Network Instruments Matrix User Manual

Download

Matrix™

User Guide

Matrix Switch



Trademark Notices

©2014 Network Instruments,® LLC. All rights reserved. Network Instruments, Observer®, Gen2™, Link Analyst, and Observer Infrastructure and all associated logos are trademarks or registered trademarks of Network Instruments, LLC.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Neither the name of the University of Cambridge nor the name of Google Inc. nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.



Limited Warranty—Hardware

Network Instruments, LLC. (Network Instruments) warrants this hardware product against defects in materials and workmanship for a period of 90 days (1 year for nTAPs) from the date of shipment of the product from Network Instruments, LLC. Warranty is for depot service at Network Instruments corporate headquarters in Minneapolis, MN or London, England. Warranties and licenses may give you more coverage in certain local jurisdictions; Network Instruments also offers extended warranties as part of its maintenance agreement program.

If a defect exists during the initial warranty period or prior to expiration of a pre-paid maintenance program, at its option Network Instruments will (1) repair the product at no charge, using new or refurbished replacement parts, or (2) exchange the product with a product that is new or which has been manufactured from new or serviceable used parts and is at least functionally equivalent to the original product. A replacement product assumes the remaining warranty of the original product or 60 days, whichever provides longer coverage for you. When a product or part is exchanged, any replacement item becomes your property and the replaced item becomes Network Instruments' property.

The information in this manual is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Network Instruments, LLC. Network Instruments, LLC assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual. Network Instruments, LLC does not warrant that the hardware will meet your requirements or that the operation of the hardware will be uninterrupted or that the hardware will be error-free.

Network Instruments, LLC SPECIFICALLY DISCLAIMS ALL OTHER WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL Network Instruments, LLC BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGE, INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL, CONSEQUE1NTIAL, OR OTHER DAMAGES.

Network Instruments, LLC makes no other warranty, expressed or implied.



Limited Warranty—Software

Network Instruments, LLC (DEVELOPER) warrants that for a period of sixty (60) days from the date of shipment from DEVELOPER: (i) the media on which the SOFTWARE is furnished will be free of defects in materials and workmanship under normal use; and (ii) the SOFTWARE substantially conforms to its published specifications. Except for the foregoing, the SOFTWARE is provided AS IS. This limited warranty extends only to END-USER as the original licensee. END-USER's exclusive remedy and the entire liability of DEVELOPER and its suppliers under this limited warranty will be, at DEVELOPER or its service center's option, repair, replacement, or refund of the SOFTWARE if reported (or, upon request, returned) to the party supplying the SOFTWARE to END-USER. DEVELOPER does not warrant that the software will meet END-USER requirements, and in no event does DEVELOPER warrant that the SOFTWARE is error free or that END-USER will be able to operate the SOFTWARE without problems or interruptions.

Should DEVELOPER release a newer version of the SOFTWARE within 60 days of shipment of the product, DEVELOPER will update the copy of the SOFTWARE upon request, provided request is made by the licensed END-USER within the 60 day period of shipment of the new version. This update may consist of a CD or a manual or both at the discretion of DEVELOPER. END-USER may be charged a shipping fee for updates.

ii | Matrix™ (pub. 25.Apr.2014)

The information in the SOFTWARE manuals is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by DEVELOPER. DEVELOPER assumes no responsibility or liability for any errors or inaccuracies that may appear in any SOFTWARE manual.

This warranty does not apply if the software (a) has been altered, except by DEVELOPER, (b) has not been installed, operated, repaired, or maintained in accordance with instructions supplied by DEVELOPER, (c) has been subjected to abnormal physical or electrical stress, misuse, negligence, or accident, or (d) is used in ultrahazardous activities.

DISCLAIMER. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.

The above warranty DOES NOT apply to any beta software, any software made available for testing or demonstration purposes, any temporary software modules or any software for which DEVELOPER does not receive a license fee. All such software products are provided AS IS without any warranty whatsoever. This License is effective until terminated. END-USER may terminate this License at any time by destroying all copies of SOFTWARE including any documentation. This License will terminate immediately without notice from DEVELOPER if END-USER fails to comply with any provision of this License. Upon termination, END-USER must destroy all copies of SOFTWARE. DEVELOPER makes no other warranty, express or implied.



Liability

IN NO EVENT WILL DEVELOPER OR ITS SUPPLIERS BE LIABLE FOR ANY LOST REVENUE, PROFIT, OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE EVEN IF DEVELOPER OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

DEVELOPER SHALL NOT BE LIABLE FOR MATERIAL, EQUIPMENT, DATA, OR TIME LOSS CAUSED DIRECTLY OR INDIRECTLY BY PROPER OR IMPROPER USE OF THE SOFTWARE. IN CASES OF LOSS, DESTRUCTION, OR CORRUPTION OF DATA, DEVELOPER SHALL NOT BE LIABLE. DEVELOPER DOES NOT TAKE ANY OTHER RESPONSIBILITY.

In no event shall DEVELOPER's or its suppliers' liability to END-USER, whether in contract, tort (including negligence), or otherwise, exceed the price paid by END-USER. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose.

DEVELOPER SPECIFICALLY DISCLAIMS ALL OTHER WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL DEVELOPER BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGE, INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES.

DEVELOPER’S liability to the END-USER under this agreement shall be limited to the amount actually paid to DEVELOPER by END-USER for the SOFTWARE giving rise to the liability.



Ownership and Confidentiality

END-USER agrees that Network Instruments, LLC owns all relevant copyrights, trade secrets and all intellectual property related to the SOFTWARE.



Technical Support

US & countries outside Europe (800) 526-7919 | (952) 358-3800 support@networkinstruments.com

UK and Europe +44 (0) 1959 569880 support@networkinstruments.co.uk

Support hours are 9:00 am to 5:00 pm (local time for each office). Network Instruments provides technical support during the warranty term for our products. Extended Warranty and Maintenance programs

include Technical Support services and are available for all commissioned products.

For current information and complete manuals, go to www.networkinstruments.com/support/.

Suggestions are welcomed. Many of the improvements made to our products have originated as end user suggestions. Please submit detailed suggestions in writing to: support@networkinstruments.com or by fax at: (952) 358-3801. Please submit any corrections to or criticism of Network Instruments’ publications to: pubs@networkinstruments.com or by fax at (952) 358-3801.



| iii

Table of Contents

Chapter 1: Getting Started............................................................................................................................................. 6

Matrix technical specifications.........................................................................................................................................................................7

Supported QSFP/SFP/SFP+ media types............................................................................................................................................... 9

How to connect Matrix to your network.....................................................................................................................................................9

How to set IPv4 network settings................................................................................................................................................................10

How to set IPv6 network settings................................................................................................................................................................10

How to set the system time and date....................................................................................................................................................... 11

Chapter 2: Layouts........................................................................................................................................................ 13

Understanding layouts..................................................................................................................................................................................... 13

How to edit a layout................................................................................................................................................................................... 13

How to create an additional layout.......................................................................................................................................................14

How to activate a different layout......................................................................................................................................................... 15

How to import a layout................................................................................................................................................................................... 15

How to export a layout....................................................................................................................................................................................15

Chapter 3: Ports............................................................................................................................................................. 17

How to connect ingress and egress ports................................................................................................................................................17

How to connect a network port to a tool port.................................................................................................................................17

How to connect many ports to the same rule..................................................................................................................................17

How to define a tool port............................................................................................................................................................................... 18

How to define a network port...................................................................................................................................................................... 19

How to set port link speeds...........................................................................................................................................................................19

Chapter 4: Rules.............................................................................................................................................................20

Understanding rules..........................................................................................................................................................................................20

How to create a rule....................................................................................................................................................................................20

How to edit a rule........................................................................................................................................................................................ 21

How to apply a rule in an inactive layout...........................................................................................................................................21

How to apply a rule in the active layout.............................................................................................................................................22

Chapter 5: Filters........................................................................................................................................................... 23

How to create a filter........................................................................................................................................................................................ 23

How to bind a filter to a rule.........................................................................................................................................................................23

How to edit a filter.............................................................................................................................................................................................24

Understanding filters and filtering.............................................................................................................................................................. 24

Chapter 6: Users and Groups....................................................................................................................................... 26

How to set a user authentication scheme................................................................................................................................................26

How to authenticate locally..................................................................................................................................................................... 27

How to authenticate using LDAP...........................................................................................................................................................27

How to authenticate using Active Directory..................................................................................................................................... 28

How to authenticate using NIMS........................................................................................................................................................... 28

How to authenticate using RADIUS...................................................................................................................................................... 28

How to authenticate using TACACS+...................................................................................................................................................28

How to change the administrator password...........................................................................................................................................29

How to add users............................................................................................................................................................................................... 29

How to edit a user............................................................................................................................................................................................. 29

How to import users......................................................................................................................................................................................... 30

iv | Table of Contents (pub. 25.Apr.2014)

How to delete a user........................................................................................................................................................................................ 30

How to add a user group................................................................................................................................................................................30

How to edit a user group................................................................................................................................................................................31

How to delete a user group...........................................................................................................................................................................31

Chapter 7: Replication...................................................................................................................................................32

How to replicate network traffic.................................................................................................................................................................. 32

Understanding network traffic replication............................................................................................................................................... 33

Chapter 8: Aggregation and Speed Conversion.........................................................................................................34

How to aggregate network links..................................................................................................................................................................34

Understanding network link aggregation................................................................................................................................................ 35

How to perform speed conversion............................................................................................................................................................. 35

Understanding speed conversion................................................................................................................................................................36

Chapter 9: Load Balancing............................................................................................................................................37

How to load balance.........................................................................................................................................................................................37

How to load balance by conversation................................................................................................................................................. 37

How to load balance by packet volume............................................................................................................................................. 38

Understanding the load balancing process.............................................................................................................................................39

Chapter 10: Packet Deduplication............................................................................................................................... 40

How to deduplicate packets.......................................................................................................................................................................... 40

How to direct the Matrix to identify duplicate packets.................................................................................................................40

How to enable packet deduplication in a rule................................................................................................................................. 41

Understanding packet deduplication................................................................................................................................................... 41

What is deduplication and why do I need it?..............................................................................................................................41

Scenario 1: Receiving network traffic from multiple routers................................................................................................. 42

Scenario 2: Receiving network traffic from multiple VLANs...................................................................................................42

Chapter 11: Packet Trimming.......................................................................................................................................43

How to trim packets..........................................................................................................................................................................................43

Chapter 12: Firmware....................................................................................................................................................45

How to upgrade the firmware...................................................................................................................................................................... 45

Chapter 13: Licensing....................................................................................................................................................46

Understanding the licensing process......................................................................................................................................................... 46

How to request a new license.................................................................................................................................................................46

How to relicense the device.....................................................................................................................................................................47

Index............................................................................................................................................................................... 48

| v

Chapter 1: Getting Started

The Matrix is a network management switch that can filter, de-duplicate, trim and time stamp inbound traffic and replicate, aggregate, or load-balance outbound traffic before sending it to your network and security monitoring tools.



Figure 1: Matrix in your network



6 | Matrix™ (pub. 25.Apr.2014)

The Matrix can perform multiple operations on inbound data before it is transmitted out tool ports:

Filter traffic of interest to specific analysis devices: filters are created using open source BPF Unixbased language and/or an intuitive GUI interface. Filter traffic by variables, including clients or servers, applications, packet length, or ports, and incorporate Boolean logic.

De-duplication: eliminate redundant packets to streamline monitoring efficiency and reduce the amount of redundant data sent, analyzed, and stored. Configurable de-duplication definitions gives you options (for example: ignore MAC address pair, TTL, and more) to create de-duplication rules for your environment.

Packet trimming: discarding portions of the packet, such as payload data, for improved storage of data or to mitigate possible security/legal/privacy concerns related to sensitive payload data retention.

Flexible packet time stamping: use a variety of sources, including GPS time synchronization, IEEE 1588 Precision Time Protocol (PTP), or Network Time Protocol (NTP).

Outbound data can also be flexibly directed using:

Replication (one-to-many): Copying a single inbound stream to multiple tool ports, great for transmitting identical data to distinct monitoring appliances

Aggregation (many-to-one): Combining multiple streams of network traffic into a single outbound stream for more efficient tool analysis

Load balancing (many-to-many): Apply dynamic routing via packet or conversation to logically distribute network traffic to multiple tool ports; extending the life of legacy monitoring devices and ensuring traffic spikes do not result in oversubscription and/or dropped packets

These capabilities are managed using a drag-and-drop GUI that accelerates the Matrix configuration process by placing all traffic manipulation in a single rule block rather than scattering it across inbound and outbound ports. It also facilitates the display of network-tool interconnects and corresponding traffic operations that makes even the largest, most complex monitoring infrastructure straightforward to visualize and update. These rules are all managed in a central library for use by the entire monitoring team and can be imported or exported.

Matrix provides three user or product interfaces:

HTML5 web UI

Command line interface (CLI)

RESTful API: Designed into the product from its inception, the Matrix RESTful API provides third-party



Matrix technical specifications



solutions access to all the configuration and management capabilities found in the web UI and CLI.

A Port Block

Speed

Light that indicates the speed for the port block. If no light is lit for the port block, that port block is unlicensed.

B Port Status Light that shows whether that specific port is active. When it blinks, there is traffic on the

port. The faster the blinking, the faster the traffic. When it is dark, the port is not enabled.

C Port Block Group of four ports that are assigned a speed (for instance, 1 Gb or 10 Gb). All ports in the

port block must be of the same speed; it cannot have mixed speeds. The 10 Gb licenses float, meaning that if you insert a 10 Gb SFP+ into a port, that port block will be 10 Gb. If you license two 10 Gb port blocks, the first two port blocks with 10 Gb SFP+s in them are licensed at 10 Gb. If you insert a 10 Gb SFP+ into a third port block, it remains at 1 Gb and

Matrix technical specifications | 7

there will be a warning in the logs and web interface. If you remove one of the first two 10 Gb SFP+s, the third port block upgrades to 10 Gb. If you require mixed speeds, use 1 Gb in one port block and 10 Gb in a different port block. You can then combine them using rules and filters.

D Power Press and hold for three seconds to turn the device ON or OFF.

To reset to factory defaults, unplug the power cables. Press and hold the Power button. While holding the Power button, insert the power cable. Continue holding until the device beeps twice.

E RESET/PWR/

MGMT

RESET: Reset button. Press to clear the memory and restart the device when the device is not responding. Use instead of turning off or unplugging the device if there is a problem or before restoring to factory defaults.

PWR: Power. When solid green, both power supplies are functioning as expected. When solid orange, one of the power supplies is OFF or not functioning properly. Different from the PWR light on the rear of the device.

MGMT: Ethernet (management) port. When solid green, an Ethernet cable is connected. When unlit, no cable is connected and no changes can be made to the settings through either the web UI or CLI.



F Power

Redundant auto-selecting 100-240 volt power supplies are standard.

supplies

G MUTE Mute button to silence the alarm.

H RST Reset button. Use to clear the memory and restart the device when the device is not

responding. Use instead of turning off or unplugging the device if there is a problem or before restoring to factory defaults.

I PWR/RDY/

ALARM

PWR: Power. Different than the PWR light on the front of the case and useful when troubleshooting web or CLI interface connectivity issues. When solid green, the web and SSH servers are running. When unlit, no power is present for those servers.

RDY: Ready. This light indicates that the web server and SSH server are running so that the web UI and CLI are accessible. This light blinks during a factory reset; otherwise it is solid green.

ALARM: Alarm. When this green light flashes, the device is in an alarmed state (for example, failed power supply). There are no current alarms if the light is dark.

J MGMT Ethernet (management) port. Used when configuring the device, which is done through

the web user interface (HTTPS) or command line interface (SSH). The left light is solid yellow when an Ethernet cable is connected. The right light blinks green with activity.

K GPS Port for attaching an optional Network Instruments GPS timing device.

Dimensions 19 in (W) x 1.73 in (H) x 18 in

48.26 cm (W) x 4.39 cm (H) x 45.72 cm

Weight 17 lbs (7.7 kg) Supported

8 | Matrix™ (pub. 25.Apr.2014)

Power consumption

media

Input voltage: 100V-240V auto select

Input frequency: 50/60Hz

93w (317 Btu/h)

Operating Temperature

32° F (0° C) to 104° F (40° C) Optical/Fiber Multimode or Single-mode

1 Gb (SX or LX)

10 Gb (SR, LR, ZR)

Humidity 35-85% (non-condensing) Copper 100/1000 Ethernet



Supported QSFP/SFP/SFP+ media types

Some products require an SFP module. These are the supported media types.



40 Gb QSFP Transceivers

40GBASE-SR4

10 Gb Ethernet SFP+ Transceivers

10GBASE-SR

10GBASE-LR

10GBASE-ER

1 Gb Ethernet SFP Transceivers

1000BASE-SX

1000BASE-LX



1000BASE-TX

License The device is pre-licensed at the factory. The license enables ports in blocks

of four starting at port 1. It also indicates the number of blocks that are 10 Gbcapable. If you have eight ports licensed, you may only use ports 1-8. Ports 9-24 remain dark and unusable even if you insert an SFP module. If you need more ports or blocks of 10 Gb, you can request a license upgrade.

IP Address 192.168.1.10. Must use HTTPS in a web browser or SSH. HTTP will fail.

Default User/password admin/admin

Self-signed certificate Network Instruments uses a self-signed certificate. When connecting to the

device, your web browser may issue a warning about the site being "untrusted" or that there is a problem with the "security certificate." This is a harmless message that may be ignored. You see that message because the site uses a self-signed certificate. See your web browser's documentation for adding the IP address as a trusted source.



How to connect Matrix to your network

Before you can configure or use the Matrix, you must complete the basic installation by connecting power cables and inserting SFP modules.

1. Insert the two power cables (F).

2. Connect an RJ-45 Ethernet cable to the MGMT port (J).

3. Insert the SFP or SFP+ modules into the ports (C).

Supported QSFP/SFP/SFP+ media types | 9

4. Connect the appropriate network cables to the SFP or SFP+ modules.

5. Press the Power switch (D) on the front of the device.

The PWR and MGMT lights turn green to indicate the device is ready to use.



You successfully connected the device to your network.



Next, change the network settings.



How to set IPv4 network settings

The Matrix must be added to your network like other devices. Use the network settings page to set IPv4 settings for IP address and netmask, gateway, host name, and more.

The Matrix is an active network device (unlike a typical optical TAP for instance). The Matrix has a hardware address and requires an IPv4 address assignment to join your network. However, IPv6 can optionally be enabled and used side-by-side with IPv4—the matrix supports native dual-stack. Address assignments can be manually configured or dynamically assigned using DHCP or DHCPv6.

1. Starting in the dashboard, click System.

2. Click Network.

3. In Hostname, type a host name for the Matrix.

4. (Optional) Use DHCP for address assignments:

a. Select DHCP.

The manual configuration settings become hidden.

b. Click Save.

DHCP is enabled. No further configuration is necessary.

5. In IP Address, type the IP address the Matrix must use.

6. In Netmask, type the full netmask associated with the chosen IP address.

7. In Gateway, type the IP address of the gateway the Matrix must use.

8. In DNS Address 1, type the IP address of a DNS server.

The IPv4 address of at least one DNS server is required. If two servers are declared, the first server is used unless unreachable.

Note: Example: 8.8.8.8

9. (Optional) In DNS Address 2, type the IP address of a DNS server.

10. Click Save.



You successfully added the Matrix to your network with IPv4 settings. The changes take effect immediately.



How to set IPv6 network settings

The Matrix must be added to your network like other devices. Use the network settings page to set IPv6 settings for IP address and prefix, gateway, host name, and more.

10 | Matrix™ (pub. 25.Apr.2014)

and used side-by-side with IPv4—the matrix supports native dual-stack. Address assignments can be manually configured or dynamically assigned using DHCP or DHCPv6.

1. Starting in the dashboard, click System.

2. Click Network.

3. In Hostname, type a host name for the Matrix.

4. In the IPv6 Settings area, select IPv6.

5. (Optional) Use DHCPv6 for address assignments:

a. Select DHCPv6.

The manual configuration settings become hidden.

b. Click Save.

DHCPv6 is enabled. No further configuration is necessary.

6. In IPv6 Address, type the IPv6 address the Matrix must use.

7. In IPv6 Prefix, type the network prefix associated with the chosen IPv6 address.

8. In IPv6 Gateway, type the IPv6 address of the gateway the Matrix must use.

9. In IPv6 DNS Address 1, type the IPv6 address of a DNS server.

The IPv6 address of at least one DNS server is required. If two servers are declared, the first server is used unless unreachable.

Note: Example: 2001:4860:4860::8888

10. (Optional) In IPv6 DNS Address 2, type the IPv6 address of a DNS server.

11. Click Save.



You successfully added the Matrix to your network with IPv6 settings. The changes take effect immediately.



How to set the system time and date

You can set or change how the current date and time is acquired. Doing so ensures log events have correct dates and times and that packet trailer timestamps are accurate.

The Matrix must acquire its time and date from a clock source.

To set which clock source acquires the system time and date:

1. Starting in the dashboard, click System.

2. Click General.

3. In the Clock Source list under System Time Configuration, click a clock source.

Clock source establishes the system time and is used for packet timestamping.



Set now to browser time No configuration is necessary, but any system's time is highly vulnerable to clock drift unless it uses an outside time synchronization source.

IEEE-1588 IEEE-1588 is the Precision Time Protocol (PTP) specification. An IEEE 1588-2008 server with an accurate time source can provide higher resolution and accuracy than NTP. The IEEE 1588-2008 master time server must be accessible on the same network subnet as the monitor port.

GPS Uses an external GPS connected to the GPS port on the rear of the device. Only GPS time synchronization appliances sold by Network Instruments may be used. A GPS time synchronization system can provide the highest resolution and accuracy.

How to set the system time and date | 11

NTP Synchronizing with Network Time Protocol servers or pools can provide a low resolution, accurate time source. If NTP is chosen, one or more NTP servers or pools must be defined.



If you select NTP, you must type an NTP server IP address in Server 1.

4. Click Save.



The clock source is set. Both the system time and date of the Matrix are set by the selected clock source.



12 | Matrix™ (pub. 25.Apr.2014)

Chapter 2: Layouts

Understanding layouts

Operation of your Matrix is configured in an arrangement called a layout. The layout defines port connections, speeds, and the rules in use.

For most users, the default layout is sufficient. In the default layout, they will set their port definitions, how network ports are connected to tool ports, and which rules are used and do little else. However, you may want or need to have additional layouts for prototyping.

Only one layout may be the active layout—with all other layouts being inactive—and because changes made to layouts are effective immediately, carefully consider any changes you make to your active layout.

Layouts are unlikely to change often, because after a layout is set and working, there is little need to change it. However, something in your environment may change that causes you to need to change your layout. Before changing the active layout, you may want to prototype the changes in an inactive layout.

Creating a new layout is the only way you can design new port connections or change port speeds and more without affecting active rules. In essence, a second or third layout can be used as a sandbox to ensure options are configured as you wish before moving the layout into production (in other words, promoted to be the active layout).

How to edit a layout

You can edit any layout without first activating it. This ensures any changes made do not immediately affect operation of the Matrix while you edit the layout.

Note: To edit the active layout (the layout currently in use), perform edits directly from the Ports page. Edits to

the active layout take effect in real time.

To edit an inactive layout:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. In the Layout list, select a layout.

Layouts | 13

3. Click the Actions list.

The Actions list is located near the top-right corner of the layout designer.

4. Click Edit.

5. Make your changes.

6. When you finish, close the Edit Layout browser window.

The layout automatically saves.



You successfully edited a layout without affecting the current operation of the Matrix.



How to create an additional layout

You can create a layout to quickly and radically change how your Matrix operates—similar to a preset. Rules and filters, which network ports are connected to which tool ports, link aggregation, load balancing schemes, traffic isolation, and more, can be simultaneously made active with a single change of a layout.

By default, the Matrix has an non-deletable layout ("layout") named default. This default layout can be the only layout your organization uses and needs—you make changes to it and never use additional layouts. So although it is typically unnecessary to do so, you can create additional layouts.

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. Click the Actions list.

The Actions list is located near the top-right corner of the layout designer.

3. Click Create New.

4. Type a name for the layout, and click OK.

A blank layout is created for editing. This is indicated by the new layout having no tool port assignments.

5. Assign at least one network port as a tool port by doing the following (repeat for more):

Until you assign tool ports for use, no connections can be created between network ports and tool ports. Because you can assign and reassign network ports and tool ports at any time, do not place too much importance on finding the right number of assignments immediately.

a. Double-click a network port.

b. In the Type list, select Tool.

c. (Optional) Type a name for the new tool port.

Giving names to ports can help when designing a layout. When naming a port, consider the purpose of the port or the devices connecting to it.

Note: Port names are bound to the layout they were created in. Other layouts can safely be given different port

names.

d. (Optional) In the Speed list, click a speed setting.

6. When you finish, close the Edit Layout browser window.

The layout automatically saves.



You successfully created an additional layout. The new layout can be customized, just as the default layout can be.



14 | Matrix™ (pub. 25.Apr.2014)

How to activate a different layout

After a layout is created, you can activate it at any time. Activating a layout immediately changes how the Matrix operates.

Tip! Only activate a saved layout if you understand how the layout affects the operation of the Matrix.

Understanding the layout can help ensure traffic is not forwarded to the wrong devices.

To switch which layout is currently active:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. In the Layout list, select a layout.

3. Click the Actions list.

The Actions list is located near the top-right corner of the layout designer.

4. Click Activate.



The selected layout is now active. All connections, rules, filtering, and more, in the layout are now actively in use.



How to import a layout

You can add a layout configuration by importing its file. The layout becomes part of your library.

To import a layout file:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. Click the Actions list.

The Actions list is located near the top-right corner of the layout designer.

3. Click Import.

4. Click Browse.

5. Browse to a previously exported layout file using the dialog box and click Open.

6. Click OK.



You successfully imported the layout. The layout is now part of the Matrix and can be activated, edited, saved, and deleted. The imported file does not need to be kept.



How to export a layout

You can export a layout configuration for archival or backup, sharing, and importing on other Matrix appliances.

To export a layout to a file:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. In the Layout list, select a layout.

3. Click the Actions list.

The Actions list is located near the top-right corner of the layout designer.

How to activate a different layout | 15

4. Click Export.

A download begins in your browser.

5. Save the downloaded layout file to a suitable location.



You successfully exported a layout to a file. The file can be kept for archival, and it can be imported by other appliances.



16 | Matrix™ (pub. 25.Apr.2014)

Chapter 3: Ports

How to connect ingress and egress ports

Connections must be made between (ingress) network ports and (egress) tool ports before rules can take effect.

There are no dedicated ingress and egress ports in the Matrix; all physical ports can assume either one of these roles. You, an administrator, can designate a physical port as either a (ingress) network port or (egress) tool port by using the web interface (dashboard) or command line interface (CLI).

How to connect a network port to a tool port

Connecting one network port to one tool port establishes a network path between the two. Packets entering the network port are forwarded to the tool port and any devices connected to it.

To connect a network port to a tool port:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. Use a drag-and-drop operation to connect a network port to a tool port.

Successful connections are represented by lines between the ports and the appearance of an empty rule. The empty rule is a placeholder for introducing options such as filtering.



You successfully connected a network port to a tool port. In this basic configuration, assuming the empty rule is unmodified, every packet entering the network port is forwarded to the tool port unchanged. And because the connection exists, you can now introduce packet processing in the form of rules—changing both how and what packets are forwarded to the tool port.



How to connect many ports to the same rule

Multiple network ports and tool ports can be connected to the same instance of a rule. For example, doing so determines if aggregation or replication (or both) are used in a layout configuration.

More than just for aggregation and replication of traffic, connecting multiple ports to the same rule creates additional benefits:

Ability to use load balancing

Ability to apply the same filtering across several network links

Ports | 17

Ability to append packet trailers to packets arriving from various network links

Ability to resize ingress packets from multiple network links before forwarding (packet trimming)

Note: To edit the active layout (the layout currently in use), perform edits directly from the Ports page. Edits to

the active layout take effect in real time.

To connect multiple network ports or tool ports to the same rule:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. In the Layout list, select a layout.

3. Click the Actions list.

The Actions list is located near the top-right corner of the layout designer.

4. Click Edit.

5. Use a drag-and-drop operation to connect a network port to a tool port.

Successful connections are represented by lines between the ports and the appearance of an empty rule. The empty rule is a placeholder for introducing options such as filtering.

6. Use a drag-and-drop operation to connect additional network ports or tool ports to the same rule.



Depending on how many network ports or tool ports you connected to the rule, the results are different:

By connecting multiple network ports to the rule, you are aggregating those network links.



By connecting multiple tool ports to the rule, you are replicating traffic (if load balancing is disabled).

How to define a tool port

Tool ports forward post-processed traffic to the devices connected to them. You must define which physical ports are to be used as tool ports.

To define a tool port in a layout:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. Double-click a network port.

Network ports are always located leftmost in a layout.

Options appear for this port.

3. In the Type list, click Tool.

The appliance ports can change modes of operation.



Network Port Ingress port that accepts network traffic

Tool Port Egress port that forwards network traffic to tools and analyzers



4. Click OK.



You successfully defined a tool port. When connections are made between it and network ports, network traffic egresses from the port.



18 | Matrix™ (pub. 25.Apr.2014)

How to define a network port

By default, a new layout is comprised entirely of network ports. After establishing some tool ports, you may want to change those tool ports back to network ports in the future.

Note: These steps require at least one tool port is defined in the layout.

To define a network port in a layout:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. Double-click a tool port.

Tool ports are always located rightmost in a layout.

Options appear for this port.

3. In the Type list, select Network.

The appliance ports can change modes of operation.



Network Port Ingress port that accepts network traffic

Tool Port Egress port that forwards network traffic to tools and analyzers



4. Click OK.



You successfully defined a network port. When connections are made between it and tool ports, network traffic is forwarded to tool ports.



How to set port link speeds

You can set the link speed of ports to better accommodate connected devices. Doing so is particularly useful when a 10 Gb optical SFP+ needs to interface with a 1 Gb optical device, for example.

To set the port link speed of a network or tool port:

1. Starting in the dashboard, click Ports.

2. Right-click a port.

3. In the Set Speed submenu, click a speed setting.

The port is operating at the chosen speed.



The entire four port block now operates at the chosen speed.



How to define a network port | 19

Chapter 4: Rules

Understanding rules

Rules modify how and what packets are forwarded from network ports to tool ports. Rules contain filters and set options like trailers, load balancing, and packet deduplication, but rules only take effect when connected to ports.

A rule is necessary to establish connections between network ports and tool ports. Without a rule to establish the connection, no packets entering network ports can be forwarded to tool ports. This convention applies to all connections between network ports and tool ports regardless of how you design your layouts.

At minimum, a working network path between a network port and tool port can be made by connecting both ports to an "empty" rule. Empty rules establish a connection yet do not change the behavior of what is forwarded to tool ports and what ultimately egresses from them.

How to create a rule

You can create a rule to control how connected network ports and tool ports interact. Use the rule to establish filtering and other options like load balancing, packet deduplication, and more.

Tip! A new, empty rule is created by connecting a network port to a tool port. This is a shortcut for creating new

rules.

To create a rule:

1. Starting in the dashboard, click Rules.

The rules and filters designer appears, where rules and filters can be created and edited.

2. Ensure the Rules tab is selected.

3. Click New.

The rule opens and is ready to edit.

4. Make your changes.

5. Click Save.



You successfully created a rule. Whenever this rule is used to connect network ports to tool ports, the logic is applied.



20 | Matrix™ (pub. 25.Apr.2014)

How to edit a rule

You can edit a rule to change which filter is bound to it or to configure options.

Tip! You can also edit by double-clicking rules in a layout.

To edit a rule:

1. Starting in the dashboard, click Rules.

The rules and filters designer appears, where rules and filters can be created and edited.

2. Ensure the Rules tab is selected.

3. Click a rule from the list.

The rule opens and is ready to edit.

4. Make your changes.

5. Click Save.



You successfully edited a rule and saved the changes. If the rule is in use by the active layout, the changes take effect immediately.



How to apply a rule in an inactive layout

Applying a rule between established connections in an inactive layout causes the rule to take effect whenever the layout becomes active. Doing so changes how and what packets are forwarded to tool ports connected to the rule.

Prerequisite(s): 

These steps require that at least one rule (empty or otherwise) exists in the target layout.



Tip! A new, empty rule is created by connecting a network port to a tool port. This is a shortcut for creating new

rules.

To apply a rule in an inactive layout:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. In the Layout list, select a layout.

3. Click the Actions list.

The Actions list is located near the top-right corner of the layout designer.

4. Click Edit.

5. Right-click a rule.

6. In the Apply Rule submenu, click Select and click a rule.

All of your created rules are in this submenu.

7. When you finish, close the Edit Layout browser window.

The layout automatically saves.



You successfully applied a rule in an inactive layout. When the layout is made active, your rule takes effect.



How to edit a rule | 21

How to apply a rule in the active layout

Applying a rule between established connections in the active layout causes the rule to take effect immediately. Doing so changes how and what packets are forwarded to tool ports connected to the rule.

Prerequisite(s): 

These steps require that at least one rule (empty or otherwise) exists in the target layout.



Tip! A new, empty rule is created by connecting a network port to a tool port. This is a shortcut for creating new

rules.

To apply a rule in an active layout:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. Right-click a rule.

3. In the Apply Rule submenu, click Select and click a rule.

All of your created rules are in this submenu.



You successfully applied a rule in an active layout. Your applied rule takes effect immediately.



22 | Matrix™ (pub. 25.Apr.2014)

Chapter 5: Filters

How to create a filter

You can choose what network traffic reaches your analysis tools. Use filters to ensure that only packets with certain characteristics are forwarded to tool ports.

To create a filter:

1. Starting in the dashboard, click Rules.

The rules and filters designer appears, where rules and filters can be created and edited.

2. Ensure the Filters tab is selected.

3. Click New.

The filter opens and is ready to edit.

4. Make your changes.

5. Click Save.



You successfully created a filter. The filter determines what packets are forwarded (or not forwarded) to tool ports and ultimately the devices connected to them.



For the filter to take effect, you must bind it to a rule and apply the rule in a layout.



How to bind a filter to a rule

Before a filter can take effect, you must bind the filter to a rule. The filter takes effect when the rule is applied in a layout.

Because a rule—not a filter—is what connects network ports to tool ports, binding a filter to a rule is simply the first step. Only after the rule is applied in a layout does the filter begin affecting the data arriving at analysis tools. The same filter can be bound to any number of rules.

To bind a filter to a rule:

1. Starting in the dashboard, click Rules.

The rules and filters designer appears, where rules and filters can be created and edited.

Filters | 23

2. Ensure the Rules tab is selected.

3. Click a rule from the list.

The rule opens and is ready to edit.

4. In the Filter list, click which filter to bind to this rule.

5. Click Save.



The filter is successfully bound to the rule. When your rule is applied in a layout, the filter takes effect.



How to edit a filter

Edits can always be made to filters. Any filter edits you make affect every rule that filter is bound to.

To edit a filter:

1. Starting in the dashboard, click Rules.

The rules and filters designer appears, where rules and filters can be created and edited.

2. Ensure the Filters tab is selected.

3. Select a filter from the list.

The filter opens and is ready to edit.

4. Make your changes.

5. Click Save.



You successfully edited a filter. If the filter is bound to a rule that is connected in the active layout, your filter edits take effect immediately.



Understanding filters and filtering

Filtering ensures that only specific traffic reaches your analysis tools. Filters can also extend the lifespan of analysis tools, isolate specific traffic, and preserve data security and privacy.



Use filters to ensure that only specific traffic reaches your analysis tools. Each analysis tool in the organization has a purpose. They function best when data is provided to suit that purpose. Conceptually, a tool configured to only measure VoIP quality should receive VoIP streams and nothing else. Because any other data is unnecessary,

create a filter (page 23) to ensure only VoIP streams reach the tool.



Filtering can extend the lifespan of tools. The network is expected to grow faster than your monitoring equipment is expected to be upgraded or replaced. Filters can help your organization keep pace with the network by isolating only what is needed, whether that contains certain address ranges, protocols, or other criteria. Plus, filtering narrows the amount of data forwarded, so tools use less resources and generate less heat.



Filters work within rules. Alone, a filter is not functional. A filter performs its functions after the filter is bound to

a rule (page 23) and this rule is used in a layout (page 22). The filter itself can be complex and even reference

other filters.



Filtering can help isolate virtual traffic. Virtual networks within the network can be difficult to monitor. For example, traffic from many virtual local area networks (VLANs) might flow through the same network switch. If a specific VLAN ID contains data your tools need, use a filter to isolate this virtual traffic and forward it to those tools.



Filtering can help prohibit sensitive data from being analyzed or leaked. If sensitive data is traversing the network, you may want to, for example, prohibit the data from traveling to tools at the network edge. Consider this scenario: Digital Imaging and Communications in Medicine (DICOM) is a set of network protocols used to store, retrieve, and query, patient medical images and reports. Furthermore, the electronic security of patient

24 | Matrix™ (pub. 25.Apr.2014)

health information is protected in the United States in part by the HIPAA Security Rule. In this scenario, aid HIPAA compliance by editing a filter (page 24) to exclude DICOM traffic from flowing to certain tools.



Understanding filters and filtering | 25

Chapter 6: Users and Groups

How to set a user authentication scheme

You can leverage your organization's existing authentication service in the Matrix. Set a user authentication scheme to command your Active Directory, LDAP, TACACS+, or other server, to perform authentication duties for the Matrix.

Most organizations use some type of server for user authentication. One of these authentication servers can be used by the Matrix to authenticate its users.

1. Starting in the dashboard, click System.

2. Click Authentication.

3. In the Authentication Scheme list, click an authentication scheme.

The system or service for managing user names, passwords, groups, and authentication, can be specified.



Local Exclusively managed within the Matrix

LDAP Any LDAP directory service (do not select for configuring Windows Active Directory)

Active Directory Windows Active Directory service

NIMS Network Instruments Management Server appliance

RADIUS RADIUS authentication server

TACACS+ TACACS+ authentication server



4. Provide the information needed to connect to the authentication service.

Tooltips are available by pausing your pointer on each option, and the boxes highlight any missing details after you click Accept.

5. Click Save.



The Matrix now uses the selected authentication scheme for authenticating users.



26 | Matrix™ (pub. 25.Apr.2014)

How to authenticate locally

Selected by default, local authentication allows the Matrix to handle all users, groups, and permissions. This authentication scheme is especially useful if no third-party authentication server is available.

1. Starting in the dashboard, click System.

2. Click Authentication.

3. In the Authentication Scheme list, click Local.

4. Click Save.



The Matrix now uses local authentication for authenticating users.



How to authenticate using LDAP

Use LDAP authentication to allow an LDAP directory server to authenticate users.

1. Starting in the dashboard, click System.

2. Click Authentication.

3. In the Authentication Scheme list, click LDAP.

4. In the LDAP General Settings area:

a. In Server, type the server address.

b. In Port, type the port number.

c. In the Version list, click the protocol version.

d. In the Connection Security list, click a security type.

e. In Base DN, type the Base Distinguished Name.

The Base Distinguished Name is the root of the directory tree.

Note: Administrators should find the Base DN directly from the LDAP server to ensure accuracy.

f. In Bind DN, type the Bind Distinguished Name.

The Bind Distinguished Name is required for authenticating with the LDAP server and performing actions.

Note: The Bind DN associated with the Bind DN user account needs domain user privileges, and administrators

should find a suitable Bind DN directly from the LDAP server to ensure accuracy.

g. In Timeout in Seconds, type a value.

The duration a connection attempt waits before aborting.

Note: A connection retry attempt is made if this value elapses.

5. In Server, type the address of the server.

6. Click Save.



The Matrix now uses LDAP for authenticating users.



How to authenticate locally | 27

How to authenticate using Active Directory

Use Active Directory authentication to allow a Windows Active Directory server to authenticate users.

1. Starting in the dashboard, click System.

2. Click Authentication.

3. In the Authentication Scheme list, click Active Directory.

4. Configure the settings shown.

5. Click Save.



The Matrix now uses Active Directory for authenticating users.



How to authenticate using NIMS

Use NIMS authentication to allow a Network Instruments Management Server to authenticate users.

1. Starting in the dashboard, click System.

2. Click Authentication.

3. In the Authentication Scheme list, click NIMS.

4. Configure the settings shown.

5. Click Save.



The Matrix now uses NIMS for authenticating users.



How to authenticate using RADIUS

Use RADIUS authentication to allow a RADIUS server to authenticate users.

1. Starting in the dashboard, click System.

2. Click Authentication.

3. In the Authentication Scheme list, click RADIUS.

4. Configure the settings shown.

5. Click Save.



The Matrix now uses RADIUS for authenticating users.



How to authenticate using TACACS+

Use TACACS+ authentication to allow a TACACS+ server to authenticate users.

1. Starting in the dashboard, click System.

2. Click Authentication.

3. In the Authentication Scheme list, click TACACS+.

4. Configure the settings shown.

5. Click Save.



The Matrix now uses TACACS+ for authenticating users.



28 | Matrix™ (pub. 25.Apr.2014)

How to change the administrator password

The default admin user has full permissions and cannot be deleted. For these reasons, change the admin password as soon as possible.

The admin user in the Matrix is similar to the "root" user in other products.

To change the administrator password:

1. Starting in the dashboard, click System.

2. Click Authentication.

3. Click the Users tab.

4. Search for and click the admin user to select it.

5. In the menu bar, click Edit.

The Edit admin dialog box appears.

6. In the Set Password box, type a password.

7. In the Confirm Password box, re-type the same password.

8. Click OK.



You successfully changed the administrator password.



How to add users

You can add users so they have the ability to authenticate and log in.

When adding a user, be aware that each user of the Matrix must be assigned group membership. You are able to assign group membership during the creation of the user.

To add a user:

1. Starting in the dashboard, click System.

2. Click Authentication.

3. Click the Users tab.

4. Click Add.

5. Configure the settings of the user.



You successfully added a user. The user has a presence in the Matrix, and they inherit the permissions and properties of their group(s).



How to edit a user

You can edit a user to change its details. Doing so is especially useful when a user needs to change group memberships or be disabled from logging in.

To edit a user:

1. Starting in the dashboard, click System.

2. Click Authentication.

3. Click the Users tab.

4. Search for and click a Username.

How to change the administrator password | 29

5. Click Edit.

6. Configure the settings of the user.



You successfully edited a user. Any saved changes take effect immediately.



How to import users

You can import users from a remote authentication service. This allows users of the authentication service to become users in the Matrix appliance.

To import users:

1. Starting in the dashboard, click System.

2. Click Authentication.

3. Click the Users tab.

4. Click Import.

You are prompted to select users.

5. Search for and select the users to import.



You successfully imported the selected users.



How to delete a user

If a user is no longer needed, you can delete it.

Deleting a user erases it from the Matrix. The user can no longer log in or authenticate with the Matrix because the entry no longer exists.

Note: You can deactivate (disable) a user instead of deleting the user. To do this, edit the user.

To delete a user:

1. Starting in the dashboard, click System.

2. Click Authentication.

3. Click the Users tab.

4. Search for and click a Username.

5. Click Delete.

You are prompted to confirm the deletion.



You successfully deleted a user.



How to add a user group

You can add a new user group to provide the same permissions to multiple users. Doing so is also helpful for organizing users by location, department, or other classification.

To add a user group:

1. Starting in the dashboard, click System.

2. Click Authentication.

30 | Matrix™ (pub. 25.Apr.2014)

3. Click the Groups tab.

4. Click Add.

5. Configure the settings of the group.



You successfully added a user group. When user additions are made to the group, they inherit the permissions and properties of the group.



How to edit a user group

You can edit a user group to change the behavior of its members. Doing so is especially useful when a group requires a different permission set or to prohibit its members from logging in.

To edit a user group:

1. Starting in the dashboard, click System.

2. Click Authentication.

3. Click the Groups tab.

4. Search for and click a Group Name.

5. Click Edit.

6. Configure the settings of the group.



You successfully edited a user group. Any changes made to the group are now affecting its members.



How to delete a user group

If a user group is no longer needed, you can delete it.

To delete a user group:

1. Starting in the dashboard, click System.

2. Click Authentication.

3. Click the Groups tab.

4. Search for and click a Group Name.

5. Click Delete.

You are prompted to confirm the deletion.



You successfully deleted a user group.



How to edit a user group | 31

Chapter 7: Replication

How to replicate network traffic

You can replicate network traffic by connecting network ports to tool ports with load balancing disabled in the connecting rule. Doing so is useful when several different analysis tools need access to the same traffic.



Figure 2: Example of traffic replication



Replicating network traffic is straightforward using the Matrix: tool ports always replicate the traffic of network ports they are connected to (unless load balancing is enabled). The traffic that replicates is the post-processed traffic, such as after filtering, trimming, deduplication, and more, has occurred. Network traffic replication can only occur if load balancing is disabled in the connecting rule.

Note: To edit the active layout (the layout currently in use), perform edits directly from the Ports page. Edits to

the active layout take effect in real time.

To replicate network traffic:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. In the Layout list, select a layout.

3. Click the Actions list.

The Actions list is located near the top-right corner of the layout designer.

4. Click Edit.

32 | Matrix™ (pub. 25.Apr.2014)

5. Use a drag-and-drop operation to connect a network port to a tool port.

Successful connections are represented by lines between the ports and the appearance of an empty rule. The empty rule is a placeholder for introducing options such as filtering.

6. Use a drag-and-drop operation to connect another tool port to the same rule.

This step is repeatable, so connecting additional tool ports to the rule is possible. Each additional tool port being connected to the rule creates another replicated traffic stream.



Identical post-processed traffic is now being forwarded to each connected tool port. Replication such as this provides different tools with the same traffic.



Understanding network traffic replication

When traffic replication is used, a single data stream is copied and forwarded to multiple tool ports. Replication is necessary for providing identical traffic to different tools.



Traffic replication produces one or more copies of network traffic. In its simplest form, the Matrix is replicating network traffic just by connecting one network port to one tool port (page 17). The traffic arriving at the network port is replicated and forwarded to the connected tool port—this is traffic replication. The concept is similar to the use of network TAPs.



Use traffic replication to send the same traffic to many tools. When different tools need access to the same live traffic, some form of replication is necessary. Replication is achievable by using the Matrix, network TAPs, or

SPAN/mirror ports. The Matrix can produce many more copies of network traffic than these alternatives typically

allow. Plus, the tools receiving the replicated traffic can be switched in real-time using layouts (page 15).



Replicated traffic is always post-processed traffic. Traffic forwarded to tool ports is always traffic processed by a

rule (page 20). The rule may be empty (pass through all traffic) or have active options like deduplication (page

40), filtering (page 23), and more (page 6). In either case, the traffic sent to tool ports is always the traffic that

remains after the rule operates.



Avoid traffic replication when load balancing is active in the rule. Remember, the purpose of replication is to make identical copies of traffic. Load balancing produces the opposite effect: it creates a different stream for each tool port. For this reason, traffic replication cannot occur while load balancing is active (page 37) in the connecting rule.



Understanding network traffic replication | 33

Chapter 8: Aggregation and Speed Conversion

How to aggregate network links

You can aggregate network links by connecting many network ports to the same rule. Any tool ports connected to the same instance of this rule are being forwarded one stream of combined traffic.

Regarding the rule being used to aggregate the network links:

If load balancing is disabled: the aggregated traffic is replicated to all connected tool ports.

If load balancing is enabled: the aggregated traffic is balanced across all connected tool ports.

Note: To edit the active layout (the layout currently in use), perform edits directly from the Ports page. Edits to

the active layout take effect in real time.

To aggregate network links:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. In the Layout list, select a layout.

3. Click the Actions list.

The Actions list is located near the top-right corner of the layout designer.

4. Click Edit.

5. Use a drag-and-drop operation to connect a network port to a tool port.

Successful connections are represented by lines between the ports and the appearance of an empty rule. The empty rule is a placeholder for introducing options such as filtering.

6. Use a drag-and-drop operation to connect another network port to the same rule.

Both network ports are being aggregated and forwarded to the tool port.



Multiple network links (represented by network ports) are now aggregated.



34 | Matrix™ (pub. 25.Apr.2014)

Understanding network link aggregation

When link aggregation is used, traffic from multiple network ports is combined. The combined traffic can be forwarded to monitoring tools as a single stream of traffic.



Link aggregation combines traffic from multiple network ports into a single stream. The combined traffic can be forwarded to a tool port. Link aggregation brings traffic together from separate sources or locations (for instance, from several devices) and forwards the traffic as one stream to a single monitoring tool. Link aggregation can be enhanced further by using traffic replication (page 32), which allows the same traffic stream —aggregated traffic in this case—to be sent to more than one monitoring tool.

Tip! Aggregation occurs any time multiple network ports are connected to the same instance of a rule.



Use link aggregation for visibility of both sides of a link over a single interface. Consider this example scenario: your organization has placed a network TAP at the network edge, in front of the firewall. Behind the firewall is a switch with a SPAN port. Connect both the TAP analyzer link(s) and the SPAN port link of the switch to the Matrix. Finally, assign the links as network ports (page 19) in the Matrix and connect them to the same layout

rule (page 17). Visibility from both sides of a network link is achieved (in front of and behind the firewall) over

one interface—a single tool port.



Avoid aggregating links that are too saturated to aggregate without oversubscribing a tool port. Aggregating multiple 1 Gb links and forwarding the traffic out a 1 Gb tool port could, in some cases, oversubscribe the tool port and cause packets to drop. In these cases, you might have to enforce packet trimming (page 43) or

filtering (page 23) to lower the utilization enough that packets do not drop. Another strategy is to aggregate less

network links if possible. The best strategy is to ensure any tool port forwarding the aggregate traffic of multiple 1 Gb network ports is a 10 Gb link.



Link aggregation does not create more bandwidth. Regarding the Matrix, link aggregation only refers to combining traffic into a single interface. The links being aggregated do not experience increased throughput or bandwidth capacity.



Link aggregation does not automatically create link redundancy. Although link aggregation may have a role in a link redundancy strategy using the Matrix, aggregating network links does not provide any type of redundancy or high availability. However, if using the Matrix for this purpose, combining link aggregation with

traffic replication (page 32) can help you forward redundant traffic streams to identical tools in case one tool

malfunctions.



Link aggregation can affect how efficiently connected tools operate. When monitoring tools require great network visibility to perform efficiently, consolidating the traffic from many locations and sources is valuable to those tools. Plus, by combining link aggregation with traffic replication (page 32), the copies of the same combined traffic can be forwarded to different analysis tools.



How to perform speed conversion

Speed conversion creates network visibility for slower tools that cannot interface with faster networks, or where the physical connections are mismatched—like copper and optical. Perform speed conversion so existing tools can operate in these situations and others, such as combining multiple slower links into a single high speed interface.

Note: To edit the active layout (the layout currently in use), perform edits directly from the Ports page. Edits to

the active layout take effect in real time.

Speed conversion follows the same process as connecting a network port to a tool port. There is absolutely no special configuration required to accomplish speed conversion; these steps are just provided for convenience.

Understanding network link aggregation | 35

To perform speed conversion:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. In the Layout list, select a layout.

3. Click the Actions list.

The Actions list is located near the top-right corner of the layout designer.

4. Click Edit.

5. Use a drag-and-drop operation to connect a network port to a tool port.

Successful connections are represented by lines between the ports and the appearance of an empty rule. The empty rule is a placeholder for introducing options such as filtering.



You successfully performed speed conversion and created network visibility for slower tools that cannot interface with faster networks, or where the physical connections are mismatched.



Understanding speed conversion

Speed conversion creates network visibility. The Matrix can convert the speed and interface of a network link to something compatible with analysis tools. Analysis tools can then access traffic they cannot natively inspect.



Use speed conversion to connect slower tools to faster networks, or the opposite. Speed conversion allows network traffic to ingress the Matrix at one speed and egress to tools at a different speed.



Speed conversion also provides media conversion. For example, network port traffic arriving on copper cable can leave a tool port as an optical signal. Conversely, optical can be converted to copper. Media conversion is necessary when the medium between the network and a tool is mismatched. Media conversion is automatic, so connecting a network port to a tool port (page 17) is all that is required, provided the SFP/SFP+ modules are correct and the ports are licensed (page 46).



Converting a 10 Gb link to a 1 Gb link poses a risk. The risk of dropping packets greatly increases any time a faster link is converted to a slower link. Depending on the utilization of the faster link, the slower link might require

packet trimming, load balancing (page 39), or filtering (page 24), to avoid port oversubscription.



Converting a 1 Gb link to a 10 Gb link does not pose any risks. A slower link can usually be converted to a faster link without special considerations, as the throughput can never be greater than the maximum available egress bandwidth. The only exception occurs when network link aggregation (page 35) is used to aggregate more than ten 1 Gb network ports into one 10 Gb tool port.



36 | Matrix™ (pub. 25.Apr.2014)

Chapter 9: Load Balancing

How to load balance

With load balancing, you can distribute network port traffic more evenly across tool ports. Choose the type of load balancing that works best with your analysis tools: balance by network conversations or balance by packet volume.



Figure 3: Example of load balancing



How to load balance by conversation

Network port traffic can be load balanced by network conversation. Choose this type of load balancing if your connected tools work best with complete network conversations, like end-to-end HTTP sessions.

Prerequisite(s): 

These steps require that at least one rule exists in your rules library. You can create a new rule if necessary.



To load balance by network conversation:

1. Starting in the dashboard, click Rules.

The rules and filters designer appears, where rules and filters can be created and edited.

2. Ensure the Rules tab is selected.

3. Click a rule from the list.

The rule opens and is ready to edit.

Load Balancing | 37

4. Select Load Balance.

If selected, load balancing changes how traffic is moved from network ports to tool ports.

Note: The specific behavior is controlled by the load balance type.

5. In the Load Balance Type list, select Conversation.

Packets with identical characteristics, such as an identical IP pair, are forwarded exclusively to one tool port. By keeping these packets together, an intact conversation is likely being forwarded. Other unique conversations might be forwarded to the same or different tool port, creating a balanced distribution of conversations to all tool ports connected to the rule. Load balancing of this type is useful when connected tools need to perform analysis on complete network conversations.

6. Select any Conversation Fields for determining network conversations.

Conversations are traffic streams that must be kept together and forwarded intact to a tool port. How the system determines a conversation must be specified. For example, selecting only 'Include IP pair' indicates all connections between a unique IP pair must be kept intact and forwarded to the same tool port.

Note: Conversations become more granular as more selections are made, which can distribute traffic even more

equally in most network environments. However, this carries the risk of not providing tools with enough data for useful analysis.

7. Click Save.



You successfully enabled load balancing in a rule. Connecting this rule between network and tool ports causes the traffic to be balanced across the tool ports.



How to load balance by packet volume

Prerequisite(s): 

These steps require that at least one rule exists in your rules library. You can create a new rule if necessary.



To load balance by packet volume:

1. Starting in the dashboard, click Rules.

The rules and filters designer appears, where rules and filters can be created and edited.

2. Ensure the Rules tab is selected.

3. Click a rule from the list.

The rule opens and is ready to edit.

4. Select Load Balance.

If selected, load balancing changes how traffic is moved from network ports to tool ports.

Note: The specific behavior is controlled by the load balance type.

5. In the Load Balance Type list, select Packet.

Packets are equally distributed to tool ports using a round-robin method. By dividing the packet volume equally, link utilization is decreased between tool ports and connected tools by a factor of how many tool ports are connected to the rule. Network conversations are severed by using this type, so ensure that any connected tools can operate effectively without intact conversations.

6. Click Save.

38 | Matrix™ (pub. 25.Apr.2014)



You successfully enabled load balancing in a rule. Connecting this rule between network and tool ports causes the traffic to be balanced across the tool ports.



Understanding the load balancing process

When load balancing is active, traffic becomes more evenly distributed to monitoring tools. This ensures the monitoring tools are not overwhelmed, and network visibility can be improved.



Load balancing has different meanings in networking. The definition of load balancing can differ depending on the network device. In the Matrix, load balancing refers to forwarding network port traffic as evenly as possible to tool ports. The network traffic, measured by volume of network conversations or packets, is distributed as evenly as possible to tool ports connected to the rule.



Use load balancing when you have limited or no visibility to a faster network interface. Consider this scenario: your organization has a 10 Gb network link, but your analysis tools only have 1 Gb interfaces. Until the analysis

tools are upgraded, you have limited visibility into the network. One solution can be to use load balancing. For

example, a 10 Gb network link that is consistently utilized at 30% or less could be load balanced to three 1 Gb tool ports. Load balancing can play an important role in giving your organization the network visibility that a restrictive budget or other factor prohibits.



Always try dedicating enough tool ports to balance the traffic without dropping packets. Try dedicating a sufficient number of tool ports when load balancing; the exact number depends on many factors. You risk dropped packets (tool port oversubscription) without enough tool ports in a load balancing setup. Load balancing can still be used with an insufficient number of tool ports, but you might need to enforce packet

trimming (page 43) or filtering (page 23) to lower the utilization enough so that packets do not drop.



Load balancing does not provide any type of redundancy or failover for your connected tools. Although you could design a layout to replicate traffic (page 32) and forward it to multiple tool ports (page 17), a vital step in creating a simple redundancy strategy, load balancing is not designed to complement this goal. Replication (meaning load balancing is disabled) is a better choice when many tools need identical data. Load balancing guarantees that the load-balanced traffic forwarded to tools is never identical streams.



Load balancing does not interact with applications to achieve results. The purpose of load balancing is for taking traffic and distributing it more evenly to the analysis tools connected to tool ports. The Matrix is designed to perform load balancing without agent software or other potential points of failure. With the exception of packet trailers and recalculated CRC values after trimming (both disabled by default), the Matrix does not modify packets.



Load balancing should complement the analysis goals of connected tools. When load balancing, care should be taken to ensure tools receive the correct traffic for their intended purpose. For example, a monitoring tool that inspects header fields or specific strings in payload might benefit from packet-based load balancing (page

38).This tool could fulfill its intended purpose simply by observing individual packets. Conversely, a protocol

analyzer or performance management tool may need to receive full conversations using conversation load

balancing (page 37) to reconstruct data streams, measure VoIP quality, and more.



Understanding the load balancing process | 39

Chapter 10: Packet Deduplication

How to deduplicate packets

You can remove duplicate packets that reach the Matrix. This ensures that tool ports only send unique packets to analysis tools, increasing the accuracy and efficiency of analysis.

Packet deduplication requires two steps:

1. Enable packet deduplication in a rule.

2. Direct the Matrix to identify duplicate packets.



How to direct the Matrix to identify duplicate packets

You must direct the Matrix which packet fields to ignore when determining duplicate packets. For example, doing so ensures that packets with different Time to Live (TTL) values—yet are otherwise identical—are deduplicated.

The packet fields to ignore, for determining duplicate packets, are configurable in the layout properties. Unlike other settings, these settings affect the entire layout because the hardware-accelerated deduplication engines in the Matrix must work in parallel.

To direct the Matrix to identify duplicate packets according to your definition, complete the following steps:

1. Starting in the dashboard, click Ports.

The layout designer appears, where connections between network and tool ports can be created.

2. Click Properties.

3. In the Deduplicate Ignored Fields area, select which fields to ignore.

If selected, the criteria is ignored and not evaluated when determining duplicate packets.

Note: These options do not enable packet deduplication. Enable or disable packet deduplication within a rule.

4. Click OK



You successfully directed the Matrix to identify duplicate packets according to your definition. Remember, these settings affect the deduplication behavior of the entire layout, but packet deduplication is still enabled and disabled in individual rules.



40 | Matrix™ (pub. 25.Apr.2014)

How to enable packet deduplication in a rule

In a rule, you can enable packet deduplication. Any duplicate ingress packets, coming from network ports connected to the rule, are removed before being forwarded to tool ports and ultimately your analysis tools.

Prerequisite(s): 

These steps require that at least one rule exists in your rules library. You can create a new rule if necessary.



While duplicate packets are determined by how your layout properties are configured, the actual implementation of the packet deduplication feature is still controlled on a per-rule basis. This ensures that individual rules remain the deciding factor if packet deduplication is enabled or not. When packet deduplication is enabled in a rule, however, the deduplication behavior is always controlled by the layout the rule is used in.

To enable packet deduplication in a rule:

1. Starting in the dashboard, click Rules.

The rules and filters designer appears, where rules and filters can be created and edited.

2. Ensure the Rules tab is selected.

3. Click a rule from the list.

The rule opens and is ready to edit.

4. Select Deduplicate.

If selected, hardware-accelerated packet deduplication removes duplicate ingress packets in real time.

Note: Criteria for determining if a packet is a duplicate is configurable in the layout properties.

5. Click Save.



Packet deduplication is now enabled in the rule. Connecting this rule between network and tool ports causes the removal of duplicate ingress packets. Due to this, no duplicate packets are forwarded to tool ports, and therefore none are forwarded to your analysis tools.



Understanding packet deduplication

Duplicate packets lower the statistical accuracy of analysis, increase network link saturation, and can interfere with tools. Packet deduplication removes duplicate packets and helps you avoid those situations.



A duplicate packet is any packet that is identical to another packet within 600 milliseconds or 6000 packets, whichever comes first. The packet header is inspected and all fields must be identical. Any packet that falls outside of that range is considered unique to ensure throughput for your network.

Duplicate packets are tracked on a per connection basis. If two identical packets are received on two different network ports, they are tracked and one is marked as a duplicate as long as both packets pass through the same connection.

Identifying duplicate packets from a SPAN/mirror port or TAP is relatively straight forward because those devices send multiple copies of the same packet. However, there are some situations where the header has been modified slightly during the packet's journey. These situations require some fine-tuning of the deduplication settings to ignore those fields that were modified before the duplicate packet is received.



What is deduplication and why do I need it?

Deduplication is useful when multiple copies of the same packet are received, but only a single copy should be recorded and forwarded out the tool ports.

Duplicate traffic is part of any network environment and is unavoidable. However, reducing duplicate packets as much as possible helps ensure your network is more efficient. It also allows your tools to be more accurate.

How to enable packet deduplication in a rule | 41

Duplicate packets reduce statistical accuracy, which leads to higher preceived levels of traffic or network connections.

In some cases you may want to retain the duplicate packets, such as when packets are being looped or when multiple VLANs are used with your Matrix. Retaining a copy of duplicate packets and their traversal through both VLANs may be necessary when verifying whether the traffic was routed properly.

If you experience duplicate packets, consider your analytical needs and network topology when deciding whether deduplication should be used.

Scenario 1: Receiving network traffic from multiple routers

Cause of duplicates: Some packets are traversing multiple routers and those routers are copying their traffic to the SPAN/mirror port. When this occurs it causes duplicate packets in the Matrix.

Non-duplicate fields: Not only is each router decrementing the TTL field in the IP header, but it is also modifying the MAC address.

Solution: Ignore the MAC address pair and TTL fields.

Scenario 2: Receiving network traffic from multiple VLANs



Cause of duplicates: Some packets are traversing some of your VLANs. If the SPAN/mirror port is configured to copy packets traversing each VLAN, any packets that travel through multiple VLANs are duplicated.

Non-duplicate fields: In the Ethernet header, the Ethertype field may change if the packet is not encapsulated with a VLAN header when the packet is copied. If both packets contain a VLAN encapsulation header, then the VLAN values will differ. It is possible the TTL field may also differ, and in some situations, the MAC address pair may have changed.

Solution: Ignore the Ethertype and VLAN/MPLS fields, and it may also be necessary to ignore the TTL and the MAC address pair fields.



42 | Matrix™ (pub. 25.Apr.2014)

Chapter 11: Packet Trimming

How to trim packets

Any time egress packet sizes must be controlled—not the volume or type—packet trimming is the solution. Use packet trimming to set the maximum number of bytes per packet to forward to analysis tools.

Prerequisite(s): 

These steps require that at least one rule exists in your rules library. You can create a new rule if necessary.



Some benefits of packet trimming with the Matrix include:

Lowering link utilization between tool ports and tools

Removing sensitive payload from further analysis

Extending the effective storage space of a protocol analyzer

To enable packet trimming in a rule:

1. Starting in the dashboard, click Rules.

The rules and filters designer appears, where rules and filters can be created and edited.

2. Ensure the Rules tab is selected.

3. Click a rule from the list.

The rule opens and is ready to edit.

4. Select Packet Trim.

If selected, packets larger than the Trim Length value are truncated to a specified size. Packets smaller than the Trim Length value are unchanged.

Note: Packet trimming is especially useful for increasing monitoring tool performance and removing sensitive

information from analysis.

5. In the Trim Length list, click a trim length.

Only the first N-bytes of each ingress packet are forwarded to tool ports. A new 4-byte CRC value is affixed to each trimmed packet. Valid values are: 64, 128, 192, 256, 384, and 512.

Packet Trimming | 43

Note: The resulting size of trimmed packets forwarded to tool ports always includes the 4-byte CRC, such that a

Trim Length value of 64 (bytes) would trim a 900 byte ingress packet to 60 bytes and then affix the 4-byte CRC, for a resulting size of 64 bytes.

6. Click Save.



You successfully enabled packet trimming in a rule. Connecting this rule between network and tool ports causes ingress packets to be trimmed, if necessary, before being forwarded to analysis tools.



44 | Matrix™ (pub. 25.Apr.2014)

Chapter 12: Firmware

How to upgrade the firmware

You can upgrade the firmware to ensure maximum performance and stability of the system, and to update the documentation and tooltips.

Prerequisite(s):  Network Instruments continually releases improvements through firmware updates. Ensure you have the latest

firmware by downloading it from ftp://ftp.netinst.com/pub/Matrix/1024/firmware/.



Firmware upgrades consist of two simultaneous updates:

1. An update to the user interface

2. An update to the switch board

Both updates are performed simultaneously during a single firmware upgrade.

Network traffic continues processing during the upgrade, except for a momentary interruption at the end of the switch board update which takes approximately 20 minutes.

The user interface is unavailable for approximately 5 minutes while it is updating.

The overall process may take up to 30 minutes to complete.

1. Starting in the dashboard, click System.

2. Click Firmware.

3. Click Browse.

4. Browse to a firmware file using the dialog box and click Open.

5. Click Upload.

The file uploads in the background, so do not close your browser. After the upload is complete, the file is verified and unpacked.

If successful, an Upgrade button appears in the menu bar.

6. Click Upgrade.



The firmware upgrade has successfully started. The overall process may take up to 30 minutes to complete.



Firmware | 45

Chapter 13: Licensing

Understanding the licensing process

Your Matrix is pre-licensed. Relicensing the device requires that you request a new license from Network Instruments and then import a multi-line license string.

The device is pre-licensed at the factory. The license enables ports in blocks of four starting at port 1. It also indicates the number of blocks that are 10 Gb-capable. If you have eight ports licensed, you may only use ports 1-8. Ports 9-24 remain dark and unusable even if you insert an SFP module. If you need more ports or blocks of 10 Gb, you can request a license upgrade.

A license is tied to a specific hardware device and is non-transferable. Therefore, a license generated for one device cannot be used on another device.

How to request a new license

Request a new license if you are adding functionality such as additional ports or speed capability or in the extremely rare instance where your license file is corrupt.

If you are upgrading several devices, you must generate a license request from each one.

1. Starting in the dashboard, click System.

2. Click License.

3. Click Generate License Request.

4. Verify the name of your company in the Organization box is correct. Click OK.

This generates a multi-line license string.

5. Right-click and copy the entire string (including the License Begin and License End lines) and send it to Network Instruments in an e-mail.

If you are keeping the same number of ports and capabilities, send the e-mail to

logistics@networkinstruments.com.

If you are adding new ports or upgrading the capabilities, contact your sales representative.

46 | Matrix™ (pub. 25.Apr.2014)

Tip! If you are upgrading many devices at once, create a document with the host name from System > System

Info and device license ID from System > License. Doing so makes matching license to the correct device easier

later on when you receive the new licenses.



You will receive an e-mail message from Network Instruments with the device license ID and a new license string. Save this e-mail message!



How to relicense the device

Import a new license if you are adding functionality such as additional ports or speed capability or in the extremely rare instance where your license file is corrupt.

Prerequisite(s): 

License e-mail with the license string.



If you are upgrading several devices, you must import the license specific to that device. It is matched by the device license ID.

1. Locate the license string for the device to be relicensed and copy the entire string (including the License Begin and License End lines) to your computer's clipboard.

This places the text string in memory and is used later in this procedure.

2. Starting in the dashboard, click System.

3. Click License.

4. Click Import License.

If you are upgrading several devices, your document matching each host name with its device license ID.

5. Paste the license string from step 1.



The license takes effect immediately. If your license adds new functionality, it is available now. No system restart is necessary.



If the license cannot be imported, it may be because the license:

Was incorrectly copied/pasted (in other words, characters are missing). Ensure the entire string block is copied.

Is invalid for this device. The string you copied may be a valid license, but not for this specific system. Double check the device license ID on from System > System Info.



Is invalid. Contact Technical Support.

How to relicense the device | 47

Index

Active Directory 28 admin account 29 aggregation 34 authentication 26

Active Directory 28 LDAP 27 local 27 NIMS 28 RADIUS 28 TACACS+ 28

balancing, load 37

clock source 11 conversion 35

deduplication 40

customize 40 enable 41

filters

bind 23 create 23 edit 24

firmware 45

GPS 11 groups

add 30 delete 31 edit 31

IEEE-1588 11 IPv4 10 IPv6 10

layout

activate 15 create 14 edit 13 export 15

import 15 LDAP 27 load balancing 37 local authentication 27

network ports 17, 19 network settings

IPv4 10

IPv6 10 NIMS 28 NTP 11

packet size 43 password, changing 29 ports, network 17, 19 ports, tool 17, 18

RADIUS 28 replication 32 rules

apply 21, 22

create 20

edit 21

speed conversion 35 system time 11

48 | Index (pub. 25.Apr.2014)

TACACS+ 28 tool ports 17, 18 trimming 43

users

add 29 delete 30 disable 30 edit 29 import 30

| 49

Network Instruments Matrix User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual