Net Optics Director Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Net Optics Director an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Net Optics Director, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Net Optics Director die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Net Optics Director. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung Net Optics Director sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Net Optics Director
- Den Namen des Produzenten und das Produktionsjahr des Geräts Net Optics Director
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Net Optics Director
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Net Optics Director zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Net Optics Director und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Net Optics finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Net Optics Director zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Net Optics Director, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Net Optics Director widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    User Guide Data Monitoring Switch Doc. PUBDIRU Rev . 3, 1 1/08 ww w.netoptics.com 1 2 B A A B IDS Analyzer 2 Analyzer 1 RMON 1 RMON 2 Forensic[...]

  • Seite 2

    PLEASE READ THESE LEGAL NOTICES CAREFULL Y . By using a Net Optics Director device you agree to the terms and conditions of usage set forth by Net Optics, Inc. No licenses, express or implied, are granted with respect to any of the technology described in this manual. Net Optics retains all intellectual property rights associated with the technolog[...]

  • Seite 3

    Director Contents Chapter 1 Introduction Key Features ............................................................................ 2 About this Guide ......................................................................... 3 D i r e c t o r A r c h i t e c t u r e ..................................................................... 4 USB port ...[...]

  • Seite 4

    Director Chapter 3 Conguring Filter s Using the CL I Syntax ................................................................................ 25 Copy T rafc From Any Network Port to Any Monitor Port ....................................... 26 Aggregate T rafc From Any Set of Network Ports to Any Monitor Port ............................. 26 [...]

  • Seite 5

    Director 1 Chapter 1 Intr oduction Net Optics Director is a key component for building a comprehensive, consolidated monitoring infrastructure for both network management and security . It extends the range of visibility for data monitoring across conver ged data and digital voice networks, while eliminating monitoring port contention and minimizin[...]

  • Seite 6

    Director 2 K ey F eatures Ease of Use T ap, aggregation, regeneration, matrix switch, and lter functions in a single device • 19-inch rack frame, 1U high • Front-mounted connectors for quick and easy installation • LED indicators show Power , Link, and Activity status • Modular design for conguration exibility • RMON statistics, [...]

  • Seite 7

    Director 3 About this Guide Please read this entire guide before installing Director . This guide applies to the following part numbers: Chassis Part Number Description DIR-3400 Director Main Chassis with 10 SFP monitor ports DIR-7400 Director Main Chassis with 10 SFP monitor ports, 2 XFP 10GbE ports, 2 XFP uplink ports DNM Part Number Description [...]

  • Seite 8

    Director 4 Director Ar chitecture The fo llowing di agram show s a schema tic view o f the arc hitecture of the Dir ector devi ce shown a s a Matrix Switch wi th ltering. The black dots indicate aggregating Matrix Switch connections between Network Ports and Monitor Ports. K e y : Network or Span port Monitor Port Aggregating switch conection Di[...]

  • Seite 9

    Director 5 The inpu ts ar e div ided into three grou ps: t wo DN Ms pl us th e 10 GbE p orts. In-l ine D NM mo dels suppo rt 6 in-li ne li nks, whi le Sp an DN M mod els s uppor t 12 Span ports . T he di agram show s one in-l ine and o ne Sp an DN M. Bo th in -line and Span DNMs are available with either Copper or SX, LX, or ZX Fiber interfaces. Di[...]

  • Seite 10

    Director 6 Typical Application The following diagram shows a typical application using Director to implement a comprehensive, consolidated monitoring infrastructure. ww w.netoptics.com 1 2 B A A B IDS Analyzer 2 Analyzer 1 RMON 1 RMON 2 Forensic Director-centric network monitoring infrastructure Figure 2: In this example, eight network links are mo[...]

  • Seite 11

    Director 7 In this installation, Director has ten additional Span ports and one in-line link that are available for expansion, when more links need to be monitored. Monitoring T ools St il l r ef err in g t o Fig ur e 2 , si x m on ito ri ng to ols a re co nne ct ed to D ire ct or . Th ey in clu de pr ot oco l and p erf or man ce a nal yz ers , RMO[...]

  • Seite 12

    Director 8 In-line Monitoring of 10 Gigabit Links T o create an in-line link on a 10 Gigabit network segment, use an external network T ap. Figure 4 shows an LC Fiber T ap being used to send two half-duplex data streams to two 10-Gigabit Director ports. This conguration creates a fully passive, secure in-line T ap for the 10 Gigabit network link[...]

  • Seite 13

    Director 9 Director Front Panel The features of the Director front panel are shown in the following diagram. www.netoptics.com ™ Director 1 2 B A 1 6 2 7 3 8 5 10 4 9 A B In-Line 10/100/1000 10 100 1000 LINK ACT In-Line GigaBit 1 2 3 4 5 6 7 8 9 10 11 12 A B A B A B 10 SFP Monitor Ports 2 XFP Configurable 10GbE Ports 2 Direct or Network Module (D[...]

  • Seite 14

    Director 10 Director Rear P anel The features of the Director rear panel are shown in the following diagram. Management Port RS232 INPUT OUTPUT SERIAL NUMBER XXXXXX Power Supply Module Managemen t Port RS-232 Port 2 XFP Daisy-chain 10GbE Ports SR, LR, or ER Fiber XFP Modules Redundant Hot-swappable Power Supplies USB Port Power Supply Module Direct[...]

  • Seite 15

    Director 11 Chapter 2 Installing Dir ector This chapter describes how to install and connect Director devices. The procedure for installing Director follows these basic steps: Plan the installation 1. Unpack and inspect the Director device 2. Install the DNM modules 3. Install the SFP and XFP modules 4. Rack mount the Director device 5. Connect pow[...]

  • Seite 16

    Director 12 Plan the Installation Before you begin the installation of your Director device, determine the following: IP address of the Director device, or • a range of IP addresses if you are deploying multiple Director devices Net Mask for Director • IP address of the remote management console, if deployed over a W AN; this address is used fo[...]

  • Seite 17

    Director 13 Install Director Networ k Modules If the Director Network Modules (DNMs) are not already installed when you receive the unit, install them by sliding them into the DNM slots in the front panel. (If there is a plate covering the DNM slot, remove it by unscrewing two thumb- screws, an d then ins tall the D NM module. ) The DNM circui t bo[...]

  • Seite 18

    Director 14 Connect P ower to Director For power fault protection, Director is equipped with redundant power connections. If one power source becomes unavailable due to an interruption in AC power or failure of the power brick, the other power source keeps Director operating normally . If both power sources become unavailable, Director passively ke[...]

  • Seite 19

    Director 15 Launch terminal emulation software and set communication parameters to: 2. 1 15200 baud 8 data bits No parity 1 stop bit Noowcontrol The Net Optics CLI banner and login prompt are displayed in the T erminal Emulation software. ********************************************************** * Net Optics Command Line Interface (CLI) *[...]

  • Seite 20

    Director 16 Enter 3. customer to log into the shell. The shell asks for the password. login as: customer customer@10.60.4.180's password: Shell login Figure 13: Enter 4. netoptics as the password. For security , the password is not displayed as you type it. The Director CLI runs and the CLI sign-on banner and login prompt are displayed. login [...]

  • Seite 21

    Director 17 Congure Dir ector using the CLI Y ou should be logged into the Director CLI. The factory-set default values for Director are: Username: • admin Password: • netoptics IP Address: • 10.60.4.180 (address for remote CLI, and for Indigo manager software, when available) Netmask: • 255.0.0.0 (associated with IP Address) Manager IP [...]

  • Seite 22

    Director 18 Assign a New Director IP Ad dress, Netmask, and Gateway IP Address If you are using the local RS-232 serial interface to access the CLI, then you need to congure the IP Address that Indigo management software, when available, will use to communicate with Director . If Director must communicate through a Gateway to reach the network, [...]

  • Seite 23

    Director 19 Set the Cur rent Date and Time Director maintains a time-of-day clock which is used to record the time of trafc peak utilization events. T ime is based on the 24-hour clock. The clock must be initialized using the CLI or another management tool. T o change the current date and time: Enter 1. time hh:mm:ss where hh is hour , mm is min[...]

  • Seite 24

    Director 20 Using the CLI Help Command T o view CLI help information: Enter 1. Help at the "Net Optics:" prompt. The list of help topics is displayed. Net Optics> help commit - save local cong to hardware date - set system date del - delete le 'name' lter - set for lter command help - view cli usage history - disp[...]

  • Seite 25

    Director 21 Using the CLI Command Histor y Buffer Y ou can save a lot of typing by using the command history buffer maintained by the CLI. The up- and down-arrow keys scroll forward and backward through the history buffer . T o execute a command again, simply scroll to that com- mand and press enter . Alternately , you can scroll to a command and t[...]

  • Seite 26

    Director 22 Connect Span P or ts to Director T o connect Director to the network using Span ports, be sure that at least one of your DNMs is a Span model. Use ports in that DNM to connect to the network. Span port numbering is shown in the following diagram. It is the same for Span DNMs and in-line DNMs. ww w.netoptics.com ™ Director 1 2 B A 1 6 [...]

  • Seite 27

    Director 23 Connect Director W ith In-line Networ k Links T o connect Director to the network using an in-line installation, be sure that at least one of your DNMs is an in-line model. T ap port-pairs for each link are located side by side, with three links across the top row and three links across the bottom row . This is true for both Fiber and 1[...]

  • Seite 28

    Director 24 ww w.netoptics.com ™ Director 1 2 B A 1 6 2 7 3 8 5 10 4 9 A B In-Line 10/100/1000 10 100 1000 LINK ACT In-Line GigaBit 123456789 10 11 12 A B A B A B In-line Network connections Figure 21: Connect Monitoring T ools to Dir ector T o connect a monitoring tool to Director, simply plug the appropriate cable into the desired 1 Gigabit or [...]

  • Seite 29

    Director 25 Chapter 3 Conguring Filter s Using the CLI This chapter describes how to use the CLI to determine which monitoring tools are connected to which Network ports. It also explains how to create lters to limit the amount of trafc copied to Monitor ports, so the monitoring tools receive only the trafc that is of interest to them. [...]

  • Seite 30

    Director 26 Copy T r afc F r om Any Network Por t to Any Monitor Por t Director can be used like a Matrix Switch to direct trafc from any Network port to any Monitor port. T o create a simple switch connection, use a lteradd command without specifying any lters. The lter add command creates pending lters (including switch se[...]

  • Seite 31

    Director 27 Network Port 1 Network Port 2 Monitor Port 3 + lter add in_ports=n1.1,n1.2 action=redir redir_por ts=m.3 T rafc aggregation Figure 23: R e gener a te T r afc to Any Set of Monitor P or ts Director can be used like a Regeneration T ap, copying trafc from a Network port (or aggregated group of Network ports) to multiple Monito[...]

  • Seite 32

    Director 28 Create Filter s Filters process a trafc stream by selecting packets based on criteria in the packet header . A lter is dened using a lteradd command, which also species the Network ports and Monitor ports the lters apply to. The lteradd com mand species the following behavior: T rafc is aggregated [...]

  • Seite 33

    Director 29 ip_src, ip_src_mask IPv4 source address and mask • ip_dst, ip_dst_mask IPv4 destination address and mask • ip6_src, ip6_src_mask IPv6 source address and mask • ip6_dst, ip6_dst_mask IPv6 destination address and mask • l4_src_port, l4_src_port_mask Layer 4 source port and mask • l4_dst_port, l4_dst_port_mask Layer 4 destination[...]

  • Seite 34

    Director 30 Monitor Port 1 Network Port 5 lter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.1 lter add in_ports=n1.5 ip_proto=17 action=redir redir_ports=m.1 Protoc ol = TC P Protoc ol = UDP + Logical OR lter connection Figure 29: View lter s T o view a list of all pending lters, enter lterlist . T o view the active [...]

  • Seite 35

    Director 31 W or k with congur able 10 Gigabit por ts The two congurable 10 Gigabit XFP ports on the front panel are designated t1.1 (on the left) and t1.2 (on the right), and the two on the rear panel are t2.1 (on the left) and t2.2 (on the right). They can be used in Network port lists and Monitor port lists. The 10 Gigabit ports are con[...]

  • Seite 36

    Director 32 lter add in_ports=n1.11 action=redir redir_por ts=t1.2 lter add in_ports=n1.1-n1.4 action=redir redir_por ts=t1.1 XFP Port 1.2 XFP Port 1.1 Network Port 11 Network Port 1 Network Port 4 Network Port 2 Network Port 3 + Congurable 10 Gigabit XFP ports used as Monitor ports (with aggregation) Figure 32: T o use one XFP port as a S[...]

  • Seite 37

    Director 33 Under stand lter interactions It is important to understand that Director uses Content Addressable Memory (CAM) technology to implement lters. As each lter is dened, it is stored in the next available entry in the CAM. Each packet header is compared in the CAM, and the CAM returns the index of the rst lter that the pac[...]

  • Seite 38

    Director 34 Have we achieved our goal of sending all the TCP trafc to Monitor Port 2? Not quite. What happens when an TCP packet arrives from 192.186.10.0? It matches the lter at CAM address 1, so it is copied to Monitor Port 1. But that is all that happens; it does not go to Monitor Port 2. The ow is correctly shown in the following diagr[...]

  • Seite 39

    Director 35 Note: __________________________________________________________________________________________________ Instead of lteradd , you can use a lter ins command to dene lters. The only difference is that lter ins allows you to specify the lter's ID, which is its position in the pending lter list. (Use l[...]

  • Seite 40

    Director 36 Under stand pending and activ e lter s T o understand the actions of lter commands such as ltercommit,lterdiscard, and lter delete, it is helpful to visualize the pending lter list and the CAM that holds the active lters. The previous section explained how the active lters are stored in a CAM, w[...]

  • Seite 41

    Director 37 Enter 1. lterrunning to view the currently active lters in the CAM. Net Optics> lter running Filter #1 src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00 src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0017 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=drop in_ports= Filter #2 src_mac=00:00[...]

  • Seite 42

    Director 38 Enter 4. lterlist to view the pending lter list. Net Optics> lter list Filter #1 src_mac=00:00:00:00:00:00 dst_mac=00:00:00:00:00:00 src_ip=0.0.0.0/255.255.255.255,dst_ip=0.0.0.0/255.255.255.255,ip_proto=0006 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=drop in_ports= Filter #2 src_mac=00:00:00:00:00:00 dst_mac=0[...]

  • Seite 43

    Director 39 Be aware of these similar pairs of commands: lterdiscard • clears the pending lter list, while lterclear clears the CAM lterlist • shows the pending lter list, while lterrunning shows the CAM ltercommit • copies the pending lter list to the CAM, while ltersync copies the CAM[...]

  • Seite 44

    Director 40 Chapter 4 Daisy-c haining Multiple Dir ector Chassis This chapter describes how to expand the capacity of Director by daisy-chaining multiple Director chassis. The complete set of chassis becomes a single logical system with up to 380 total ports. By using long-reach ER links, chassis can be physically separated by as much as 25 miles ([...]

  • Seite 45

    Director 41 A ppendix A Dir ector Specica tions Specications, c hassis Mechanical Dimensions: 1.6” high x 15.65” deep x 17” wide Mounting: Surface or 19” rack mount (1U) W eight: TBA Connectors Network Port Slots: (2) Director Network Module (DNM) Monitor Ports: (10) SFP Congurable 10Gigabit Ports: (4) XFP (2 can be used for uplink[...]

  • Seite 46

    Director 42 Specications, DNM Copper Interface (12) RJ45 Network Ports 10/100/1000Mbps (6) In-line links or (12) Span ports depending on model 22-24 A WG unshielded twisted pair cable, CA T5e or better recommended Fiber Optic Interface (12) Gigabit SX, LX, or ZX Network Ports, LC type (6) In-line links or (12) Span ports depending on model Fiber[...]

  • Seite 47

    Director 43 A ppendix B Command Line Interface Tip! ___________________________________________________________________________________________________ The command line interface (CLI) is case-sensitive; commands must be enter ed in lower case. However , certain items such as user-dened text strings, user names, and passwor ds may be enter ed in[...]

  • Seite 48

    Director 44 Command Sub-Command Arguments Example and description ! [#] (a number) !3 Executes a command from the CLI command history buffer (see history command) commit commit Activates pending changes previously dened using lter commands AND saves the changes as the new default conguration date <date> date 06/24/2008 Arguments: <[...]

  • Seite 49

    Director 45 Command Sub-Command Arguments Example and description lter (continued) commit lter commit Activates pending lters previously dened using lter add and lter ins commands but does NOT save the changes as the new default conguration del ipv6=y id=<id> lter del id=3 Arguments: ipv6=y for IPv6 addressing; omit fo[...]

  • Seite 50

    Director 46 Command Sub-Command Arguments Example and description image < 1 | 2 > image 2 Arguments: V alid values are 1 and 2 Chooses which system image to boot from (see upgrade command) show image show Lists the names of both system images and indicates which one is running, and which one is selected to boot from (arrow next to image name)[...]

  • Seite 51

    Director 47 Command Sub-Command Arguments Example and description quit quit Exits the CLI shell (same as exit and logout ) Note: T o maintain system security , control is not returned to the command shell. reset reset Reboots the Director device; also called warm boot; si mi la r to p ow er -cycling the device; reloads the default conguration sa[...]

  • Seite 52

    Director 48 Command Sub-Command Arguments Example and description time <time> time 13:02:00 Arguments: <time> is hh:mm:ss Sets the system time-of-day; if <time> is omitted, the current time is displayed upgrade srvip=<svrip> user=<username> pw=<passwd> le=<lename> N ot e : A ll f ou r a r g um e nt s [...]

  • Seite 53

    Director 49 Filter parameter s Switches and lters are dened using the lteradd and lter ins commands. The lteradd command syntax is: lter ipv6=y add in_ports=< portlist > <lter_parameter_list> action=<redir|drop> redir_ports=< portlist > The <lter_parameter_list> is a sequence o[...]

  • Seite 54

    Director 50 Director Filter Parameters <qual> <value> Example Description ip_proto Number* ip_proto=6 Layer 4 IP protocol ip_src IPv4 address ip_src=168.10.4.1 IPv4 source address ip_src_mask IPv4 address mask ip_src_mask=255.255.255.0 Mask for IPv4 source address ip_dst IPv4 address ip_dst=168.10.4.2 IPv4 destination address ip_dst_mas[...]

  • Seite 55

    Director 51 A ppendix C Pr otocol Number s The ofcial Assigned Internet Protocol Numbers list is maintained by the Internet Assigned Numbers Authority and can be found at http://www .iana.or g/assignments/protocol-number s. The list as of April 18, 2008 is reproduced in the following table (without references). Num Keyword Protocol 0 HOPOPT IPv6[...]

  • Seite 56

    Director 52 Num Keyword Protocol 55 MOBILE IP Mobility 56 TLSP T ransport Layer Security Protocol using Kryptonet key management 57 SKIP SKIP 58 IPv6- ICMP ICMP for IPv6 59 IPv6- NoNxt No Next Header for IPv6 60 IPv6-Opts Destination Options for IPv6 61 any host internal protocol 62 CFTP CFTP 63 any local network 64 SA T - EXP AK SA TNET and Backro[...]

  • Seite 57

    Director 53 Num Keyword Protocol 1 15 L2TP Layer T wo T unneling Protocol 1 16 DDX D-II Data Exchange (DDX) 1 17 IA TP Interactive Agent T ransfer Protocol 1 18 STP Schedule T ransfer Protocol 1 19 SRP SpectraLink Radio Protocol 120 UTI UTI 121 SMP Simple Message Protocol 122 SM SM 123 PTP Performance T ransparency Protocol 124 ISIS over IPv4 125 F[...]

  • Seite 58

    Director 54 Limitations on W ar r anty and Liability Net Optics of fers a limited warranty for all its products. IN NO EVENT SHALL NET OPTICS, INC. BE LIABLE FOR ANY DAMAGES INCURRED BY THE USE OF THE PRODUCTS (INCLUDING BOTH HARDW ARE AND SOFTW ARE) DE - SCRIBED IN THIS MANUAL, OR BY ANY DEFECT OR INACCURACY IN THIS MANUAL ITSELF . THIS INCLUDES B[...]

  • Seite 59

    © 2008 by Net Optics, Inc. All Rights Reserved. www .netoptics.com[...]