How it Works
Viavi
Loading...
10/100 Copper nTAP
User Manual
30 pgs2.74 Mb0

Viavi 10/100 Copper nTAP User Manual

10/100 Copper TAP
User Guide
7 Feb 2018
Notice
Every effort was made to ensure that the information in this manual was accurate at the time of printing. However, information is subject to change without notice, and VIAVI reserves the right to provide an addendum to this manual with information not available at the time that this manual was created.
© Copyright 2017 VIAVI Solutions Inc. All rights reserved. VIAVI and the VIAVI logo are trademarks of VIAVI Solutions Inc. (“VIAVI”). All other trademarks and registered trademarks are the property of their respective owners. No part of this guide may be reproduced or transmitted, electronically or otherwise, without written permission of the publisher.
Copyright release
Reproduction and distribution of this guide is authorized for Government purposes only.
Terms and conditions
Specifications, terms, and conditions are subject to change without notice. The provision of hardware, services, and/or software are subject to VIAVI standard terms and conditions, available at www.viavisolutions.com/terms.
Specifications, terms, and conditions are subject to change without notice. All trademarks and registered trademarks are the property of their respective companies.
Federal Communications Commission (FCC) Notice
This product was tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This product generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this product in a residential area is likely to cause harmful interference, in which case you will be required to correct the interference at your own expense.
The authority to operate this product is conditioned by the requirements that no modifications be made to the equipment unless the changes or modifications are expressly approved by VIAVI.
Laser compliance
This device is a class 1 laser product.
Industry Canada Requirements
This Class A digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.
WEEE and Battery Directive Compliance
VIAVI has established processes in compliance with the Waste Electrical and Electronic Equipment (WEEE) Directive, 2002/96/EC, and the Battery Directive, 2006/66/EC.
This product, and the batteries used to power the product, should not be disposed of as unsorted municipal waste and should be collected separately and disposed of according to your national regulations. In the European Union, all equipment and batteries purchased from VIAVI after 2005-08-13 can be returned for disposal at the end of its useful life. VIAVI will ensure that all waste equipment and batteries returned are reused, recycled, or disposed of in an environmentally friendly manner, and in compliance with all applicable national and international waste legislation.
It is the responsibility of the equipment owner to return equipment and batteries to VIAVI for appropriate disposal. If the equipment or battery was imported by a reseller whose name or logo is marked on the equipment or battery, then the owner should return the equipment or battery directly to the reseller.
Instructions for returning waste equipment and batteries to VIAVI can be found in the Environmental section of VIAVI web site at . If you have questions concerning disposal of your equipment or batteries, contact VIAVI WEEE Program Management team at
WEEE.EMEA@viavisolutions.com.
Technical Support
North America 1.844.GO VIAVI / 1.844.468.4284
Latin America +52 55 5543 6644
EMEA +49 7121 862273
APAC +1 512 201 6534
All Other Regions viavisolutions.com/contacts
email customer.care@viavisolutions.com
Support hours are 7:00 A.M to 7:00 P.M. (local time for each office).
Table of Contents
Chapter 1: Getting started............................................................................................5
10/100 Copper nTAP Overview..................................................................................................... 5
Security, convenience, and dependability................................................................................. 5
Chapter 2: Why choose a TAP or SPAN port............................................................... 6
Choosing between a SPAN, Aggregator, or full-duplex TAP................................................6
Deciding whether to use a TAP or a SPAN/mirror port....................................................8
When to use a SPAN/mirror port..........................................................................................10
When to use the Aggregator TAP.........................................................................................12
When to use a full-duplex TAP..............................................................................................13
Chapter 3: Features......................................................................................................14
Features............................................................................................................................................. 14
Chapter 4: Standard and Optional Parts................................................................... 15
Parts....................................................................................................................................................15
Chapter 5: 10/100 Copper nTAP Installation..............................................................16
Installing............................................................................................................................................16
Chapter 6: LEDs and connection sequence............................................................... 18
Chapter 7: Technical Specifications........................................................................... 20
Technical specifications................................................................................................................20
Chapter 8: Troubleshooting........................................................................................22
What happens if my TAP loses power?...................................................................................22
What latency does a TAP create?..............................................................................................22
Are the analyzer ports “send only”?.........................................................................................22
Not seeing traffic at the analyzer from the TAP..................................................................23
Can I “team” or bond NICs in my analyzer?...........................................................................23
How do I connect my failover devices?..................................................................................24
Choosing crossover or straight-through cables.................................................................... 25
I am seeing CRC errors on my network.................................................................................. 26
VLAN tags not visible at the analyzer.................................................................................... 26
Memory.............................................................................................................................................26
Maximum frame size.................................................................................................................... 26
Understanding why Link B is active when Link A is offline..............................................26
Chapter 9: FCC compliance statement...................................................................... 28
Index..............................................................................................................................29
4 Table of Contents (7 Feb 2018) — Archive/Non-authoritative version
Chapter 1: Getting started
10/100 Copper nTAP Overview
Thank you for purchasing the 10/100 Copper nTAP. Your new product is the most robust, secure, and convenient mechanism for network analyzers and similar devices to copy data streams from high-capacity network links.
1
A network Test Access Port (TAP) provides access to the data streams passing through a high-speed, full-duplex network link (typically between a network device and a switch). The TAP copies both sides of a full-duplex link (copper or optical, depending on type of TAP), and sends the copied data streams to an analyzer, probe, intrusion detection system (IDS) or any other analysis device. There are different TAP models available to monitor both copper and optical links.
Security, convenience, and dependability
The security and convenience of a TAP makes it preferable to inline connections for network analysis and intrusion detection and prevention (IDS/IPS) applications.
Because a TAP has no address on the network, the TAP and the analyzer connected to it cannot be the target of a hack or virus attack. TAPs are economical to install, allowing you to leave them permanently deployed. This allows you to connect and disconnect the analysis device as needed without breaking the full-duplex connection, much like plugging in an electrical device.
A TAP is also preferable to using a switch’s SPAN/mirror port to copy the data stream. Unlike the SPAN/mirror port, a TAP will not filter any SPAN/mirror port is a half-duplex link (that is, a send-only “simplex” data stream), it has the capacity to transmit only half of a fully-saturated link. Additionally, a TAP does not use any of the switch’s CPU resources.
10/100 Copper nTAP - 5
2
Chapter 2: Why choose
a TAP or SPAN port
Choosing between a SPAN, Aggregator, or full-duplex TAP
Whether you use a SPAN/mirror port, aggregator TAP, or full-duplex TAP depends on the saturation level of the link (up to 200% of link speed when both sides are combined) you want to monitor and the level of visibility you require.
There are numerous ways to access full-duplex traffic on a network for analysis: SPAN/mirror ports, Aggregator TAPs, or full-duplex TAPs are the three most common.
Each approach has advantages and disadvantages. SPANs and Aggregator TAPs are designed to work with a standard (and usually less expensive) network card on the analysis device, but their limitations make them less than ideal for situations where it is necessary to guarantee the visibility of every packet on the wire.
A full-duplex TAP is the ideal solution for monitoring full-duplex networks utilized at more than 50 percent (100% when both sides are combined), but its design requires that the analyzer be a specialized device with a dual-receive capture interface that is capable of capturing the TAP’s output, providing accurate timing, and recombining the data for analysis.
Table 1 (page 7) list the advantages and disadvantages of three common
methods of accessing traffic from full-duplex networks for analysis, monitoring, or forensics:
10/100 Copper nTAP - 6
Table 1. Methods of accessing traffic
Requires power X X
Better2 protection against dropped packets
Uses single-receive capture card
Uses internal buffer to mitigate traffic spikes
Suitable for networks with light to moderate traffic with occasional spikes
Passes OSI Layer 1 & 2 errors
Not Addressable (cannot be hacked)
Requires dual­receive capture card
Ideal for heavy traffic/critical networks
Suitable for networks with light to moderate traffic
Remotely configurable
1. The Optical TAP does not require power, but the Copper TAP does.
2. Better protection against dropping packets than SPAN/mirror.
3. Although the Aggregator TAP has an internal buffer that mitigates spikes in traffic, when the
buffer itself is full, the new packets are dropped until the output of the buffer can catch up.
Aggregator SPAN/Mirror Full-Duplex
1
X
X
X X
3
X
X
X
X
X
X
X
X
X
X
X
Whether you are monitoring a network for security threats or capturing and decoding packets while troubleshooting, you need a reliable way to see the network traffic. The appropriate TAP for capturing full-duplex data for analysis depends on the rates of traffic you must monitor, and what level of visibility you require.
Attaching a monitoring or analysis device to a switch’s analyzer port
(SPAN/mirror port) to monitor a full-duplex link.
Because a SPAN/mirror port is a send-only simplex stream of data there is a potential bottleneck when trying to mirror both sides of a full-duplex
Choosing between a SPAN, Aggregator, or full-duplex TAP
Chapter 2: Why choose a TAP or SPAN port 7
link to the analyzer’s single receive channel. When to use a SPAN/mirror
port (page 10).
Attaching a monitoring or analysis device to an Aggregator TAP inserted
into a full-duplex link.
As with a SPAN, the Aggregator TAP copies both sides of a full-duplex link to the analyzer’s single receive channel. It uses buffering which makes it somewhat better able to keep up with higher traffic levels than a SPAN. For more details, see When to use the Aggregator TAP (page 12) and .
Attaching a dual-receive monitoring or analysis device to a full-duplex TAP
inserted into a full-duplex link.
Dual-receive means that the network card on the analysis device has two receive channels rather than the transmit and receive channels associated with a standard full-duplex link. For more details, see When to use a full-
duplex TAP (page 13).
Deciding whether to use a TAP or a SPAN/mirror port
SPANs are great for proof of concepts and lightly used links. TAPs ensure you get all of the traffic, including on high speed links, and physical layer errors.
A TAP is a passive splitting mechanism installed between a device of interest and the network. A TAP copies the incoming network traffic and splits it. It passes the network traffic to the network and sends a copy of that traffic (both send and receive) to a monitoring device in real time.
A SPAN/mirror port on a switch that copies traffic on a port or group of ports and sends the copied data to an analyzer. By its very nature it is half-duplex, which means that it cannot send all of the send and receive traffic it sees if traffic exceeds 50% of the bandwidth. Moreover, switch manufacturers design their products so that the SPAN/mirror port has a lower priority in the switch operating system. Therefore, one of the first things to stop working when the switch gets busy is the SPAN/mirror port traffic flow. A SPAN/mirror port is fine for connections to stations at the edge of your network, but may be unable to keep up with the higher traffic volumes on your full duplex links at the core of your network. It is convenient for a proof of concept, but cannot pass physical layer errors (poorly formed packets, runts, CRCs) to the analyzer and give you all of the visibility you need for Gigabit, 10 Gigabit or 40 Gigabit networks, but a TAP will.
Most enterprise switches copy the activity of one or more ports through a Switch Port Analyzer (SPAN) port, also known as a mirror port. An analysis device can then be attached to the SPAN port to access network traffic.
There are four common ways to get full duplex data to a probe or analyzer:
Connect the probe to a SPAN/mirror port. A SPAN/mirror port can provide
a copy of all designated traffic on the switch in real time, assuming bandwidth utilization is below 50% of full capacity.
Deploy an Aggregator TAP on critical full duplex links. Deploy a full duplex TAP on critical links to capture traffic. For some
types of traffic, such as full duplex gigabit links, TAPs are the only way to guarantee complete analysis, especially when traffic levels are high.
Traffic aggregators, like the Observer Matrix, allow you to copy and filter
full duplex traffic. Because full-duplex Ethernet links lies at the core of
Choosing between a SPAN, Aggregator, or full-duplex TAP
8 10/100 Copper nTAP (7 Feb 2018) — Archive/Non-authoritative version
most corporate networks, ensuring completely transparent analyzer access
to those links is critical.
Figure 1: TAP versus SPAN
Table 2. TAP versus SPAN
Pros Greatly reduces the risk of
Cons Analysis device may need
TAP SPAN/mirror port
dropped packets
Monitoring device receives all packets, including physical errors
Provides full visibility into full­duplex networks
dual-receive capture interface if you are using a full-duplex TAP (does not apply to the Aggregator TAP family)
Additional cost with purchase of TAP hardware
Cannot monitor intra-switch traffic
Bottom line A TAP is ideal when analysis
requires seeing all the traffic, including physical-layer errors. A TAP is required if network utilization is moderate to heavy. The Aggregator TAP can be used as an effective compromise between a TAP and SPAN port, delivering some of the advantages
Low cost
Remotely configurable from any system connected to the switch
Able to copy intra-switch traffic
Cannot handle heavily utilized full-duplex links without dropping packets
Filters out physical layer errors, hampering some types of analysis
Burden placed on a switch’s CPU to copy all data passing through ports
Switch puts lower priority on SPAN port data than regular port-to-port data
Can change the timing of frame interaction altering response times
A SPAN port performs well on low-utilized networks or when analysis is not affected by dropped packets.
Choosing between a SPAN, Aggregator, or full-duplex TAP
Chapter 2: Why choose a TAP or SPAN port 9
Loading...
+ 21 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use