Net Optics Director User Manual

Net Optics Director User Manual

Data monitoring switch
Hide thumbs Also See for Director:
Table of Contents

Advertisement

A
B
A
2
B
1
www.netoptics.com
Analyzer 1
IDS
Analyzer 2
Forensic
RMON 1
RMON 2

User Guide

Data Monitoring Switch
Doc. 800-0090-001 Rev D PUBDIRU 7/09

Advertisement

Table of Contents
loading

Summary of Contents for Net Optics Director

  • Page 1: User Guide

    User Guide Data Monitoring Switch www.netoptics.com Analyzer 1 Analyzer 2 Forensic RMON 1 RMON 2 Doc. 800-0090-001 Rev D PUBDIRU 7/09...
  • Page 2 Trademarks and Copyrights © 2008-2009 by Net Optics, Inc. Net Optics is a registered trademark of Net Optics, Inc. Director is a trademark of Net Optics, Inc. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.
  • Page 3: Table Of Contents

    Change the Director Login Password ........... . 19 Assign a New Director IP Address, Netmask, and Gateway IP Address ......20 Change the SSH Password .
  • Page 4 Upgrade Director software to support multi-unit operation ........
  • Page 5 Configure Director ........
  • Page 7: Chapter 1 Introduction

    Monitor ports. Expandable Two 10 Gigabit ports on the rear of the unit enable daisy-chaining up to ten Director chassis to expand the number of available ports, for a total of 380 ports in a fully expanded system (when available).
  • Page 8: Key Features

    • Fully RoHS compliant Unsurpassed Support • Net Optics offers technical support throughout the lifetime of your purchase. Our technical support team is available from 8:00 to 17:00 Pacific Time, Monday through Friday at +1 (408) 737-7777 and via e-mail at...
  • Page 9: About This Guide

    Director About this Guide Please read this entire guide before installing Director. This guide applies to the following part numbers: Chassis Part Number Description DIR-3400 Director Main Chassis with 10 SFP monitor ports DIR-3400DC Director Main Chassis with 10 SFP monitor ports, -48VDC...
  • Page 10: Director Architecture

    Figure 1: Director internal architecture Director can be viewed as a matrix switch with up to 28 inputs, or Network ports, and 14 outputs, or Monitor ports. Any number of inputs can be directed to each of the outputs; Director aggregates the traffic from those Network ports and sends them to the Monitor ports.
  • Page 11: Usb Port

    UDF pattern, but all filters within a system share a common offset value. CRC Forwarding Director can be set to forward packets to the monitoring data stream even if they contain CRC errors. This feature can be turned on or off using the system set CLI command.
  • Page 12: Director Management

    In this example, eight network links are monitored by six monitoring devices. The company's external access is protect- ed by a firewall, shown in the upper left of the diagram. The link runs through a router, then in-line through Director, and then to a switch that distributes traffic throughout a department.
  • Page 13 Director traffic, and the links stay open to pass traffic even if both of the Director power supplies are removed. (When power is removed, 10/100/1000 Copper in-line links may be dropped for a short period of time —less than 1 second—while relays switch to open the link.
  • Page 14: In-Line Monitoring Of 10 Gigabit Links

    To create an in-line link on a 10 Gigabit network segment, use an external network Tap. Figure 4 shows an LC Fiber Tap being used to send two half-duplex data streams to two 10-Gigabit Director ports. This configuration creates a fully passive, secure in-line Tap for the 10 Gigabit network link. It is capable of transferring up to 20 Gbps of total traffic from the full-duplex link to Director.
  • Page 15: Director Front Panel

    Director Director Front Panel The features of the Director front panel are shown in the following diagram. 10 SFP 2 XFP DNM with 10/100/1000 DNM with SX Fiber Monitor Configurable Copper Network Ports Network Ports Ports 10GbE Ports (6 In-line or 12 Span Ports)
  • Page 16: Director Rear Panel

    Director Director Rear Panel The features of the Director rear panel are shown in the following diagram. 2 XFP Daisy-chain Power Supply Power Supply Management 10GbE Ports Module Module USB Port Port RS232 Management INPUT OUTPUT Port SERIAL XXXXXX NUMBER...
  • Page 17: Installing Director

    12. Connect the monitoring tools to Director 13. Configure a Matrix Switch connection in Director 14. Check the installation This chapter pertains to installing a single Director. Chapter 4 addresses daisy-chaining up to 10 Director chassis into a single logical system.
  • Page 18: Plan The Installation

    Plan the Installation Before you begin the installation of your Director device, determine the following: • IP address of the Director device, or a range of IP addresses if you are deploying multiple Director devices • Net Mask for Director •...
  • Page 19: Install Sfp And Xfp Monitor Port Modules

    The shorter set supports racks up to 24.5 inches deep, and the longer set is for racks up to 31.5 inches deep. The slotted part of each bracket attaches to the side of the Director chassis with two screws;...
  • Page 20: Connect The Local Cli Interface

    CLI locally over the RS232 serial port or remotely over the Management port. If you choose to run the CLI locally, connect a DB9 cable from the RS232 port on the back of the Director chassis to your computer;...
  • Page 21: Connect The Remote Cli Interface

    Note: __________________________________________________________________________________________________ Your SSH client may give you a security warning if the RSA key in Director is not known to the client, or does not match the RSA key known to the client (because you have regenerated the RSA key in Director). Different SSH clients may require different actions to enable them to accept the new RSA key.
  • Page 22 * (c)(1)(ii) of the Rights in Technical Data and Computer * * Software clause at DFARS sec. 252.227-7013. Net Optics, Inc. 5303 Betsy Ross Drive Santa Clara, California 95054 (408) 737-7777 e-mail: ts-support@netoptics.com *********************************************************** user login: Figure 13: Shell login as director (password "netoptics" is not displayed)
  • Page 23: Log Into The Cli

    Director Log into the CLI Each Director maintains a list of accounts for users authorized for access to that particular Director. The default account for new systems is User Name admin and Password netoptics. To log into the CLI: 1. Enter the user name. (The default user name is admin.) The Enter Password prompt is displayed.
  • Page 24: Use The Cli Help Command

    Use the CLI Help Command To view CLI help information: 1. Enter Help (or ?) at the "Net Optics>" prompt. The Director Main Help Menu is displayed. 2. To view the syntax for changing Director filter parameters, enter help filter. 3. Repeat Step 2 with the command of interest to view the syntax for any command available in the CLI.
  • Page 25: Configure Director Using The Cli

    Your CLI screen should be displaying the "Net Optics>" prompt as shown here: Net Optics> If you do not see the "Net Optics>" prompt, try typing Help followed by the Enter key. If the prompt is still not dis- played, repeat the instructions in the preceding section...
  • Page 26: Assign A New Director Ip Address, Netmask, And Gateway Ip Address

    If you are using the local RS232 serial interface to access the CLI, then you need to configure the IP Address that Indigo management software, when available, will use to communicate with Director. If Director must communicate through a Gateway to reach the network, then set the Gateway IP Address for that Gateway.
  • Page 27: Set The Current Date And Time

    Set the Current Date and Time Director maintains a time-of-day clock which is used to record the time of traffic peak utilization events. Time is based on the 24-hour clock. The clock must be initialized using the CLI or another management tool.
  • Page 28: Create Aliases

    Aliases are names that replace an argument value, command token, or string of tokens, including entire commands. (A token is a text string delimited with spaces or the = sign.) Director maintains a single alias list that is available to all users. To define an alias...
  • Page 29: Manage Security Keys And Certificates

    Manage security keys and certificates Each Director unit is shipped with two unique RSA keys, one for SSH communications with the CLI, and the other for Web access with Web Manager. For Web access, there is also a unique self-signed identity certificate linked to the RSA key and other information.
  • Page 30: Use The Cli Command History Buffer

    FTP parameters for the file transfer, and the filename of the identity certificate. The certificate is installed in Director. If the identity certificate does not correspond to the Web RSA key in Director, an error message is generated and the certificate is not installed.
  • Page 31: Connect Span Ports To Director

    Director Connect Span Ports to Director To connect Director to the network using Span ports, be sure that at least one of your DNMs is a Span model. Use ports in that DNM to connect to the network. Span port numbering is shown in the following diagram. It is the same for Span DNMs and in-line DNMs.
  • Page 32: Connect Director With In-Line Network Links

    Connect Director With In-line Network Links To connect Director to the network using an in-line installation, be sure that at least one of your DNMs is an in-line model. Tap port-pairs for each link are located side by side, with three links across the top row and three links across the bottom row.
  • Page 33: Connect Monitoring Tools To Director

    Configure a Matrix Switch connection in Director In order to monitor a network link, Director must be configured to copy the traffic from a Network port to a Monitor port. A simple connection is described in this section, operating Director as a Matrix Switch. For more complex switching and filtering, see Chapter 3.
  • Page 34: Check The Installation

    Director Check the Installation You have connected Director to the network, monitoring tools, and power. It should now be functioning correctly. Check the status of the following: • Check that at least one power LED is illuminated. • Check the link status LEDs located on the front panel to verify that the links are connected.
  • Page 35: Configuring Filters Using The Cli

    For a complete listing of filter commands in the CLI, see Appendix B. Syntax In the CLI, Director ports are specified by alpha-numeric names as follows: • n1.1, n1.2, n1.3 .. n1.12 – Network ports in the first DNM (the slot on the left); for in-line DNM models, port n1.1, n1.2 are an in-line link pair;...
  • Page 36: Copy Traffic From Any Network Port To Any Monitor Port

    Copy Traffic From Any Network Port to Any Monitor Port Director can be used like a Matrix Switch to direct traffic from any Network port to any Monitor port. To create a simple switch connection, use a filter add command without specifying any filter parameters. (Simple switches are still referred to as filters, even if they don't perform any filtering action.)
  • Page 37: Regenerate Traffic To Any Set Of Monitor Ports

    Regenerate Traffic to Any Set of Monitor Ports Director can be used like a Regeneration Tap, copying traffic from a Network port (or aggregated group of Network ports) to multiple Monitor ports. The filter add command is used to do this. The only difference from using the command to connect a single or multiple Network ports to a single Monitor port is that a list of Monitor ports is specified.
  • Page 38: Create Filters

    Director Note: __________________________________________________________________________________________________ In a multi-unit system, traffic an only be regenerated to monitor ports within the same unit. For example: Net Optics> filter add in_ports=u5.n1.1 action=redir redir_ports=u3.m.1,u3.m.7 # legal Net Optics> filter add in_ports=u5.n1.1 action=redir redir_ports=u3.m.1,u1.m.1 # illegal! redir_ports must be within the same unit ________________________________________________________________________________________________________ Create Filters Filters process a traffic stream by selecting packets based on criteria in the packet header. A filter is defined using a filter add command, which also specifies the Network ports and Monitor ports the filters apply to.
  • Page 39: Create Complex Filters

    Director Monitor Port 6 Protocol = Network Port 3 Monitor Port 8 lter add in_ports=n1.3 ip_protocol=6 action=redir redir_ports=m.6,m.8 Figure 25: Simple IPv4 protocol filter (with regeneration) Available filter parameters are listed in Appendix B and include: • ip_protocol IP protocol •...
  • Page 40: View Filters

    Figure 27: Logical OR filter connection View filters To view a list of all pending filters, enter filter list. To view the active filters, enter filter running. Net Optics> filter list Filter #1 in_ports=n1.05 mac_src=00:00:00:00:00:00/00:00:00:00:00:00 mac_dst=00:00:00:00:00:00/00:00:00:00:00:00 ip4_src=0.0.0.0/255.255.255.255,ip4_dst=0.0.0.0/255.255.255.255...
  • Page 41: Work With Configurable 10 Gigabit Ports

    Director Tip! ___________________________________________________________________________________________________ The ID number (Filter #) shown above each filter in the filter list is the ID that applies for filter del id=<id> and filter ins id=<id> commands, because all three commands act on the pending filter list. Do not use the IDs in a filter running list as the reference for filter del or filter ins commands.
  • Page 42 Director 3. Enter filter commit. The filters are activated. Network Port 1 Network Port 2 XFP Port 1.1 Network Port 3 Network Port 4 Network Port 11 XFP Port 1.2 lter add in_ports=n1.1-n1.4 action=redir redir_ports=t1.1 lter add in_ports=n1.11 action=redir redir_ports=t1.2 Figure 30: Configurable 10 Gigabit XFP ports used as Monitor ports (with aggregation) To use one XFP port as a Span port and the other XFP port as a Monitor port: 1.
  • Page 43: Create User-Defined Filters (Udfs)

    Director Create user-defined filters (UDFs) You can search for an arbitrary pattern in the first 128 bytes of the packet by defining a user-defined filter or UDF. The system set command is used to define the offset and pattern length for the UDF. Then udf_value and udf_mask are set in a filter add or filter ins command just like any other filter qualifier (except that no additional filter qualifiers can be used in the same filter with a UDF).
  • Page 44: Understand Filter Interactions

    Understand filter interactions It is important to understand that Director uses Content Addressable Memory (CAM) technology to implement filters. As each filter is defined, it is stored in the next available entry in the CAM. Each packet header is compared in the CAM, and the CAM returns the index of the first filter that the packet header matched.
  • Page 45 Director Address Filter match Source IP = Network Port 5 Monitor Port 1 n1.5 ip4_src=192.186.10.0 m.1 192.186.10.0 n1.5 ip_protocol=TCP m.2 no match Protocol = Monitor Port 2 lter add in_ports=n1.5 ip4_src=192.186.10.0 action=redir redir_ports=m.1 lter add in_ports=n1.5 ip_protocol=6 action=redir redir_ports=m.2 Figure 34: Correct flow diagram for two interacting filters...
  • Page 46 Director Note: __________________________________________________________________________________________________ Instead of filter add, you can use a filter ins command to define filters. The only difference is that filter ins allows you to specify the filter's ID, which is its position in the pending filter list. (Use filter list so see the IDs of all pending filters.) When you use a filter ins command, include an argument id=<id>...
  • Page 47: Understand Pending And Active Filters

    CAM, activating that filter set-up. (Remember that commit also changes Director's running configuration file—the file that is loaded when the system is reset—but filter commit does not.)
  • Page 48 Director 1. Enter filter running to view the currently active filters in the CAM. Net Optics> filter running Filter #1 in_ports=n1.01 mac_src=00:00:00:00:00:00/00:00:00:00:00:00 mac_dst=00:00:00:00:00:00/00:00:00:00:00:00 ip4_src=0.0.0.0/255.255.255.255,ip4_dst=0.0.0.0/255.255.255.255 ip_protocol=0017 l4_src_port=0000/0000,l4_dst_port=0000/0000,vlan=0000/0000,action=drop Filter #2 in_ports=n1.01 mac_src=00:00:00:00:00:00/00:00:00:00:00:00 mac_dst=00:00:00:00:00:00/00:00:00:00:00:00 ip4_src=0.0.0.0/255.255.255.255,ip4_dst=0.0.0.0/255.255.255.255 ip_protocol=0000 l4_src_port=0000/0000,l4_dst_port=0000/0000,vlan=0000/0000,action=redir redir_ports=m.01 IPv4 filter resource utilization: Net Optics> Figure 38: Filter running command 2.
  • Page 49 Director 4. Enter filter list to view the pending filter list. Net Optics> filter list Filter #1 in_ports=n1.01 mac_src=00:00:00:00:00:00/00:00:00:00:00:00 mac_dst=00:00:00:00:00:00/00:00:00:00:00:00 ip4_src=0.0.0.0/255.255.255.255,ip4_dst=0.0.0.0/255.255.255.255 ip_protocol=0006 l4_src_port=0000/0000,l4_dst_port=0000/0000,vlan=0000/0000,action=drop Filter #2 in_ports=n1.01 mac_src=00:00:00:00:00:00/00:00:00:00:00:00 mac_dst=00:00:00:00:00:00/00:00:00:00:00:00 ip4_src=0.0.0.0/255.255.255.255,ip4_dst=0.0.0.0/255.255.255.255 ip_protocol=0000 l4_src_port=0000/0000,l4_dst_port=0000/0000,vlan=0000/0000,action=redir redir_ports=m.01 Filter #3 in_ports=n1.02 mac_src=00:00:00:00:00:00/00:00:00:00:00:00 mac_dst=00:00:00:00:00:00/00:00:00:00:00:00 ip4_src=0.0.0.0/255.255.255.255,ip4_dst=0.0.0.0/255.255.255.255 ip_protocol=0000 l4_src_port=0000/0000,l4_dst_port=0000/0000,vlan=0000/0000,action=redir redir_ports=m.02 IPv4 filter resource utilization: Net Optics>...
  • Page 50 User interactions When multiple users are logged into Director at the same time, each user has a separate pending filter list in which to create filter configurations. However, there is only one CAM, so any time a user executes a commit or filter commit command, the CAM takes on the filter configuration from that user's pending filter list, and those become the active filters on Director.
  • Page 51: Filter Capacity

    Director Filter capacity The capacity of Director's filtering function is roughly 1,000 filter elements per chassis, where a filter element is a port list or a filter parameter. For example, filter add in_ports=n1.1-n1.7 ip_protocol=6 vlan=100 action=redir redir_ports=m.1-m.5,m.10 has four filter elements: 1. in_ports=n1.1-n1.7 2. ip_protocol=6 3.
  • Page 52: Configuring And Operating Multi-Unit Systems

    Plan the configuration of a multi-unit system A multi-unit Director system consists of from two to ten Director units connected in a daisy-chain fashion using the two 10 Gigabit ports on the rear of the chassis. Plan the precise configuration of your daisy-chain before you begin setting up the system.
  • Page 53: Upgrade Director Software To Support Multi-Unit Operation

    2.0.0 will display as dir_020000_mmddyy where mmddyy is the compile date.) If you need to change the software on any Director unit, you must connect to the unit individually and use the upgrade CLI command. The syntax of the command is: upgrade srvip=<srvip> user=<username> pw=<passwd> file=<filename>...
  • Page 54: Create Filters In A Multi-Unit System

    Filters can now be configured spanning units, in other words, using network and monitor ports on different units together in the same filter. Director automatically allocates filter resources from the necessary pools in the various units to implement the specified filters.
  • Page 55: Check Filter Resource Utilization

    Director However, filter outputs cannot be regenerated across multiple units. For example, the following filter will NOT work: filter add in_ports=u1.n1.1 action=redir redir_ports=u1.m.1,u2.m.1 # illegal! redir_ports must be within the same unit Filters can be regenerated across multiple monitor ports within a single unit. For example, the following filter is legal: filter add in_ports=u1.n1.1 action=redir redir_ports=u2.m.1,u2.m.2...
  • Page 56: Remove A Unit From A Multi-Unit System

    To remove a unit from an existing multi-unit system: 1. Enter filter running to generate a listing of the filters currently running in Director. Print this list out or copy-and- paste it to a file for later use. 2. Enter load factory followed by commit to restore all units to their factory settings. All units are restored to stand-alone operating mode.
  • Page 57: Swap Out A Unit

    Recover from a power failure Director is equipped with two independent power supplies so that power failure is unlikely if the supplies are connected to independent power sources. Nevertheless, power failures are always a possibility. If power fails to all of the units in a multi-unit system, the system automatically recovers its configuration when power is restored, and operation continues as before the failure.
  • Page 58: Aaa, Snmp, And Web Services

    Configure RADIUS and TACACS+ servers Director can be configured to obtain AAA services from 0 to 3 RADIUS servers and 0 to 3 TACACS+ servers, in addition to its local (internal) user account list. When a user attempts to log into the system, Director always checks its local accounts first.
  • Page 59 Figure 47: Privilege level mapping with lower numbers as View level If the AAA server does not return an authorization privilege level, the Director privilege level defaults to view. You can change the default privilege level on a per server basis with the priv_default argument, setting it to 1 for admin, 2 for user, and 3 for view.
  • Page 60 Director To disable an AAA server while leaving its configuration in the system: 1. Enter server show. Note the ID of the server you wish to disable. 2. Enter server mod id=<id> type=<rad|tac> admin=disable replacing <id> with the ID you noted in Step 1. Disabling of the server is made pending.
  • Page 61: Configure The Snmp Agent

    Configure the SNMP agent Director hosts an SNMP agent (server) that services queries for the Director MIB. The address of the SNMP agent for MIB queries is the Director system IP address managed with the sysip command. (See Assign a New Director IP Address, Netmask, and Gateway IP Address on page 20.)
  • Page 62: Enable And Disable Web Services

    2. Enter snmp commit. No SNMP traps will be generated. Enable and disable Web services Director hosts a Web server that runs the Web Manager device management tool (see next chapter). Access to Web Manager can be granted or forbidden by enabling or disabling the Web Server.
  • Page 63: Chapter 6 Web Manager

    This chapter applies to the beta version of Web Manager in software release 1.1.0 (named dir_010100_mmddyy, where mmddyy is the compile date) and 2.1.0. This version of Web Manager supports stand-alone Director units only; it does not support multi-unit operation.
  • Page 64: Access Web Manager

    Access Web Manager Web Manager can be accessed from any Web browser that has a path to the Director management port. The Director unit must have been assigned a management IP address using the procedure described in the section Assign a New Director IP Address, Netmask, and Gateway IP Address on page 20.
  • Page 65: View System Status

    Figure 50: Web Manager Status page At the upper right of the page, just below the Net Optics Web Manager banner, your user name is displayed along with a logout link. Click logout to log out of Web Manager and return to the login page. The user name and logout link appear on most of the Web Manager pages.
  • Page 66 Director Status Field Description System Status Green indicates good overall Director system status (always good if Web Manager is functioning) Serial Number Serial number of this unit Monitor Link Status The circles represent the link LEDs of the 10 monitor ports, shown in the same order as they are physically present in the chassis;...
  • Page 67: View Port Rmon Statistics

    Director View Port RMON Statistics Click the Statistics tab to view the port statistics page. Figure 51: Web Manager Statistics page The remote monitoring (RMON) statistics are presented in four tables, one for each of the DNMs, one for the 10 Giga- bit ports, and one for the monitor ports.
  • Page 68 Director RMON Statistic Description Utilization The percentage of the port's bandwidth that is currently being used Throughput The current volume of traffic through the port (the port bandwidth multiplied by the utilization) Packets Number of packets that have passed through the port...
  • Page 69: Configure Director

    Director Configure Director Click the Configure tab to view and change Director's configuration. Figure 52: Web Manager Configuration page...
  • Page 70 The Configuration page displays the current settings of the system parameters. To change any of the settings, click in the field and type in the new value. Then click Submit Changes to send the changes to Director. You can change multiple fields prior to clicking Submit Changes.
  • Page 71 The Port Parameters page displays the current settings of the port parameters. To change any of the settings, choose from the selections on the menus. Then click Submit Changes to send the changes to Director. Three Submit Changes buttons are available for your convenience; they all do the same thing, which is to submit your configuration changes for all of the ports.
  • Page 72 Director stores two images of its software, an Active image and Alternate image. The Active image is the image that is currently executing in Director; its version level can be seen at the top of the page. You can use the Alternate image to store the previous stable version of the software so you can roll back to it quickly if you need to.
  • Page 73 Figure 55: Web Manager User Accounts page The User Accounts page displays the User names and Privilege levels of all of the user accounts on Director. The accounts provide access the CLI, Web Manager, and System Manager. The current user's name is marked with an asterisk (*).
  • Page 74 ________________________________________________________________________________________________________ To see a list of the configuration files currently stored on Director, pull down the Select file menu. To load, display the contents of, or delete a configuration file, select the file from the menu and then click the appropriate button. Load restores the saved filters to the pending filters list;...
  • Page 75: Create Filters

    Director Create Filters Click the IPv4 Filters tab to view and configure IPv4 filters on Director. Click the IPv6 Filters tab to do the same thing for IPv6 filters. Figure 58: Web Manager IPv4 Filters page The top section of the page is labelled Active IPv4 Filters. It displays the set of filters that are currently operating in the...
  • Page 76 The bottom section of the page is labelled Pending IPv4 Filters. This is your work area for creating and modifying filters. Once you have the filter set you desire here, you can then download it to Director where it becomes the new Active IPv4 Filers.
  • Page 77 Creating and modifying filters Director may have dozens of filters operating at any given time. You may often want to add some filters or modify a filter, but not change the rest of the filters in the system. If this is the case, then the first thing to do is get a copy of the active filters into your working area, the pending filter table.
  • Page 78 Director The Filter Wizard page has separate tabs for working with IPv4 filters and IPv6 filters. Be sure to click the tab for the type of filter you wish to create. Fill in the form to specify the filter you want, and then click the Add or Insert button at the bottom of the page to create the filter and place it into the pending filter list.
  • Page 79 You can move filters up and down in the filter list by clicking the up-arrow and down-arrow buttons at the far right edge of the pending filter table. After using these tools to get the pending filter list into exactly the state you want for Director, it is time to make the filters active by downloading them to Director.
  • Page 80 At the bottom of the Filters pages, below the Filter Wizard button, is the Commit button for activating your pending filters. Commit causes the pending filter list to be downloaded to Director, replacing the entire Active Filter set. The Active Filter list and the Pending Filter list are identical after Commit completes. Commit also copies the new filter set into Director's default configuration file, so the filters will be restored when Director is restarted.
  • Page 81: Director Specifications

    Internal disk drive: 2.5-inch, SATA, 30 Gigabyte, 5400 RPM Authentication and Authorization RADIUS and TACACS+ supported (3 servers each) Software Net Optics Web Manager—compatible with all major Web browsers Net Optics System Manager—compatible with Windows XP, Windows 2000, and Windows 98 SNMPv1, v2, and v3 support...
  • Page 82: Available Models

    DIR-5400DC Director Main Chassis with 10 SFP monitor ports, 2 XFP uplink ports, -48VDC DIR-7400 Director Main Chassis with 10 SFP monitor ports, 2 XFP 10GbE ports, 2 XFP uplink ports DIR-7400DC Director Main Chassis with 10 SFP monitor ports, 2 XFP 10GbE ports, 2 XFP uplink ports, -48VDC DNMs DNM-100...
  • Page 83: Appendix B Command Line Interface

    Director Appendix B Command Line Interface Tip! ___________________________________________________________________________________________________ The command line interface (CLI) is case-sensitive; commands must be entered in lower case. However, certain items such as user-defined text strings, user names, and passwords may be entered in upper, lower, or mixed case, and are case-sensitive also.
  • Page 84: Director Cli Quick Reference

    Arguments Example <number> Net Optics> !3 alias name=<alias_name> Net Optics> alias del alias=MyHome | all name=<alias_name> Net Optics> alias set alias=MyHome text=10.60.4.5 text=<text> desc=“IP address of my server” [desc=<description>] show Net Optics> alias show commit Net Optics> commit date [<date>] Net Optics>...
  • Page 85 Net Optics> module show passwd Net Optics> passwd ping <address> Net Optics> ping 10.1.1.4 port [uid=<uid>] Net Optics> port set ports=n1.1-n1.3 autoneg=on ports=<portlist> [admin=<enable|disable>] Note: Do not include UID in port numbers; use the [autoneg=<on|off>] uid=<uid> argument instead. [duplex=<full|half>] [speed=<10|100|1000>] show [uid=<uid>]...
  • Page 86 Director Command Sub-Command Arguments Example server type=<rad|tac|snmp> Net Optics> server add type=rad admin=enable [id=<id>] srvip=120.30.10.1 pw=rad_password priv_map=v,5,9 [admin=enable|disable] [srvip=<address|domain>] [port=<number>] pw=<password> [timeout=<1..10>] [retries=<1..10>] [priv_map= <a|v,lower,upper>] [priv_default=<1|2|3>] commit Net Optics> server commit type=<rad|tac|snmp> Net Optics> server del type=tac id=1 [id=<id>] type=<rad|tac|snmp|web>...
  • Page 87 Net Optics> upgrade srvip=168.192.20.2 user=bob user=<username> pw=bobpw file=image021108 pw=<password> file=<filename> user name=<username> Net Optics> user add name=bob pw=bob-pw priv=3 pw=<password> priv=<level> name=<username> Net Optics> user del name=bill name=<username> Net Optics> user mod name=bill pw=billpw priv=2 pw=<password> priv=<level> show...
  • Page 88: Filter Qualifiers

    It also allows you to double-check your filter definitions before you activate them. The commit command also rewrites the running Director configuration file (the configuration file that is loaded when the system is reset), while filter commit does not.
  • Page 89 Director <qual> <value> Example Description ip6_dst_mask xxxx:xxxx:xxxx:xxxx: ip6_dst_mask= Mask for IPv6 destination xxxx:xxxx:xxxx:xxxx ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffc0 address l4_src_port 0 to 65535 l4_src_port=80 Layer 4 source port l4_src_port_mask 0 to 65535 l4_src_port_mask=65535 Mask for Layer 4 source port l4_dst_port 0 to 65535 l4_dst_port=80...
  • Page 90: Appendix C Protocol Numbers

    Director Appendix C Protocol Numbers The official Assigned Internet Protocol Numbers list is maintained by the Internet Assigned Numbers Authority and can be found at http://www.iana.org/assignments/protocol-numbers. The list as of April 18, 2008 is reproduced in the following table (without references).
  • Page 91 Director Keyword Protocol Keyword Protocol MOBILE IP Mobility NSFNET- NSFNET-IGP TLSP Transport Layer Security Protocol using Kryptonet key Dissimilar Gateway Protocol management SKIP SKIP EIGRP EIGRP IPv6- ICMP for IPv6 OSPFIGP OSPFIGP ICMP Sprite- Sprite RPC Protocol IPv6- No Next Header for IPv6...
  • Page 92 Director Keyword Protocol Keyword Protocol L2TP Layer Two Tunneling Protocol RSVP- E2E- D-II Data Exchange (DDX) IGNORE IATP Interactive Agent Transfer Mobility Protocol Header Schedule Transfer Protocol UDPLite SpectraLink Radio Protocol MPLS- in-IP Simple Message Protocol manet MANET Protocols Host Identity Protocol...
  • Page 93: Limitations On Warranty And Liability

    Net Optics, Inc. warrants this Tap to be in good working order for a period of ONE YEAR from the date of purchase from Net Optics or an authorized Net Optics reseller.
  • Page 94 © 2008-2009 by Net Optics, Inc. All Rights Reserved.

Table of Contents