Viavi 10/100 Copper nTAP User Manual

10/100 Copper TAP

User Guide

7 Feb 2018

Notice

Every effort was made to ensure that the information in this manual was accurate at the time of printing. However, information
is subject to change without notice, and VIAVI reserves the right to provide an addendum to this manual with information not
available at the time that this manual was created.

Copyright

© Copyright 2017 VIAVI Solutions Inc. All rights reserved. VIAVI and the VIAVI logo are trademarks of VIAVI Solutions Inc. (“VIAVI”).
All other trademarks and registered trademarks are the property of their respective owners. No part of this guide may be
reproduced or transmitted, electronically or otherwise, without written permission of the publisher.

Copyright release

Reproduction and distribution of this guide is authorized for Government purposes only.

Terms and conditions

Specifications, terms, and conditions are subject to change without notice. The provision of hardware, services, and/or software
are subject to VIAVI standard terms and conditions, available at www.viavisolutions.com/terms.

Specifications, terms, and conditions are subject to change without notice. All trademarks and registered trademarks are the
property of their respective companies.

Federal Communications Commission (FCC) Notice

This product was tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.
These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This product generates, uses, and can radiate radio frequency energy and, if not installed and used in
accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this product in a
residential area is likely to cause harmful interference, in which case you will be required to correct the interference at your own
expense.

The authority to operate this product is conditioned by the requirements that no modifications be made to the equipment unless
the changes or modifications are expressly approved by VIAVI.

Laser compliance

This device is a class 1 laser product.

Industry Canada Requirements

This Class A digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.

WEEE and Battery Directive Compliance

VIAVI has established processes in compliance with the Waste Electrical and Electronic Equipment (WEEE) Directive, 2002/96/EC,
and the Battery Directive, 2006/66/EC.

This product, and the batteries used to power the product, should not be disposed of as unsorted municipal waste and should be
collected separately and disposed of according to your national regulations. In the European Union, all equipment and batteries
purchased from VIAVI after 2005-08-13 can be returned for disposal at the end of its useful life. VIAVI will ensure that all waste
equipment and batteries returned are reused, recycled, or disposed of in an environmentally friendly manner, and in compliance
with all applicable national and international waste legislation.

It is the responsibility of the equipment owner to return equipment and batteries to VIAVI for appropriate disposal. If the
equipment or battery was imported by a reseller whose name or logo is marked on the equipment or battery, then the owner
should return the equipment or battery directly to the reseller.

Instructions for returning waste equipment and batteries to VIAVI can be found in the Environmental section of VIAVI web site
at . If you have questions concerning disposal of your equipment or batteries, contact VIAVI WEEE Program Management team at

WEEE.EMEA@viavisolutions.com.

Technical Support

North America 1.844.GO VIAVI / 1.844.468.4284

Latin America +52 55 5543 6644

EMEA +49 7121 862273

APAC +1 512 201 6534

All Other Regions viavisolutions.com/contacts

email customer.care@viavisolutions.com

Support hours are 7:00 A.M to 7:00 P.M. (local time for each office).

Table of Contents

Chapter 1: Getting started............................................................................................5

10/100 Copper nTAP Overview..................................................................................................... 5

Security, convenience, and dependability................................................................................. 5

Chapter 2: Why choose a TAP or SPAN port............................................................... 6

Choosing between a SPAN, Aggregator, or full-duplex TAP................................................6

Deciding whether to use a TAP or a SPAN/mirror port....................................................8

When to use a SPAN/mirror port..........................................................................................10

When to use the Aggregator TAP.........................................................................................12

When to use a full-duplex TAP..............................................................................................13

Chapter 3: Features......................................................................................................14

Features............................................................................................................................................. 14

Chapter 4: Standard and Optional Parts................................................................... 15

Parts....................................................................................................................................................15

Chapter 5: 10/100 Copper nTAP Installation..............................................................16

Installing............................................................................................................................................16

Chapter 6: LEDs and connection sequence............................................................... 18

Chapter 7: Technical Specifications........................................................................... 20

Technical specifications................................................................................................................20

Chapter 8: Troubleshooting........................................................................................22

What happens if my TAP loses power?...................................................................................22

What latency does a TAP create?..............................................................................................22

Are the analyzer ports “send only”?.........................................................................................22

Not seeing traffic at the analyzer from the TAP..................................................................23

Can I “team” or bond NICs in my analyzer?...........................................................................23

How do I connect my failover devices?..................................................................................24

Choosing crossover or straight-through cables.................................................................... 25

I am seeing CRC errors on my network.................................................................................. 26

VLAN tags not visible at the analyzer.................................................................................... 26

Memory.............................................................................................................................................26

Maximum frame size.................................................................................................................... 26

Understanding why Link B is active when Link A is offline..............................................26

Chapter 9: FCC compliance statement...................................................................... 28

Index..............................................................................................................................29

4 Table of Contents (7 Feb 2018) — Archive/Non-authoritative version

Chapter 1: Getting started

10/100 Copper nTAP Overview

Thank you for purchasing the 10/100 Copper nTAP. Your new product is the most
robust, secure, and convenient mechanism for network analyzers and similar
devices to copy data streams from high-capacity network links.

1

A network Test Access Port (TAP) provides access to the data streams passing
through a high-speed, full-duplex network link (typically between a network
device and a switch). The TAP copies both sides of a full-duplex link (copper or
optical, depending on type of TAP), and sends the copied data streams to an
analyzer, probe, intrusion detection system (IDS) or any other analysis device.
There are different TAP models available to monitor both copper and optical
links.

Security, convenience, and dependability

The security and convenience of a TAP makes it preferable to inline connections
for network analysis and intrusion detection and prevention (IDS/IPS)
applications.

Because a TAP has no address on the network, the TAP and the analyzer
connected to it cannot be the target of a hack or virus attack. TAPs are
economical to install, allowing you to leave them permanently deployed. This
allows you to connect and disconnect the analysis device as needed without
breaking the full-duplex connection, much like plugging in an electrical device.

A TAP is also preferable to using a switch’s SPAN/mirror port to copy the data
stream. Unlike the SPAN/mirror port, a TAP will not filter any SPAN/mirror port is
a half-duplex link (that is, a send-only “simplex” data stream), it has the capacity
to transmit only half of a fully-saturated link. Additionally, a TAP does not use
any of the switch’s CPU resources.

10/100 Copper nTAP - 5

2

Chapter 2: Why choose

a TAP or SPAN port

Choosing between a SPAN, Aggregator, or full-duplex
TAP

Whether you use a SPAN/mirror port, aggregator TAP, or full-duplex TAP depends
on the saturation level of the link (up to 200% of link speed when both sides are
combined) you want to monitor and the level of visibility you require.

There are numerous ways to access full-duplex traffic on a network for analysis:
SPAN/mirror ports, Aggregator TAPs, or full-duplex TAPs are the three most
common.

Each approach has advantages and disadvantages. SPANs and Aggregator TAPs
are designed to work with a standard (and usually less expensive) network
card on the analysis device, but their limitations make them less than ideal for
situations where it is necessary to guarantee the visibility of every packet on the
wire.

A full-duplex TAP is the ideal solution for monitoring full-duplex networks
utilized at more than 50 percent (100% when both sides are combined), but its
design requires that the analyzer be a specialized device with a dual-receive
capture interface that is capable of capturing the TAP’s output, providing
accurate timing, and recombining the data for analysis.

Table 1 (page 7) list the advantages and disadvantages of three common

methods of accessing traffic from full-duplex networks for analysis, monitoring,
or forensics:

10/100 Copper nTAP - 6

Table 1. Methods of accessing traffic

Requires power X X

Better2 protection
against dropped
packets

Uses single-receive
capture card

Uses internal buffer
to mitigate traffic
spikes

Suitable for
networks with light
to moderate traffic
with occasional
spikes

Passes OSI Layer 1
& 2 errors

Not Addressable
(cannot be hacked)

Requires dual­receive capture
card

Ideal for heavy
traffic/critical
networks

Suitable for
networks with light
to moderate traffic

Remotely
configurable

1. The Optical TAP does not require power, but the Copper TAP does.

2. Better protection against dropping packets than SPAN/mirror.

3. Although the Aggregator TAP has an internal buffer that mitigates spikes in traffic, when the

buffer itself is full, the new packets are dropped until the output of the buffer can catch up.

Aggregator SPAN/Mirror Full-Duplex

1

X

X

X X

3

X

X

X

X

X

X

X

X

X

X

X

Whether you are monitoring a network for security threats or capturing and
decoding packets while troubleshooting, you need a reliable way to see the
network traffic. The appropriate TAP for capturing full-duplex data for analysis
depends on the rates of traffic you must monitor, and what level of visibility you
require.

♦ Attaching a monitoring or analysis device to a switch’s analyzer port

(SPAN/mirror port) to monitor a full-duplex link.

Because a SPAN/mirror port is a send-only simplex stream of data there
is a potential bottleneck when trying to mirror both sides of a full-duplex

Choosing between a SPAN, Aggregator, or full-duplex TAP

Chapter 2: Why choose a TAP or SPAN port 7

link to the analyzer’s single receive channel. When to use a SPAN/mirror

port (page 10).

♦ Attaching a monitoring or analysis device to an Aggregator TAP inserted

into a full-duplex link.

As with a SPAN, the Aggregator TAP copies both sides of a full-duplex link
to the analyzer’s single receive channel. It uses buffering which makes it
somewhat better able to keep up with higher traffic levels than a SPAN.
For more details, see When to use the Aggregator TAP (page 12) and .

♦ Attaching a dual-receive monitoring or analysis device to a full-duplex TAP

inserted into a full-duplex link.

Dual-receive means that the network card on the analysis device has two
receive channels rather than the transmit and receive channels associated
with a standard full-duplex link. For more details, see When to use a full-

duplex TAP (page 13).

Deciding whether to use a TAP or a SPAN/mirror port

SPANs are great for proof of concepts and lightly used links. TAPs ensure you get
all of the traffic, including on high speed links, and physical layer errors.

A TAP is a passive splitting mechanism installed between a device of interest and
the network. A TAP copies the incoming network traffic and splits it. It passes the
network traffic to the network and sends a copy of that traffic (both send and
receive) to a monitoring device in real time.

A SPAN/mirror port on a switch that copies traffic on a port or group of ports
and sends the copied data to an analyzer. By its very nature it is half-duplex,
which means that it cannot send all of the send and receive traffic it sees if
traffic exceeds 50% of the bandwidth. Moreover, switch manufacturers design
their products so that the SPAN/mirror port has a lower priority in the switch
operating system. Therefore, one of the first things to stop working when the
switch gets busy is the SPAN/mirror port traffic flow. A SPAN/mirror port is fine
for connections to stations at the edge of your network, but may be unable to
keep up with the higher traffic volumes on your full duplex links at the core of
your network. It is convenient for a proof of concept, but cannot pass physical
layer errors (poorly formed packets, runts, CRCs) to the analyzer and give you all
of the visibility you need for Gigabit, 10 Gigabit or 40 Gigabit networks, but a
TAP will.

Most enterprise switches copy the activity of one or more ports through a Switch
Port Analyzer (SPAN) port, also known as a mirror port. An analysis device can
then be attached to the SPAN port to access network traffic.

There are four common ways to get full duplex data to a probe or analyzer:

♦ Connect the probe to a SPAN/mirror port. A SPAN/mirror port can provide

a copy of all designated traffic on the switch in real time, assuming
bandwidth utilization is below 50% of full capacity.

♦ Deploy an Aggregator TAP on critical full duplex links.
♦ Deploy a full duplex TAP on critical links to capture traffic. For some

types of traffic, such as full duplex gigabit links, TAPs are the only way to
guarantee complete analysis, especially when traffic levels are high.

♦ Traffic aggregators, like the Observer Matrix, allow you to copy and filter

full duplex traffic. Because full-duplex Ethernet links lies at the core of

Choosing between a SPAN, Aggregator, or full-duplex TAP

8 10/100 Copper nTAP (7 Feb 2018) — Archive/Non-authoritative version

most corporate networks, ensuring completely transparent analyzer access



to those links is critical.

Figure 1: TAP versus SPAN



Table 2. TAP versus SPAN

Pros Greatly reduces the risk of

Cons Analysis device may need

TAP SPAN/mirror port

dropped packets

Monitoring device receives
all packets, including physical
errors

Provides full visibility into full­duplex networks

dual-receive capture interface
if you are using a full-duplex
TAP (does not apply to the
Aggregator TAP family)

Additional cost with purchase
of TAP hardware

Cannot monitor intra-switch
traffic

Bottom line A TAP is ideal when analysis

requires seeing all the traffic,
including physical-layer errors.
A TAP is required if network
utilization is moderate to
heavy. The Aggregator TAP
can be used as an effective
compromise between a TAP
and SPAN port, delivering
some of the advantages

Low cost

Remotely configurable from
any system connected to the
switch

Able to copy intra-switch
traffic

Cannot handle heavily utilized
full-duplex links without
dropping packets

Filters out physical layer errors,
hampering some types of
analysis

Burden placed on a switch’s
CPU to copy all data passing
through ports

Switch puts lower priority on
SPAN port data than regular
port-to-port data

Can change the timing of
frame interaction altering
response times

A SPAN port performs well
on low-utilized networks or
when analysis is not affected
by dropped packets.

Choosing between a SPAN, Aggregator, or full-duplex TAP

Chapter 2: Why choose a TAP or SPAN port 9

TAP SPAN/mirror port

of a TAP and none of the
disadvantages of a SPAN port.

When to use a SPAN/mirror port

The advantage of using a SPAN/mirror port is its cost, as a SPAN/mirror port is
included for free with nearly every managed switch. A SPAN/mirror port is also
remotely configurable, allowing you to change which ports are mirrored from the
switch management console.

There are some limitations in using a SPAN/mirror port. Limitations of a SPAN/
mirror port stem from the aggregation necessary to merge full-duplex network
traffic into a single receive channel. For examples, when traffic levels on the
network exceed the output capability of the SPAN/mirror port, the switch is
forced to drop packets. Another reason that a SPAN/mirror port may not be the
right choice is because Layer 1 and 2 errors are not mirrored and therefore never
reach the analyzer. When performing network troubleshooting, seeing these
errors can be important.

When monitoring with a SPAN/mirror port on a switch, the switch does three
things:

♦ Copies both the send and receive data channels
♦ Reconstructs an integrated data stream from the two channels
♦ Routes the integrated signal to the send channel of the SPAN/mirror port

Each of these activities burdens the switch’s internal processor. These demands
on the switch’s CPU have implications for both your monitoring equipment and
general network performance. Using a SPAN/mirror port to capture network
traffic for analysis presents the following risks:

♦ As total bandwidth usage for both channels exceeds the capacity of the

outbound link to the analyzer, the excess traffic is dropped from the
analyzer stream. There simply is not enough bandwidth to transmit both
sides of the full-duplex traffic across a single standard interface.

♦ The switch’s CPU must act as both a network switch and a packet-copier.

The switch’s CPU must also integrate the two data streams (send and
receive) together correctly. Both packet copy/re-direction and channel
integration is affected by switch load. This means the SPAN/mirror port
may not deliver accurate captures when the switch is under heavy load.
Monitoring a 10/100 network through a Gigabit SPAN/mirror port and
analyzer does not alleviate these concerns. Also, there is no notification
when the SPAN/mirror port is dropping packets or delivering inaccurate
time stamps.

A SPAN/mirror port can deliver satisfactory results when used to monitor lightly
used, non-critical networks. If network utilization exceeds the capacity of the
outbound (analyzer) link, packet loss results—which invalidates many types of
analysis, and makes monitoring for certain kinds of network activity impractical.
For example, you might miss a virus signature because packets are being
dropped. When analyzing a transaction or connection problem, the analyzer may
detect problems where none exist because expected packets are being dropped
by the SPAN/mirror port. Hardware and media errors will also be impossible to
troubleshoot through a SPAN/mirror port, as these errors are not mirrored to the
analyzer.

Choosing between a SPAN, Aggregator, or full-duplex TAP

10 10/100 Copper nTAP (7 Feb 2018) — Archive/Non-authoritative version

Cloning your SPAN/mirror port

You can still access your SPAN/mirror port even if all of your SPAN/mirror ports
on your switch are used. This is fairly common, and you can use a TAP to produce
two copies of the SPAN/mirror port.

By cloning a SPAN/mirror port you get the benefits of a duplicate copy of the
traffic and no security risk.



Figure 2: Cloning your SPAN/mirror port



Joining SPAN/mirror ports

If you have a primary switch and a failover switch, you can connect both of them
to the Aggregator TAP. Connect one of them to Link A and the other to Link B.

It does not matter whether the primary switch is connected to Link A or Link B,
and you do not need to know which one is “live.” The Aggregator TAP joins the
active and inactive SPAN/mirror port session together and sends the result to
the analyzer. Regardless which switch is primary, the Aggregator TAP sends the
SPAN/mirror port data from that switch to the analyzers.

Choosing between a SPAN, Aggregator, or full-duplex TAP

Chapter 2: Why choose a TAP or SPAN port 11



Figure 3: Joining SPAN/mirror ports



When to use the Aggregator TAP

The Aggregator TAP offers a compromise between the SPAN/mirror port and
full-duplex TAP options. It costs more than a full-duplex TAP due to the added
complexity and memory requirements of its built-in buffer.

The Aggregator TAP does not require a specialized (and potentially more
expensive) analyzer with a dual-receive capture interface. Like a full-duplex TAP,
it is independent of the network, making it immune to security threats.

The Aggregator TAP includes an internal buffer to mitigate the bandwidth
problem associated with converging both sides of the full-duplex traffic from the
network into one side of the full-duplex link to the analyzer. The buffer is able to
cache some spikes in network utilization, but the Aggregator TAP drops packets
when the bursts of activity exceed its buffer capacity.

The Aggregator TAP is ideally suited to work with an analysis device with a
standard, single-receive capture interface or NIC. This means that a laptop or a
standard system can be deployed as an analyzer rather than the more expensive
specialized analyzers or appliances that are designed to accept full duplex traffic
through a dual-receive capture interface.

Just like a SPAN/mirror port, the Aggregator TAP is ideal for a lightly used
network that occasionally has utilization peaks above the capture capacity of the
analyzer. Unlike a SPAN/mirror port, the Aggregator TAP will forward Layer 1 and
2 errors to the analysis device.

Another advantage the Aggregator TAP has over a SPAN/mirror port session is its
internal memory buffer. The memory buffer provides limited protection against
packet loss, and if the network utilization does not regularly exceed the capacity
of the analyzer’s capture card, an Aggregator TAP may be the right choice.

The appropriate solution for capturing full-duplex data for analysis depends
on the rates of traffic you must monitor, and what level of visibility you
require. When monitoring a lightly-used network, using a SPAN/mirror port or
Aggregator TAP to supply an analysis device with a standard NIC (i.e., single­receive) interface can be an economical choice. The Aggregator TAP can provide

Choosing between a SPAN, Aggregator, or full-duplex TAP

12 10/100 Copper nTAP (7 Feb 2018) — Archive/Non-authoritative version

protection against packet loss, but if usage spikes exceed its buffer capacity
before the link to the analyzer can catch up, the Aggregator TAP drops packets.

To monitor a critical, heavily utilized full-duplex link, a full-duplex TAP is the only
alternative. Monitoring a full-duplex connection using a full-duplex TAP and an
analyzer with a dual-receive capture interface guarantees complete, full-duplex
capture for monitoring, analysis, and intrusion detection regardless of bandwidth
saturation.

When to use a full-duplex TAP

A full-duplex TAP is the only option guaranteeing all of the network traffic makes
it to the analysis device (including Layer 1 and 2 error information). Although
this can be the most expensive option, it is also the only option that guarantees
complete accuracy when the network is highly saturated.

A full-duplex TAP is more complex and potentially expensive to implement, but
where there is high network utilization and an importance to guarantee the
capture of “everything on the wire” along with errors from all network layers,
a full-duplex TAP is the only choice. If the analysis requires a high level of data
stream fidelity (for instance, looking for jitter in video or VoIP), only a full duplex
TAP forwards the original data timing to the analyzer.

Note: A full-duplex TAP must be coupled with a probe or monitoring device

capable of receiving both channels of a full-duplex signal and recombining
the two channels into a single data stream for analysis.

A full-duplex TAP is a passive mechanism that is installed between two network
devices. An Optical TAP is non-electronic (no power) and optically splits the
signal into two full-duplex signals. One signal maintains the network link, while
the other is passed to an analyzer equipped with a dual-receive capture card. A
Copper TAP performs the same function, but uses electronic circuitry to duplicate
the signals.

Because a full-duplex TAP copies both the send and receive channels from a
full-duplex link to the analyzer (where the data is integrated), the analyzer can
monitor a full-duplex network at line rate—assuming the capture card in the
analyzer is capable.

All TAPs from VIAVI, except the Aggregator TAP family, are full-duplex TAPs.

Choosing between a SPAN, Aggregator, or full-duplex TAP

Chapter 2: Why choose a TAP or SPAN port 13

Features

3

Chapter 3: Features



Key features of the 10/100 Copper nTAP include:

♦ Passive access without packet tampering or introducing a single point of

failure

♦ All traffic (including errors) is passed from all OSI layers for analyzing
♦ Enhanced security because the nTAP does not require or use an IP address,

making it undetectable compared to a SPAN

♦ Allows you to connect and disconnect the analysis device as needed

without taking the network down

♦ Fully IEEE 802.3 compliant
♦ Fully RoHS compliant
♦ Automatic link failover for devices that have an alternate path
♦ Optional redundant power ensures maximum monitoring uptime
♦ LEDs show power and link status
♦ Front-mounted connectors make installation simple
♦ Optional 19-inch 1U rack mount panel holds up to three nTAP

4

Chapter 4: Standard and Optional Parts

Parts

The 10/100 Copper nTAP comes with several parts. If any part is missing or
damaged, contact VIAVI immediately.

The 10/100 Copper nTAP ships with the following items:

♦ 10/100 Copper nTAP
♦ Quick Reference Card
♦ A/C power cord
♦ Voltage auto-sensing universal power supply

Your kit may also contain optionally available parts (for instance, patch cables).

10/100 Copper nTAP - 15

Installing

Prerequisite(s): 

5

Chapter 5: 10/100

Copper nTAP Installation

♦ Decide where to place the nTAP and physically mount it, if desired.

Depending on the form factor purchased, this may be in a drive bay, rack
mount bracket, or wherever it is most convenient.

♦ Keep the nTAP horizontal for efficient heat dissipation.
♦ The 10/100 nTAP must use straight-through cables. It cannot use crossover



The Copper TAP transmits the analyzer signals through a pair of 10/100/1000
BaseT RJ-45 ports (or 10/100 BaseT if a 10/100 Copper TAP model).

When traffic comes in to Link A, two copies are made in the TAP. One copy is sent
out Link B to the switch and the other copy is sent out Analyzer A to the analysis
device. A similar thing happens with traffic that comes in Link B. Two copies are
made. One copy is sent out Link A and the other copy is sent out Analyzer B. Due
to how the TAP is designed, it is not possible for traffic from the Analyzer side to
pass to the Link side.

cables.



Figure 4: Cabling the 10/100 Copper nTAP



Caution: Before you temporarily break the link between the device of

interest and the network, you may want to shut down access to that device
and notify users of the down time.

1. Ensure that power is connected to the nTAP. You can provide power to one
or both power supply sockets on the back panel of each nTAP. Connecting
both sockets to different external power sources provides fail-safe power
redundancy for the Analyzer side.

The network pass-through (Link side) remains unaffected even if power
to the nTAP is interrupted. If you do lose power, you will temporarily lose
connectivity while the devices renegotiate their connection. The analyzer side
will be down until power is reestablished, and during this time some packets
may be dropped.

2. Disconnect the cable from your device (typically a switch) and connect it to
Link B. You want to connect Link B first because it negotiates its network
speed first, and Link A then must use the same speed as Link B. If your link
is part of a failover or redundancy arrangement, then connect the failover
device to Link B.

3. Connect your network device (or primary device in a failover arrangement) to
Link A.

4. Connect the Analyzer ports on the TAP to the receiving ports of the
monitoring device.

See also: How do I connect my failover devices?.

For more details about cables, see Choosing crossover or straight-through cables.

Installing

Chapter 5: 10/100 Copper nTAP Installation 17

6

Chapter 6: LEDs and

connection sequence

The 10/100 Copper nTAP is passive. The 10/100 Copper nTAP supports Power over
Ethernet (PoE).

When the 10/100 Copper nTAP experiences power loss, the following occurs:

♦ If you are using a redundant power supply or the TAP is attached to an

uninterruptible power supply (UPS), it provides power with no loss of
network connection.

♦ If you are not using a redundant power supply or UPS, or power to both

power supplies is lost, then:

● The Analyzer ports stop working and the analysis device(s) connected

to the TAP will go “dark.”

● The TAP continues to pass data between the network devices

connected to it (firewall/router/switch to server/switch). In this sense
the TAP is passive.

● The network devices connected to the TAP on the Link ports must

renegotiate a connection with each other because the TAP has dropped
out. This may take a few seconds.

When turned on, the TAP performs a sequence of steps to determine whether its
link ports are connected to any devices, and what speeds and other capabilities
those devices have. The blinking pattern of the LEDs indicate which step of the
connection process the TAP is performing. The duration of each state depends on
the type of equipment attached to each port of the TAP. Here are the connection
steps, listed in the order they occur:

1. Capabilities search. Both link ports/connections on the TAP are attempting
to attach to their respective devices and determine a common speed and
other capabilities. The LED pattern is that the Speed LEDs flash (slower) and
the Link LEDs flicker (faster).

2. Connecting. The link parameters are attempting to connect using the
parameters determined during the capabilities search. The LED pattern is that
the TAP shows the connection speed while the Link LEDs continue to flicker.

3. Connected. Both link ports/connections are connected to the link partners at
a common speed. The Speed LED shows connection speed. The Link LEDs light
steadily (idle) or flicker depending on whether there is any traffic present. If a
Link LED is unlit, there is no functioning device connected to that port.

See How do I connect my failover devices? for details about what happens when
a primary device fails.

Chapter 6: LEDs and connection sequence 19

Chapter 7: Technical Specifications

Product dimensions, weight, power consumption, installed operating system,
RAM and details along with photos of the appliance.

Technical specifications

This section lists the dimensions, power requirements, supported media, and
environmental requirements.

7

Both power connectors are located on the back panel, along with the model
information and serial number.





Power requirements

AC Input 100-240V 50/60Hz 0.5A

Operational
Voltage

5V (+10%/-5%, < 100 mV ripple)

Operational Current Typical: <= 1.8 amps; Max: <= 2.8 amps

Power Dissipation Typical: 8 watt; Max: 14 watt

Environmental requirements

Temperature range 32°F - 113°F / 0°C - 45°C (operating): The fanless cooling design

relies on conduction and convection from the nTAP casing. Your
installation environment must provide enough cool airflow for
the nTAP casing to maintain an operating temperature less than
113°F/45°C.

-52° to +185°F / -47° to +85°C (storage)

Humidity 35-85% (non-condensing)

Supported media

Link ports Straight-through RJ-45 cable

Copper Analyzer

Straight-through RJ-45 cable

ports

Dimensions

Width 5.62 in/14.28 cm

Height 1.15 in/2.93 cm

Length 7.79 in/19.78 cm

Technical specifications

Chapter 7: Technical Specifications 21

Chapter 8: Troubleshooting

What happens if my TAP loses power?

The 10/100 Copper TAP, Optical-to-Copper Conversion, and Optical-to-Copper
Aggregator TAPs do not require any power on the Link ports. When a loss of
power occurs, the Analyzer ports stop working, but the Link ports stay connected
without any need for the endpoint devices to renegotiate their connection.

8

What latency does a TAP create?

Latency is created by the copper ports of a TAP. The latency is typically 200-250
nanoseconds. This is the time it takes to receive a packet, process and copy it, and
begin forwarding the copy.

Are the analyzer ports “send only”?

Yes, the analyzer ports are send only. The TAP is incapable of sending data from
the Analyzer side of the TAP to the Link (or network) side of the TAP.

The “A,” “B,” or “AB” ports on the Analyzer side of the TAP must be capable
of both transmitting and receiving data to negotiate a connection with the
analyzer and they do this through the physical interface. The physical interface
is responsible for negotiating a bi-directional connection with the analyzer and
unidirectionally sending data from the TAP to the analyzer.

There is no physical connection between the receive port on the Analyzer side of
the TAP and the TAP’s internal processor. Therefore, the TAP cannot transmit data
from the analyzer back to the Link side of the TAP.

Not seeing traffic at the analyzer from the TAP

If your TAP is not transmitting to the analyzer as you expect, check the following:

♦ The Link is definitely up and running.
♦ The cable connected to the analyzer functions properly. Use a different

cable to confirm this.

♦ The Ethernet/SPAN or Fiber channel is not diverted elsewhere.
♦ Try swapping the cables between the ports.
♦ The nTAP is receiving power using a VIAVI power adapter. The Link A and

Link B lights flash when there is traffic traversing through the nTAP, which
indicates the nTAP has power.

♦ If you are using a TAP with a GigaStor, ensure the driver configuration

speed is set correctly. Sometimes allowing it to auto-negotiate will enable
the connection.

♦ If the system you are monitoring is Linux or UNIX based, you may have an

issue with the Maximum Transmission Unit size. The TCP stack in the UNIX
system uses algorithms to produce an MTU based on response time from
SYN ACK. A small MTU forces a server and client to redo their handshake.
Increase the MTU on your server to alleviate this issue.

Can I “team” or bond NICs in my analyzer?

Yes, it is possible with some limitations. Sometimes it is desirable to use two
standard full-duplex capture cards to capture full-duplex TAP output for analysis.
Because a standard capture card port has only one receive channel you must
aggregate the receive channels from two ports to see both sides of the two-way
connection being monitored. Intel’s Advanced Network Services allows you to
team multiple connections at the driver level, presenting your analyzer with an
aggregated view of send and receive channels.

Because of the processing overhead and its effect on capture card performance,
this method is not recommended for monitoring moderate to highly saturated
links, such as those between switches. However, it can be an economical
alternative when monitoring more lightly used connections, such as between a
server and switch.

In addition to the bandwidth limitations, connection teaming is also less accurate
when timestamping packets, which can cause unexpected results when your
analyzer attempts to display certain charts and statistics such as Connection
Dynamics or VoIP jitter. You also will not be able to tell which side is DCE vs.
DTE. In short, if you do not have a dual-receive analysis capture card, it is always
better to analyze the SPAN or port mirror session through a standard capture
card rather than using the connection teaming method described here.

Note: You need at least one capture card that supports Advanced Network

Services. If the card has two ports, they can be teamed, otherwise another
capture card with an unused port must be present.

Not seeing traffic at the analyzer from the TAP

Chapter 8: Troubleshooting 23



Figure 5: Capture card teaming

This figure is for illustrative purposes and may not match your product.



1. Configure the IntelPro/1000 Driver Software to Define Teamed Connections.
For Ubuntu Linux instructions for port bonding, see the Ubuntu

documentation.

2. Connect the TAP to the analyzer using the appropriate cables.

The TAP is cabled between the devices being monitored normally (i.e., it
provides a pass-through circuit for the link under test). Instead of connecting
to a single dual-receive port (as is the preferred deployment), connect
the send lines to the transmit (TX) sides of the two ports you intend to
aggregate. You can team ports on separate cards as long as one of them is an
IntelPro card.

3. Open Network Connections by right clicking My Network Places on the
Windows Start menu and choosing Properties.

4. Right-click a Monitor Port from an IntelPro/1000 card (which one does not
matter) and choose Properties. Click the Teaming tab.

5. Choose the “Team with other adapters” option and then click New Team... to
start the New Team Wizard. The first dialog lets you name the Team (you may
want to call it something like “Virtual Dual-receive”).

6. Click Next and add another adapter/port that supports teaming (for example
the second port on a dual-port IntelPro card).

7. Click Next and choose Static Link Aggregation. This option works best for
aggregating both sides of a full duplex link for analysis. Click Next, and then
Finish.

The My Network Places display should now list the new virtual adapter.

How do I connect my failover devices?

When the device connected to Link B fails, the TAP disables Link A so that the
device on Link A can initiate its failover procedure.

The TAP then restarts its search phase. Until the Link B device is working again,
the TAP repeats the following steps:

1. Search.

2. Determine if Link A is up. If not, keep searching.

How do I connect my failover devices?

24 10/100 Copper nTAP (7 Feb 2018) — Archive/Non-authoritative version

3. If Link B is up, then re-establish the connection. If Link B is still down, then
shut down Link A.

4. Go to first step.



Figure 6: Cabling Failover Devices

This figure is for illustrative purposes and may not match your product.



Choosing crossover or straight-through cables

When choosing whether to use crossover or straight-through cables with a TAP,
consider the following:

♦ Crossover or straight-through cables can be used for any TAP having

copper ports; either type will operate perfectly. However, straight-through
cables are required for the 10/100 Copper TAP only.

♦ Most networking hardware supports Auto-MDIX, which electrically creates

a crossover connection where one is needed. For those devices, the proper
cable configuration is used automatically regardless of the connection
type.

♦ If you encounter any rare issue with cable choice and your TAP, test your

TAP with the opposite cable type and then contact VIAVI Support.

Typically, when a TAP is installed the existing cable that connects one device to
another is used as half of the link. That is, the existing cable connects one device
to the TAP and a new cable connects the TAP to the second device. The new,
second cable is generally a crossover cable. If the new cable is not a crossover
cable, then your endpoint devices may not be able to re-establish a connection if
the TAP loses power.

Symptom: The TAP and endpoint devices work fine while the TAP has power, but
when power is removed the endpoints do not reconnect as they should.

Cause: It is likely that you are using two straight-through cables. In other words,
the existing cable that connected your network devices is a straight-through
cable and the new cable you added is also a straight-through cable. This is not
a problem so long as the TAP has electricity because the TAP takes care of the
switching; however, when power is lost the TAP cannot perform the switching
and must rely on the cables themselves to do it. Straight-through cables are not
capable of Auto-MDIX, and because they are not the endpoint devices cannot
connect through the TAP. Another cause is that Auto-MDIX has been deliberately
turned off.

Solution: If Auto-MDIX is turned off in your network, enable it. If Auto-MDIX
is enabled, then at least one cable must be a crossover cable; both cannot be

Choosing crossover or straight-through cables

Chapter 8: Troubleshooting 25

straight-through cables. If you are using two straight-through cables, replace one
of them with a crossover cable.

I am seeing CRC errors on my network

If you are seeing an uncommonly high number of CRC errors, this could indicate
that there is an issue with the TAP, but it may also indicate that the TAP is fine
and there are other problems on your network. Contact VIAVI Technical Support
for assistance.

VLAN tags not visible at the analyzer

All TAPs pass VLAN tags with the packets. If you are not seeing the VLAN tags at
the analyzer, check the following:

♦ On the switch:

● Confirm that the SPAN was created to pass VLAN tags. Sometimes

SPANs are created and passing VLAN tags is not enabled.

● Confirm the communication between the switch and the router is

passing the VLAN tags (normally the communication between them is
not a trunk).

♦ On a GigaStor, if you are using one:

● Confirm the capture card has been enabled to receive or pass VLAN

tags.

Memory

Fully optical TAPs do not have internal memory or any electronic components and
are strictly a pass-through wherein a copy of the data is made. TAPs with any
copper connections have two distinct and separate memory stores.

The two memory stores are non-volatile memory and volatile memory. They are
not connected in any way and no data can move between them. The non-volatile
memory provides certain functions that make the device work and cannot be
modified or changed during normal operation of the device. Volatile memory
holds network data as it is copied and passed through the device. Turning off the
device clears any data in the volatile memory buffer.

Maximum frame size

The maximum frame size allowed through an nTAP is up to 16K; 64K super jumbo
frames are not supported.

Understanding why Link B is active when Link A is
offline

Link B is an active port. It is used to negotiate speeds for both Link A and Link B.

Applies to: Any copper-based nTAP.

When the main use of the nTAP is to monitor a server connection, Link A is for
the server and Link B is for the router or switch. This allows the server to use a

I am seeing CRC errors on my network

26 10/100 Copper nTAP (7 Feb 2018) — Archive/Non-authoritative version

redundant link if Link B goes down, and it keeps the router or switch active if the
server goes offline. Should Link A come back up, negotiations to get the link back
online are enhanced because Link B already has an active link.

As already stated, Link B is an active port. It is used to negotiate speeds for both
Link A and Link B. When you plug in Link A by itself, no negotiation occurs. If you
plug in Link B, it negotiates a link speed with whatever device is connected to
Link B. Then it negotiates with Link A at that speed. If Link A cannot use that
speed, it then negotiates with the end device on Link B at a different rate until a
compatible rate between the Link A device and Link B can be established.

One of the great advantages to having this capability is to use the nTAP to
replicate traffic to multiple devices and not use it strictly for pass through. For
example, when you use an aggregation nTAP and if you connect Link B to a SPAN,
you can then pass the SPAN traffic out the two analyzer ports and have two
copies of the SPAN traffic going to two different devices. You can have another
device receiving the SPAN data on Link A, and if you disconnect Link A, the SPAN
traffic for Link B still goes to the analyzer ports for monitoring.

An nTAP is not just for only passing bidirectional communication between Link
A and Link B and copying traffic to the two analyzer ports. Take advantage of
the active Link B port to daisy chain multiple TAPs together to receive multiple
sets of SPAN data streams and combine the multiple SPAN sessions into a single
stream. Without the ability for Link B to stay up if Link A were to go offline, you
lose this capability.

Understanding why Link B is active when Link A is offline

Chapter 8: Troubleshooting 27

9

Chapter 9: FCC compliance statement

Specification Certification

Emissions FCC Part 15 Class B

CE Mark EN61000-3-2, EN55024, EN55022A

This equipment has been tested and found to comply with the limits for a Class
B digital device, pursuant to part 15 of the FCC Rules. These limits are designed
to provide reasonable protection against harmful interference in a residential
installation. This equipment generates, uses and can radiate radio frequency
energy and, if not installed and used in accordance with the instructions, may
cause harmful interference to radio communications. However, there is no
guarantee that interference will not occur in a particular installation. If this
equipment does cause harmful interference to radio or television reception,
which can be determined by turning the equipment off and on, the user is
encouraged to try to correct the interference by one or more of the following
measures:

♦ Reorient or relocate the receiving antenna.
♦ Increase the separation between the equipment and receiver.
♦ Connect the equipment into an outlet on a circuit different from that to

which the receiver is connected.

♦ Consult the dealer or an experienced radio/TV technician for help.

10/100 Copper nTAP - 28

Index

Numerics

10/100 network 10
10/100 TAP 22

A

advantages

SPAN 6
aggregator 26
analyzer 23

auto-negotiation 23

cables 25

dual-receive capture card 6

no traffic from TAP 23

ports, unidirectional 22

single-receive capture card 6
auto-negotiation 23, 23

analyzer 23

B

bottleneck, SPAN 6
buffer 12

C

cables

analyzer 25
capture card 6, 26
choosing NIC, SPAN 23
cloning, SPAN 11
CRC errors 8, 26
crossover cables 25

D

daisy chain 26
DCE 23
DTE 23
dual receive analyzer 6
dual-receive capture card 6

F

failover 24
failover, SPAN 11
FCC Compliance Statement 28
full-duplex NIC 23
full-duplex TAP 6, 13

G

GigaStor 23, 26

H

half-duplex 5
half-duplex, SPAN 5

I

IntelPro 23

J

joining 11
joining, SPAN 11
jumbo frame 26

L

latency 22
light meter 23
Link A 26
Link B 26
link negotiation 26
Linux 23, 23

M

maximum frame size 26
Maximum Transmission Unit 23
mirror port, see SPAN 10
MTU 23

N

NIC teaming 23
NIC, see single-receive capture card and dual-receive
capture card 6
no traffic from TAP 23
no traffic from TAP , analyzer 23

O

Optical TAP 22
Optical-to- 22
OSI Layer 1 & 2 errors 5, 6, 12

SPAN 10

P

packets 8
port bonding 23
ports, unidirectional 22
ports, unidirectional, analyzer 22
power loss 22

R

Index 29

redundancy, see failover 24
redundant 26
Regulatory Compliance 28
risks, SPAN 10
runts 8

S

security 5
SFP modules 23
single-receive capture card 6

analyzer 6

SPAN 12
SPAN 6, 26

advantages 6

as bottleneck 6

choosing NIC 23

cloning 11

failover 11

half-duplex 5

joining 11

pros and cons 8

risks 10

single-receive capture card 12

VLAN tags 26
SPANOSI Layer 1 & 2 errors

OSI Layer 1 & 2 errors 10
straight-through cables 25
SYN ACK 23

T

TAP 26
TCP stack 23

U

UNIX 23

V

VLAN tags 26

W

when to use, SPAN 8

30 Index (7 Feb 2018) — Archive/Non-authoritative version