.10.0 ip_src_mask=255.255.255.240 action=redir redir_ports=m.1
Figure 34: A simple IP address filter, shown with CAM
All traffic from Network Port 5 that comes from IP address 192.186.10.0 matches the first CAM entry and therefore is
copied to Monitor Port 1.
Next, suppose we want another monitoring tool to see all the TCP traffic from Network Port 5, so we set up this filter:
filter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2
filter commit
CAM
Address Filter
Source IP =
192.186.10.0
Monitor Port 1
1
2
n1.5 ip_src=192.186.10.0 m.1
n1.5 ip_proto=TCP m.2
Filter interactions
are not shown!
Network Port 5
Protocol =
TCP
Monitor Port 2
ꢀlter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1
ꢀlter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2
Figure 35: Incorrect flow diagram of two filters; filter interaction in CAM is neglected
33
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Have we achieved our goal of sending all the TCP traffic to Monitor Port 2? Not quite. What happens when an TCP
packet arrives from 192.186.10.0? It matches the filter at CAM address 1, so it is copied to Monitor Port 1. But that is
all that happens; it does not go to Monitor Port 2. The flow is correctly shown in the following diagram.
CAM
Address Filter
match
Source IP =
192.186.10.0
Network Port 5
Monitor Port 1
Monitor Port 2
1
2
n1.5 ip_src=192.186.10.0 m.1
n1.5 ip_proto=TCP m.2
no match
Protocol =
TCP
ꢀlter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1
ꢀlter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2
Figure 36: Correct flow diagram for two interacting filters
To achieve the desired result of sending all TCP traffic to Monitor Port 2, clear the existing filters (filter discard
command) and create three new filters by entering:
filter add in_ports=n1.5 ip_src=192.186.10.0 ip_proto=6 action=redir redir_ports=m.1,m.2
filter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1
filter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2
filter commit
The flow diagram now looks as follows.
CAM
Source IP =
192.186.10.0
&
Protocol=
TCP
Address Filter
Monitor Port 1
Monitor Port 2
+
Network Port 5
1
n1.5 ip_src=192.186.10.0 ip_proto=TCP
m.1,m.2
+
2
3
n1.5 ip_src=192.186.10.0
n1.5 ip_proto=TCP m.2
no match
match
Source IP =
192.186.10.0
no match
Protocol =
TCP
ꢀlter add in_ports=n1.5 ip_src=192.186.10.0 ip_proto=6 action=redir redir_ports=m.1,m.2
ꢀlter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1
ꢀlter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2
Figure 37: Correct way to send all TCP traffic to Monitor Port 2
Now, packets that match both the IP address and protocol conditions are copied to both monitor ports, while packets
that match only one of the conditions are directed to the desired monitor port.
34
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Note:__________________________________________________________________________________________________
Instead of filter add, you can use a filter ins command to define filters. The only difference is that filter ins
allows you to specify the filter's ID, which is its position in the pending filter list. (Use filter list so see the IDs
of all pending filters.) When you use a filter ins command, the first argument must be id=<id> where <id> is a
decimal number in the range 1 to 999. For example: filter ins id=2 in_ports=n1.1 out_ports=m.1 defines a filter
that sends all the traffic from Network Port 1 to Monitor Port 1 and places this filter in the second location in the
pending filter list.
________________________________________________________________________________________________________
Tip! ___________________________________________________________________________________________________
The filter del command can be used to delete a filter from the pending filter list. The syntax is a filter del id=<id>
where <id> is a decimal number in the range 1 to 999 corresponding to the position in the pending filter list. Use
the filter list command so see the IDs of all pending filters.
________________________________________________________________________________________________________
Exclusive filters
Filters can be specified using action=drop in order to create exclusive filters. (An exclusive filter excludes packets rather
an including them.) For example, suppose you would like to monitor all traffic on a link except for the UDP traffic. To
specify this filter, use the following commands. Note that the drop filter must come first so it is earlier in the CAM.
filter add in_ports=n1.1 ip_proto=17 action=drop
filter add in_ports=n1.1 action=redir redir_ports=m.1
filter commit
CAM
Address Filter
match
Protocol =
UDP
Network Port 1
(drop)
1
2
n1.1 ip_proto=UDP action=drop
n1.1 m.1
no match
All
Monitor Port 1
ꢀlter add in_ports=n1.1 ip_proto=17 action=drop
ꢀlter add in_ports=n1.1 action=redir redir_ports=m.1
Figure 38: Creating an exclusive filter
Tip! ___________________________________________________________________________________________________
If you only define switch connections, with no filtering, the CAM is not involved and the switches do not interact.
________________________________________________________________________________________________________
Tip! ___________________________________________________________________________________________________
Filters that use exclusive sets of Network ports (each Network port is included in only a single filter) do not interact.
For example,
filter add in_ports=n1.1-n1.5 <filter_parameter_list> <monitor_port_list>
does not interact with
filter add in_ports=n1.6-n1.10 <filter_parameter_list> <monitor_port_list>
________________________________________________________________________________________________________
35
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Understand pending and active filters
To understand the actions of filter commands such as filter commit, filter discard, and filter delete, it is helpful to
visualize the pending filter list and the CAM that holds the active filters.
The previous section explained how the active filters are stored in a CAM, which can be thought of as list of active
filters. These filters, which are actively running in the device, may be referred to as active, running, or committed.
Pending filters, that is, filters that have been defined using filter add and filter ins commands but not yet committed,
are kept in a pending filter list that shadows the CAM. These filters may be referred to as pending or uncommitted. The
following table shows which filter commands affect the pending filter list and which affect the CAM.
Commands apply to
Pending filter list
CAM
filter add
filter del
filter discard
filter ins
commit
filter clear
filter commit
filter running
filter list
filter sync
As can be seen from the table, most of the time you work with the contents of the pending filter list. When you have the
filters set up the way you want them in the pending filter list, a commit or filter commit command transfers the con-
tents of the pending filter list to the CAM, activating that filter set-up. (Remeber that commit also changes Director's
default configuration, but filter commit does not.)
A common workflow for changing the Director filter configuration might be as follows.
To change the Director filter configuration:
Pending filter list
Address Filter
CAM
Address Filter
1
2
n1.1 ip_proto=UDP action=drop
n1.1 m.1
Figure 39: Starting state
36
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
1. Enter filter running to view the currently active filters in the CAM.
Net Optics> filter running
Filter #1
src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00
src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0017
l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=drop
in_ports=
Filter #2
src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00
src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0000
l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=redir
in_ports=n1.1
redir_ports=m.1
IPv4 filter resource utilization: 2%
Net Optics>
Figure 40: Filter running command
2. Enter filter sync. The contents of the CAM are copied to the pending filter list.
Pending filter list
Address Filter
CAM
Address Filter
1
2
n1.1 ip_proto=UDP action=drop
n1.1 m.1
1
2
n1.1 ip_proto=UDP action=drop
n1.1 m.1
Figure 41: After filter sync
3. Use filter add, filter ins, and filter del commands to change filters as desired.
Pending filter list
CAM
Address Filter
Address Filter
1
2
3
n1.1 ip_proto=TCP action=drop
1
2
n1.1 ip_proto=UDP action=drop
n1.1 m.1
n1.1 m.1
n1.2 m.2
Figure 42: Filter 1 has been changed and filter 3 has been added
37
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
4. Enter filter list to view the pending filter list.
Net Optics> filter list
Filter #1
src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00
src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0006
l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=drop
in_ports=
Filter #2
src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00
src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0000
l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=redir
in_ports=n1.1
redir_ports=m.1
Filter #3
src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00
src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0000
l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=redir
in_ports=n1.2
redir_ports=m.2
IPv4 filter resource utilization: 2%
Net Optics>
Figure 43: Filter list command
6. Repeat steps 3 and 4 until the pending filter list is consistent with the desired filter configuration.
7. Enter filter commit. The contents of the pending filter list are copied to the CAM, activating the new filter
configuration.
Pending filter list
Address Filter
CAM
Address Filter
1
2
3
n1.1 ip_proto=TCP action=drop
1
2
3
n1.1 ip_proto=TCP action=drop
n1.1 m.1
n1.2 m.2
n1.1 m.1
n1.2 m.2
Figure 44: After filter commit
38
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Be aware of these similar pairs of commands:
• filter discard clears the pending filter list, while filter clear clears the CAM
• filter list shows the pending filter list, while filter running shows the CAM
• filter commit copies the pending filter list to the CAM, while filter sync copies the CAM to the pending filter list
Pending filter list
Address Filter
CAM
Address Filter
filter commit
filter sync
1
2
1
2
filter discard to clear
filter clear to clear
filter list to view contents
filter running to view contents
Figure 45: Pairs of similar filter commands
Filter capacity
The capacity of Director's filtering function is roughly 1,000 filter elements per chassis, where a filter element is
a port list or a filter parameter. For example, filter add in_ports=n1.1-n1.7 ip_proto=6 vlan=100 action=redir
redir_ports=m.1-m.5,m.10 has four filter elements:
1. in_ports=n1.1-n1.7
2. ip_proto=6
3. vlan=100
4. redir_ports=m.1-m.5,m.10
Counting filter elements is only a rough gauge of filter utilization, and is not recommended. Instead, examine the
pending filter list or CAM contents with filter list and filter running commands. The filter resource utilization is
displayed after the filter list.
Warning!______________________________________________________________________________________________
User interactions
When multiple users are logged into Director at the same time, each user has a separate pending filter list in which to
create filter configurations. However, there is only one CAM, so any time a user executes a commit or filter commit
command, the CAM takes on the filter configuration from that user's pending filter list, and those become the active
filters on Director. For this reason, it is a good idea to use a filter sync command to get the current contents of the
CAM before adding or modifying filters; that way, the filters that you don't touch remain unaffected after you commit.
________________________________________________________________________________________________________
39
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Chapter 4
Daisy-chaining Multiple Director Chassis
This chapter describes how to expand the capacity of Director by daisy-chaining multiple Director chassis. The
complete set of chassis becomes a single logical system with up to 380 total ports. By using long-reach ER links,
chassis can be physically separated by as much as 25 miles (40 kilometers), enabling monitoring of entire campuses or
multiple campuses with a single Director system.
Daisy-chaining chassis is not supported in the initial release of Director. This chapter will be expanded when
daisy-chain functionality becomes available.
40
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Appendix A
Director Specifications
Specifications, chassis
Mechanical
Dimensions: 1.6” high x 15.65” deep x 17” wide
Mounting: Surface or 19” rack mount (1U)
Weight: TBA
Connectors
Network Port Slots: (2) Director Network Module (DNM)
Monitor Ports: (10) SFP
Configurable 10Gigabit Ports: (4) XFP (2 can be used for uplinks to daisy-chain chassis)
Management Port: (1) RJ45 10/100/1000 Copper Network
Configuration (CLI) Port: (1) RS-232 DB9
USB Port: (1) Reserved for future functionality
Power: (2) AC universal
Electrical Interface
Power: 100-240VAC, 2A, 47-63Hz (Japan: 100-125VAC, ~120 VA, 50-60Hz), -48VDC available
Indicators
(All ports) Link LEDs (with speed indication on Copper ports),
(All ports) Activity LEDs
(1) Alarm LED
(2) Power LEDs
Performance
Hardware throughput: 74Gbps
TapFlow Smart filtering: More than 1,000 filter elements per chassis; filter by IP source address , IP destination ad-
dress, MAC source address, MAC destination address, source port, destination port, protocol, network port or port
group, VLAN
RMON statistics for each Network and Monitor port: Current utilization, peak utilization, peak time, total packets,
total bytes, CRC errors, collision packets
Internal disk drive: 2.5-inch, SATA, 30 Gigabyte, 5400 RPM
Software
Net Optics Web Manager—compatible with all major Web browsers
Net Optics System Manager—compatible with Windows XP, Windows 2000, and Windows 98
SNMP v3 support
41
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Specifications, DNM
Copper Interface
(12) RJ45 Network Ports 10/100/1000Mbps
(6) In-line links or (12) Span ports depending on model
22-24 AWG unshielded twisted pair cable, CAT5e or better recommended
Fiber Optic Interface
(12) Gigabit SX, LX, or ZX Network Ports, LC type
(6) In-line links or (12) Span ports depending on model
Fiber Types: Corning Multimode 62.5/125μm
Corning Multimode 50/125μm
Corning Singlemode 8.5/125μm
Transceiver: SX GigaBit 850nm, VCSEL, supports 62.5/125μm
SX GigaBit 850nm, VCSEL, supports 50/125μm
LX GigaBit 1310nm, laser, supports 8.5/125μm
ZX GigaBit 1550nm, laser, supports 8.5/125μm
Safety: Class 1, eye-safe, laser emitter type; conforms to the applicable requirements per US 21 CFR (J) and EN
60825-1; also UL 1950 applications
Environmental
Operating Temperature: 0˚C to 55˚C
Storage Temperature: -10˚C to 70˚C
Relative Humidity: 10% min, 95% max, non-condensing
Certifications
FCC, CE, FCC, VCCI, C-Tick, and WEEE certified
Fully RoHS compliant
Available Models
Models, Main Chassis
DIR-3400 Director Main Chassis with 10 SFP monitor ports
DIR-7400 Director Main Chassis with 10 SFP monitor ports, 2 XFP 10GbE ports, 2 XFP uplink ports
DNMs
DNM-100 6-Port 10/100/1000 Copper In-Line Module
DNM-110 12-Port 10/100/1000 Copper Span Module
DNM-200 6-Port Gigabit SX Fiber 62.5μm In-Line Module
DNM-210 12-Port Gigabit SX Fiber 62.5μm Span Module
DNM-220 6-Port Gigabit SX Fiber 50μm In-Line Module
DNM-230 12-Port Gigabit SX Fiber 50μm Span Module
DNM-300 6-Port Gigabit LX Fiber In-Line Module
DNM-310 12-Port Gigabit LX Fiber Span Module
DNM-320 6-Port Gigabit ZX Fiber In-Line Module
DNM-330 12-Port Gigabit ZX Fiber Span Module
42
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Appendix B
Command Line Interface
Tip! ___________________________________________________________________________________________________
The command line interface (CLI) is case-sensitive; commands must be entered in lower case. However, certain items
such as user-defined text strings, user names, and passwords may be entered in upper, lower, or mixed case, and are
case-sensitive also.
________________________________________________________________________________________________________
Tip! ___________________________________________________________________________________________________
The tab key can be used to automatically complete words in the CLI. This function works for commands as well as
arguments. For example, typing the letter "t" followed by the tab key results in "time" being entered in the command
line. Likewise, "da<tab>" auto-completes to the "date" command. However, "d<tab>" does not auto-complete,
because it is ambiguous between the "date" and "del" commands.
________________________________________________________________________________________________________
Tip! ___________________________________________________________________________________________________
To display a list of sub-commands and arguments for any command, press the tap key twice after entering the
command. (A space is required between the command and the <tab><tab>.) For example, type "filter add
<tab><tab>" to display a list of all the arguments that can be used to complete the command.
________________________________________________________________________________________________________
Port numbering:
• Network ports are numbered ns.p where
• s is the DNM module (1 or 2; 1 is on the left, 2 is on the right)
• p is the port number within the DNM (1 through 12)
• for example, n2.1 and n2.12 are the lowest and highest port numbers in the second DNM
• Monitor ports are numbered m.1 through m.10)
• Configurable 10 Gigabit ports are numbered t1.1 and t1.2 (front panel) and t2.1 and t2.2 (rear panel)
• a portlist is a list of ports separated by commas; dashes may be used to specify ranges; for example,
n1.1,n1.2,n1.3 and n1.1-n1.3 mean the same thing; NOTE: Do not include any space characters in the list (do
not put a space after the comma)
A string is a string of characters up to 32 characters in length, not case sensitive; valid characters are A-Z, a-z, 1-9, -, _
Privilege levels – User accounts are assigned at one of three privilege levels:
• root (level 1) – access to all CLI commands; only the root level can use the user and passwd commands
• admin (level 2) – access to all CLI commands except user and passwd
• user (level 3) – can access only these CLI read-only commands: help, history, list, ping, show, exit, logout, quit
The CLI commands are specified in the following table.
43
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Command Sub-Command Arguments
Example and description
!
[#] (a number)
!3
Executes a command from the CLI command history
buffer
(see history command)
commit
date
commit
Activates pending changes previously defined using
filter commands AND saves the changes as the new
default configuration
<date>
date 06/24/2008
Arguments:
<date> is mm/dd/yyyy
Sets the system calendar date; if <date> is omitted,
the current date is displayed
del
<filename>
del my_configuration-1
Arguments:
<filename> is the name of the file to delete; a
string; do not include an extension
Deletes a previously saved Director configuration file
(see save command)
exit
exit
Exits the CLI shell (same as logout and quit)
Note: To maintain system security, control is not
returned to the command shell.
filter
add
ipv6=y
filter add in_ports=n1.1-n1.3 ip_src=10.1.1.1
action=drop
Arguments:
in_ports=<network_portlist>
<qual>=<value>
action=< redir | drop >
redir_ports=<monitor_portlist>
ipv6=y for IPv6 addressing; omit for IPv4
<network_portlist> — traffic from the network
ports specified in this portlist is aggregated before
being sent to the filter
Notes:
<qual> and <value> are filter qualifiers and values
as listed in the table that follows this table; any
number of <qual>=<value> pairs may be included
Specify redir or drop as the filter action —
if redir, packets matching all of the <qual> are
copied to all of the Monitor ports specified in the
portlist <monitor_portlist>
The command may include
any number of <qual>, up
to the limit of Director's filter
resources (approximately
1,000 <qual> per chassis)
The action=< redir | drop >
argument is required
if drop, packets matching all of the <qual> are
dropped
If action=redir, then
redir_ports=<monitor_portlist> Defines a filter, including the network and monitor
argument is required
ports involved in the filter; filter is pending (inactive)
until activated by a filter commit or commit command
Note: If the filter command does not include any
<qual>, it defines aggregation, regeneration, and
matrix switching functions without filtering
clear
filter clear
Clears all active filters
44
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Command Sub-Command Arguments
Example and description
filter
commit
filter commit
(continued)
Activates pending filters previously defined using
filter add and filter ins commands but does NOT save
the changes as the new default configuration
del
ipv6=y
filter del id=3
id=<id>
Arguments:
ipv6=y for IPv6 addressing; omit for IPv4
<id> is a decimal number from 1 to 999 that
identifies which filter is to be deleted
Deletes a pending filter
discard
ins
filter discard
Clears all pending filters
id=<id>
ipv6=y
filter ins id=myfilter-1 in_ports=n1.1-n1.3 ip_
src=10.1.1.1 action=drop
in_ports=<network_portlist> Arguments:
<qual>=<value>
<id> is a decimal number from 1 to 999 that
action=< redir | drop >
redir_ports=<monitor_portlist>
specifies the priority of this filter (the address for
the filter in the filter CAM)
The rest of the filter parameters are as defined for
the filter add command
Defines and prioritizes a filter
list
ipv6=y
ipv6=y
filter list
Arguments:
ipv6=y for IPv6 addressing; omit for IPv4
Displays all pending filters (with filter IDs)
running
sync
filter running
Arguments:
ipv6=y for IPv6 addressing; omit for IPv4
Displays all active filters
filter sync
Loads the pending filter list with a copy of the currently
active filters
help
<command>
help filter
Arguments:
<command> is any CLI command
Displays information about the specified CLI command;
if <command> is omitted, displays a list of all CLI
commands
history
history
Displays a numbered list of previously executed CLI
commands; any command can be executed directly
by entering the command number preceded by an
exclamation point; up- and down-arrow keys can be
used to scroll through the command history buffer
(see ! command)
45
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Command Sub-Command Arguments
Example and description
image
< 1 | 2 >
image 2
Arguments:
Valid values are 1 and 2
Chooses which system image to boot from (see
upgrade command)
show
image show
Lists the names of both system images and indicates
which one is running, and which one is selected to
boot from (arrow next to image name)
list
list
Shows a list of filenames of saved Director device
configurations (see save command)
load
<filename>
load my_configuration-1
Arguments:
<filename> is the name of the file to load; a string;
do not include an extension
Loads a previously saved Director configuration (see
save command)
logout
logout
Exits the CLI shell (same as exit and quit)
Note: To maintain system security, control is not
returned to the command shell.
module
show
module show
Lists information about Director hardware modules
including system serial number, DNM types, and
XFPs
passwd
passwd
Interactively changes the password of the SSH user
This
account
command
is only
available
at root
level
ping
<address>
ping 10.1.1.4
Arguments:
<address> is an IP address
Pings the specified IP address to check for connectivity
port
set
ports=<portlist>
port set n1.1-n1.3 autoneg=on duplex=full
Arguments:
autoneg=< on | off >
duplex=< full | half >
speed=< 10 | 100 | 1000 >
<portllist> is a portlist
For other arguments, select a value from the
listed choices
For 10/100/100 Copper interface Network and Moni-
tor ports, enables or disables autonegotiation; selects
the duplex mode; and sets the fixed speed (10Mbps,
100Mbps, or 1000Mbps) if autonegotiation is off
show
port show
Displays the current port status and settings
46
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Command Sub-Command Arguments
Example and description
quit
quit
Exits the CLI shell (same as exit and logout)
Note: To maintain system security, control is not
returned to the command shell.
reset
reset
Reboots the Director device; also called warm boot;
similar to power-cycling the device; reloads the
default configuration
save
<filename>
save my_configuration-1
Arguments:
<filename> is the name of the file where the
configuration is saved; a string; do not include an
extension
Saves the Director device configuration to a file;
saved information includes port set-up and filters
show
running | factory |
<filename>
show my_configuration-1
Arguments:
running to show configuration that is currently
operating
factory to show configuration set at the factory
<filename> is the name of a saved configuration
file to display; a string; do not include an extension
Displays the contents of the specified configuration
or saved configuration file (see save command)
stats
clear
ports=all|<[portlist>
ports=all|<[portlist>
stats clear ports=all
Clears RMON statistics for the designated ports
show
commit
discard
set
stats show ports=m.2,n1.4
Displays RMON statistics for the designated ports
sysip
sysip commit
Activates pending changes defined with sysip set
sysip discard
Clears any pending changes defined with sysip set
ipaddr=<address>
mask=<netmask>
gw=<gateway>
sysip set ipaddr=192.168.1.2 mask=255.255.0.0>
Arguments:
<address> is the IP address (default: 192.168.1.2)
<mask> is the netmask (default: 255.0.0.0)
<gateway> is the gateway IP address (default:
192.168.1.1)
Note: All three arguments are
required
Sets the Director IP address, netmask, and gateway
IP address; requires a sysip commit command to
activate the new settings
show
sysip show
Displays the current Director IP address information,
as well as any pending IP address information that
was set with a sysip set command
47
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Command Sub-Command Arguments
Example and description
time
<time>
time 13:02:00
Arguments:
<time> is hh:mm:ss
Sets the system time-of-day; if <time> is omitted, the
current time is displayed
upgrade
srvip=<svrip>
upgrade srvip=168.192.20.2 user=bob pw=bobpw
file=image021108
Arguments:
user=<username>
pw=<passwd>
file=<filename>
<svrip> is the IP address of the server that the
new image file is on
Note: All four arguments are
required
<username> is the user name needed for FTP
access to the server
<passwd> is the password needed for FTP
access to the server
<filename> is the name of the image file
Replaces the backup system boot image (the one
that is not the current image) with the image in the
specified file (see image command)
user
add
name=<username>
pw=<password>
priv=<level>
user add name=bob pw=bob-pw priv=3
Arguments:
This
<username> is the username, a string
<password> is the password, a string
<level> is 1, 2, or 3 (other values not applicable);
1=root; 2=admin; 3=user
command
is only
available
at root
level
Note: All three arguments are
required
Creates a new user account
del
name=<username>
user del name=bill
Arguments:
<username> is the user name of the account you
wish to delete
Deletes a user account
mod
name=<username>
pw=<password>
priv=<level>
user mod name=bill pw=billpw priv=2
Arguments:
<username> is the user name of the account you
want to change, a string
Note: All three arguments are
required
<password> is the new password for the account
to, a string
<level> is 1, 2, or 3 (other values not applicable);
1=root; 2=admin; 3=user
Modifies a user account
show
user show
Lists all the currently defined user accounts
48
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Filter parameters
Switches and filters are defined using the filter add and filter ins commands. The filter add command syntax is:
filter ipv6=y add in_ports=<portlist> <filter_parameter_list> action=<redir|drop> redir_ports=<portlist>
The <filter_parameter_list> is a sequence of zero or more of the filter qualifiers as listed in the following table.
If the <filter_parameter_list> is empty, the filter add command specifies an aggregation of the traffic received on all of
the in_ports. If the action=redir, the aggregated traffic stream is regenerated to all of the redir_ports.
If the <filter_parameter_list> contains filters, aggregation and regeneration take place as described in the previous
paragraph. However, the filters are applied to the aggregated traffic stream before it is copied to the monitor ports. If
multiple filter qualifiers are specified, a packet must satisfy all of the filter qualifiers in order to be copied to the monitor
ports. In other words, the filter qualifiers are combined with a logical AND condition. A logical OR condition can be
created by using multiple filter add commands with identical port lists.
The filter add and filter ins commands define filters but do not activate them. A subsequent filter commit or commit
command must be executed to activate the filters. This mechanism enables an interrelated group of filters to be activated
simultaneously. It also allows you to double-check your filter definitions before you activate them. The commit command
also rewrites the default Director configuration (the defaultcfg file), while filter commit does not.
Note that IPv6 and IPv4 filters are maintained separately. It is important to include the "ipv6=y" argument when dealing
with IPv6 filters, and omit it when dealing with IPv4 filters.
It is also important to note that packets are filtered using a Content Addressable Memory or CAM. Each filter is a CAM
entry, and the CAM is filled in the order that the filter add commands are entered. Filter ins commands create filters
in specific locations in the CAM. When a packet is processed, the first filter in the CAM that matches the packet is the
only filter that is activated. Each packet can activate exactly zero or one filters. See Understand filter interactions
near the end of Chapter 3 for examples.
All supported filter qualifiers are shown in the table on the following page.
49
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Director Filter Parameters
<qual>
ip_proto
ip_src
<value>
Example
Description
Number*
ip_proto=6
Layer 4 IP protocol
IPv4 source address
IPv4 address
ip_src=168.10.4.1
ip_src_mask=255.255.255.0
ip_dst=168.10.4.2
ip_dst_mask=255.255.255.0
ip_src_mask IPv4 address mask
ip_dst IPv4 address
ip_dst_mask IPv4 address mask
Mask for IPv4 source address
IPv4 destination address
Mask for IPv4 destination ad-
dress
ip6_src
IPv6 address
ip6_src=1234:5678:9abc:def0:12 IPv6 source address
34:5678:9abc:def0
ip6_src_
mask
IPv6 address mask
ip6_src_mask=
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Mask for IPv6 source address
ip6_dst
IPv6 address
ip6_dst=1234:5678::9abc
IPv6 destination address
ip6_dst_
mask
IPv6 address mask
ip6_dst_mask=
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Mask for IPv6 destination ad-
dress
l4_src_port
Port number
l4_src_port=80
Layer 4 source port
l4_src_port_ Port mask
mask
l4_src_port_mask=ffff
Mask for Layer 4 source port
l4_dst_port
Port number
l4_dst_port=80
Layer 4 destination port
l4_dst_port_ Port mask
mask
l4_dst_port_mask=fff0
Mask for Layer 4 destination
port
mac_src
MAC address
mac_src=01:23:45:67:89:ab
mac_src_mask=ff:ff:ff:ff:ff:ff
MAC source address
mac_src_
mask
MAC address mask
Mask for MAC source address
mac_dst
MAC address
mac_dst=11:22:33:44:55:66
mac_dst_mask=ff:ff:ff:ff:ff:00
MAC destination address
mac_dst_
mask
MAC address mask
Mask for MAC destination
address
vlan
VLAN number
vlan=128
VLAN
* See Appendix C for a complete list of protocol numbers. Some common protocols include:
Number
Keyword
ICMP
IGMP
TCP
Protocol
1
2
Internet Control Message Protocol
Internet Group Message Protocol
Transmission Control Protocol
User Datagram Protocol
6
17
89
132
UDP
OSPF
SCTP
Open Shortest Path First
Stream Control Transmission Protocol
50
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Appendix C
Protocol Numbers
The official Assigned Internet Protocol Numbers list is maintained by the Internet Assigned Numbers Authority and
can be found at http://www.iana.org/assignments/protocol-numbers. The list as of April 18, 2008 is reproduced in the
following table (without references).
Num
Keyword Protocol
Num
30
Keyword Protocol
0
1
2
3
4
5
6
7
8
9
HOPOPT IPv6 Hop-by-Hop Option
NETBLT
Bulk Data Transfer Protocol
ICMP
IGMP
GGP
IP
Internet Control Message
Internet Group Management
Gateway-to-Gateway
IP in IP (encapsulation)
Stream
31
MFE-NSP MFE Network Services
Protocol
32
33
MERIT-
INP
MERIT Internodal Protocol
DCCP
Datagram Congestion Control
Protocol
ST
TCP
CBT
EGP
IGP
Transmission Control
CBT
34
35
3PC
Third Party Connect Protocol
IDPR
Inter-Domain Policy Routing
Protocol
Exterior Gateway Protocol
36
37
38
XTP
DDP
XTP
any private interior gateway
(used by Cisco for their
IGRP)
Datagram Delivery Protocol
IDPR-
CMTP
IDPR Control Message
Transport Proto
10
BBN-
RCC-
MON
BBN RCC Monitoring
39
40
41
42
TP++
IL
TP++ Transport Protocol
IL Transport Protocol
Ipv6
11
12
13
14
15
16
17
18
19
NVP-II
PUP
Network Voice Protocol
PUP
IPv6
SDRP
Source Demand Routing
Protocol
ARGUS
EMCON
XNET
CHAOS
UDP
ARGUS
EMCON
43
IPv6-
Routing Header for IPv6
Cross Net Debugger
Chaos
Route
44
45
IPv6-Frag Fragment Header for IPv6
User Datagram
Multiplexing
IDRP
Inter-Domain Routing Pro-
tocol
MUX
46
47
RSVP
GRE
Reservation Protocol
DCN-
DCN Measurement Subsys-
MEAS
tems
General Routing Encapsula-
tion
20
21
22
23
24
25
26
27
28
29
HMP
Host Monitoring
48
DSR
Dynamic Source Routing
PRM
Packet Radio Measurement
XEROX NS IDP
Protocol
XNS-IDP
49
50
51
52
BNA
ESP
AH
BNA
TRUNK-1 Trunk-1
TRUNK-2 Trunk-2
Encap Security Payload
Authentication Header
LEAF-1
LEAF-2
RDP
Leaf-1
I-NLSP
Integrated Net Layer Security
Leaf-2
TUBA
Reliable Data Protocol
Internet Reliable Transaction
ISO Transport Protocol Class 4
53
54
SWIPE
NARP
IP with Encryption
IRTP
NBMA Address Resolution
Protocol
ISO-TP4
51
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Num
55
Keyword Protocol
Num
Keyword Protocol
MOBILE
TLSP
IP Mobility
85
NSFNET- NSFNET-IGP
IGP
56
Transport Layer Security
Protocol using Kryptonet key
management
86
87
88
89
90
DGP
Dissimilar Gateway Protocol
TCF
TCF
57
58
SKIP
SKIP
EIGRP
EIGRP
IPv6-
ICMP
ICMP for IPv6
OSPFIGP OSPFIGP
Sprite-
RPC
Sprite RPC Protocol
59
IPv6-
No Next Header for IPv6
NoNxt
91
LARP
Locus Address Resolution
Protocol
60
61
62
63
64
IPv6-Opts Destination Options for IPv6
any host internal protocol
92
93
94
MTP
AX.25
IPIP
Multicast Transport Protocol
AX.25 Frames
CFTP
CFTP
any local network
IP-within-IP Encapsulation
Protocol
SAT-
EXPAK
SATNET and Backroom
EXPAK
95
96
97
MICP
Mobile Internetworking Con-
trol Pro.
65
66
KRYPTO- Kryptolan
LAN
SCC-SP
Semaphore Communications
Sec. Pro.
RVD
MIT Remote Virtual Disk
Protocol
ETHERIP Ethernet-within-IP Encapsu-
67
68
69
70
71
72
IPPC
Internet Pluribus Packet Core
any distributed file system
lation
98
99
ENCAP
Encapsulation Header
SAT-MON SATNET Monitoring
any private encryption
scheme
VISA
IPCV
CPNX
VISA Protocol
100
101
GMTP
IFMP
GMTP
Internet Packet Core Utility
Ipsilon Flow Management
Protocol
Computer Protocol Network
Executive
102
103
PNNI
PIM
PNNI over IP
73
CPHB
Computer Protocol Heart
Beat
Protocol Independent Mul-
ticast
74
75
76
WSN
PVP
Wang Span Network
Packet Video Protocol
104
105
106
107
108
ARIS
SCPS
QNX
ARIS
SCPS
BR-SAT-
MON
Backroom SATNET Monitor-
ing
QNX
77
SUN-ND
SUN ND PROTOCOL-Tem-
porary
A/N
Active Networks
IPComp
IP Payload Compression
78
79
WB-MON WIDEBAND Monitoring
Protocol
WB-
WIDEBAND EXPAK
109
110
SNP
Sitara Networks Protocol
EXPAK
Compaq- Compaq Peer Protocol
Peer
80
81
82
ISO-IP
VMTP
ISO Internet Protocol
VMTP
111
112
IPX-in-IP
VRRP
IPX in IP
SECURE- SECURE-VMTP
VMTP
Virtual Router Redundancy
Protocol
83
84
VINES
TTP
VINES
TTP
113
114
PGM
PGM Reliable Transport
Protocol
any 0-hop protocol
52
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Num
115
116
117
Keyword Protocol
Num
Keyword Protocol
L2TP
DDX
IATP
Layer Two Tunneling Protocol
134
RSVP-
E2E-
IGNORE
D-II Data Exchange (DDX)
Interactive Agent Transfer
Protocol
135
Mobility
Header
118
119
120
121
122
123
STP
SRP
UTI
Schedule Transfer Protocol
136
137
UDPLite
SpectraLink Radio Protocol
MPLS-
in-IP
UTI
SMP
SM
Simple Message Protocol
SM
138
139
manet
MANET Protocols
Host Identity Protocol
HIP
PTP
Performance Transparency
140
to
252
Unassigned
Use for experimentation and
testing
Protocol
124
ISIS over
IPv4
253
254
125
110
FIRE
Use for experimentation and
testing
CRTP
Combat Radio Transport
Protocol
255
Reserved
127
128
CRUDP
Combat Radio User Data-
gram
SSCOP-
MCE
129
130
131
IPLT
SPS
PIPE
Secure Packet Shield
Private IP Encapsulation
within IP
132
133
SCTP
FC
Stream Control Transmission
Protocol
Fibre Channel
53
Download from Www.Somanuals.com. All Manuals Search And Download.
Director
Limitations on Warranty and Liability
Net Optics offers a limited warranty for all its products. IN NO EVENT SHALL NET OPTICS, INC. BE LIABLE FOR ANY
DAMAGES INCURRED BY THE USE OF THE PRODUCTS (INCLUDING BOTH HARDWARE AND SOFTWARE) DE-
SCRIBED IN THIS MANUAL, OR BY ANY DEFECT OR INACCURACY IN THIS MANUAL ITSELF. THIS INCLUDES
BUT IS NOT LIMITED TO LOST PROFITS, LOST SAVINGS, AND ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES
ARISING FROM THE USE OR INABILITY TO USE THIS PRODUCT, even if Net Optics has been advised of the possibility of
such damages. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential
damages, so the above limitation or exclusion may not apply to you.
Net Optics, Inc. warrants this Tap to be in good working order for a period of ONE YEAR from the date of purchase from Net
Optics or an authorized Net Optics reseller.
Should the unit fail anytime during the said ONE YEAR period, Net Optics will, at its discretion, repair or replace the product. This
warranty is limited to defects in workmanship and materials and does not cover damage from accident, disaster, misuse, abuse or
unauthorized modifications.
If you have a problem and require service, please call the number listed at the end of this section and speak with our technical ser-
vice personnel. They may provide you with an RMA number, which must accompany any returned product. Return the product in
its original shipping container (or equivalent) insured and with proof of purchase.
Additional Information
Net Optics, Inc. reserves the right to make changes in specifications and other information contained in this document without prior
notice. Every effort has been made to ensure that the information in this document is accurate. Net Optics is not responsible for
typographical errors.
THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, EXPRESS
OR IMPLIED. No Net Optics reseller, agent, or employee is authorized to make any modification, extension, or addition to this
warranty.
Net Optics is always open to any comments or suggestions you may have about its products and/or this manual.
Send correspondence to
Net Optics, Inc.
5303 Betsy Ross Drive
Santa Clara, CA 95054 USA
Telephone: +1 (408) 737-7777
Fax: +1 (408) 745-7719
All Rights Reserved. Printed in the U.S.A. No part of this publication may be reproduced, transmitted, transcribed, stored in a
retrieval system, or translated into any language or computer language, in any form, by any means, without prior written consent
of Net Optics, Inc., with the following exceptions: Any person is authorized to store documentation on a single computer for
personal use only and that the documentation contains Net Optics’ copyright notice.
54
Download from Www.Somanuals.com. All Manuals Search And Download.
© 2008 by Net Optics, Inc. All Rights Reserved.
Download from Www.Somanuals.com. All Manuals Search And Download.
|