How it Works
Viavi
Loading...
17.1.1.1
User Manual
81 pgs1.31 Mb0
Table of contents
Loading...

Viavi 17.1.1.1 User Manual

Matrix Switch 17.1.1.4
User Guide
22 Nov 2016
Notice
Every effort was made to ensure that the information in this manual was accurate at the time of printing. However, information is subject to change without notice, and Viavi reserves the right to provide an addendum to this manual with information not available at the time that this manual was created.
Copyright
Copyright release
Reproduction and distribution of this guide is authorized for Government purposes only.
Terms and conditions
Specifications, terms, and conditions are subject to change without notice. The provision of hardware, services, and/or software are subject to Viavi standard terms and conditions, available at www.viavisolutions.com/terms.
Specifications, terms, and conditions are subject to change without notice. All trademarks and registered trademarks are the property of their respective companies.
Federal Communications Commission (FCC) Notice
This product was tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This product generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this product in a residential area is likely to cause harmful interference, in which case you will be required to correct the interference at your own expense.
The authority to operate this product is conditioned by the requirements that no modifications be made to the equipment unless the changes or modifications are expressly approved by Viavi.
Laser compliance
This device is a class 1 laser product.
Industry Canada Requirements
This Class A digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.
WEEE and Battery Directive Compliance
Viavi has established processes in compliance with the Waste Electrical and Electronic Equipment (WEEE) Directive, 2002/96/EC, and the Battery Directive, 2006/66/EC.
This product, and the batteries used to power the product, should not be disposed of as unsorted municipal waste and should be collected separately and disposed of according to your national regulations. In the European Union, all equipment and batteries purchased from Viavi after 2005-08-13 can be returned for disposal at the end of its useful life. Viavi will ensure that all waste equipment and batteries returned are reused, recycled, or disposed of in an environmentally friendly manner, and in compliance with all applicable national and international waste legislation.
It is the responsibility of the equipment owner to return equipment and batteries to Viavi for appropriate disposal. If the equipment or battery was imported by a reseller whose name or logo is marked on the equipment or battery, then the owner should return the equipment or battery directly to the reseller.
Instructions for returning waste equipment and batteries to Viavi can be found in the Environmental section of Viavi web site at http://www.viavisolutions.com. If you have questions concerning disposal of your equipment or batteries, contact Viavi WEEE Program Management team at WEEE.EMEA@viavisolutions.com.
Technical Support
North America 1.844.GO VIAVI / 1.844.468.4284
Latin America +52 55 5543 6644
EMEA +49 7121 862273
APAC +1 512 201 6534
All Other Regions viavisolutions.com/contacts
email customer.care@viavisolutions.com
Support hours are 7:00 A.M to 7:00 P.M. (local time for each office).

Table of Contents

Chapter 1: Getting Started............................................................................................7
Matrix overview................................................................................................................................7
Matrix technical specifications.................................................................................................... 9
How to connect Matrix to your network................................................................................ 11
How to set IPv4 network settings.............................................................................................11
How to set IPv6 network settings............................................................................................12
How to set the system time and date.....................................................................................12
Chapter 2: Layouts....................................................................................................... 14
Understanding layouts..................................................................................................................14
How to edit a layout................................................................................................................ 15
How to create an additional layout.....................................................................................15
How to activate a different layout......................................................................................16
How to import a layout............................................................................................................... 16
How to export a layout................................................................................................................17
Chapter 3: Ingress and Egress Ports.......................................................................... 18
How to connect ingress and egress ports.............................................................................. 18
How to connect a network port to a tool port................................................................18
How to connect many ports to the same rule................................................................. 19
How to define a tool port.......................................................................................................... 20
How to define a network port..................................................................................................20
How to set port link speeds....................................................................................................... 21
Chapter 4: Traffic Rules...............................................................................................22
Understanding rules...................................................................................................................... 22
How to create a rule................................................................................................................ 22
How to edit a rule.................................................................................................................... 23
How to apply a rule in an inactive layout......................................................................... 23
How to apply a rule in the active layout.......................................................................... 24
Chapter 5: Traffic Filters............................................................................................. 25
How to create a filter...................................................................................................................25
How to bind a filter to a rule.................................................................................................... 25
How to edit a filter.......................................................................................................................26
Understanding filters and filtering...........................................................................................26
Chapter 6: User Accounts and User Groups.............................................................. 28
How to set a user authentication scheme............................................................................. 28
How to authenticate locally.................................................................................................. 29
How to authenticate using LDAP.........................................................................................29
How to authenticate using Active Directory....................................................................30
How to authenticate using OMS......................................................................................... 30
How to authenticate using RADIUS.................................................................................... 30
How to authenticate using TACACS+..................................................................................30
How to change the administrator password..........................................................................31
How to add users........................................................................................................................... 31
How to edit a user.........................................................................................................................31
How to import users.....................................................................................................................32
How to delete a user....................................................................................................................32
How to add a user group............................................................................................................32
How to edit a user group............................................................................................................33
How to delete a user group....................................................................................................... 33
Chapter 7: Replication.................................................................................................34
How to replicate network traffic..............................................................................................34
Understanding network traffic replication.............................................................................35
Chapter 8: Aggregation and Speed Conversion.......................................................36
How to aggregate network links..............................................................................................36
Understanding network link aggregation...............................................................................37
How to perform speed conversion...........................................................................................38
Understanding speed conversion..............................................................................................38
Chapter 9: Load Balancing......................................................................................... 40
How to load balance.................................................................................................................... 40
How to load balance by conversation................................................................................40
How to load balance by packet volume............................................................................. 41
Understanding the load balancing process............................................................................42
Chapter 10: Packet Deduplication............................................................................. 44
How to deduplicate packets...................................................................................................... 44
How to direct the Matrix to identify duplicate packets............................................... 44
How to enable packet deduplication in a rule................................................................. 45
Understanding packet deduplication.................................................................................. 45
Chapter 11: Packet Trimming...................................................................................... 47
How to trim packets.....................................................................................................................47
Chapter 12: Firmware.................................................................................................. 49
How to upgrade the firmware.................................................................................................. 49
Chapter 13: Licensing....................................................................................................51
Understanding the licensing process........................................................................................51
4 Table of Contents (22 Nov 2016) — Archive/Non-authoritative version
How to request a new license............................................................................................... 51
How to re-license the appliance...........................................................................................52
Chapter 14: Troubleshooting...................................................................................... 53
Understanding logging in Matrix..............................................................................................53
How to view event logs......................................................................................................... 53
How to send Syslog messages..............................................................................................54
How to send SNMP traps.......................................................................................................54
Understanding log categories.................................................................................................... 55
Informational.............................................................................................................................. 56
Warning........................................................................................................................................58
Error.............................................................................................................................................. 60
Fatal...............................................................................................................................................67
Chapter 15: Service and Repairs.................................................................................68
How to handle sensitive data before and after repairs..................................................... 68
How to create a backup file..................................................................................................69
How to factory reset a connected Matrix.........................................................................69
How to factory reset a disconnected Matrix....................................................................70
How to restore the backup file............................................................................................ 70
How to transfer settings to a different Matrix..................................................................... 71
How to create a backup file................................................................................................... 71
How to restore the backup file.............................................................................................72
How to request a new license...............................................................................................72
How to re-license the appliance...........................................................................................73
How to decommission a Matrix............................................................................................74
Chapter 16: FAQ............................................................................................................75
SFPs.....................................................................................................................................................75
Which transceivers are supported?......................................................................................75
Can I mix the media type within a port block?............................................................... 75
Can I mix 1 Gb and 10 Gb within a port block?................................................................ 75
Does Matrix regenerate an optical signal?........................................................................76
Setup..................................................................................................................................................76
Can I use DHCP to configure IP addresses on Matrix?...................................................76
Is IPv6 support for the management port?...................................................................... 76
What time sync options are supported?............................................................................76
What third party databases for user authentication are supported?........................ 76
Can I connect any port to any port?...................................................................................76
Will Matrix link to a connection with on the RX signal connected?...........................76
I have several Matrix switches. Can I centrally manage them?................................... 76
Is DC power available?............................................................................................................ 76
“Invalid credentials” error when using DNS name.......................................................... 76
SNMP..................................................................................................................................................77
Can Matrix send SNMP traps?...............................................................................................77
Deduplication...................................................................................................................................77
Can I customize the deduplication fields?......................................................................... 77
What is the time gap used to identify duplicate packets?...........................................78
Table of Contents (22 Nov 2016) — Archive/Non-authoritative version 5
What is the number of packets or memory buffer time for determining duplicate
packets?........................................................................................................................................78
Load Balancing................................................................................................................................78
How is a conversation defined when load-balancing?.................................................. 78
Understanding load balancing after link loss................................................................... 78
Latency.............................................................................................................................................. 78
What is the latency for Matrix?........................................................................................... 78
How far back in time can I view utilization or packet error tracking?.......................79
Index............................................................................................................................. 80
6 Table of Contents (22 Nov 2016) — Archive/Non-authoritative version

Chapter 1: Getting Started

Learn how to Matrix operates and how it is installed. Then learn how to configure its network settings and set the system time.

Matrix overview

The Matrix is a network management switch that can filter, de-duplicate, trim and time stamp inbound traffic and replicate, aggregate, or load-balance outbound traffic before sending it to your network and security monitoring tools.
1
Figure 1: Matrix in your network
The Matrix can perform multiple operations on inbound data before it is transmitted out tool ports:
Filter traffic of interest to specific analysis devices: filters are
created using open source BPF Unix-based language and/or an intuitive
GUI interface. Filter traffic by variables, including clients or servers,
applications, packet length, or ports, and incorporate Boolean logic.
De-duplication: eliminate redundant packets to streamline monitoring
efficiency and reduce the amount of redundant data sent, analyzed, and
stored. Configurable de-duplication definitions gives you options (for
example: ignore MAC address pair, TTL, and more) to create de-duplication
rules for your environment.
Packet trimming: discarding portions of the packet, such as payload
data, for improved storage of data or to mitigate possible security/legal/
privacy concerns related to sensitive payload data retention.
Flexible packet time stamping: use a variety of sources, including GPS
time synchronization, IEEE 1588 Precision Time Protocol (PTP), or Network
Time Protocol (NTP).
Matrix overview
8 Matrix (22 Nov 2016) — Archive/Non-authoritative version
Outbound data can also be flexibly directed using:
Replication (one-to-many): Copying a single inbound stream to multiple
tool ports, great for transmitting identical data to distinct monitoring
appliances
Aggregation (many-to-one): Combining multiple streams of network
traffic into a single outbound stream for more efficient tool analysis
Load balancing (many-to-many): Apply dynamic routing via packet or
conversation to logically distribute network traffic to multiple tool ports;
extending the life of legacy monitoring devices and ensuring traffic spikes
do not result in oversubscription and/or dropped packets
These capabilities are managed using a drag-and-drop GUI that accelerates the Matrix configuration process by placing all traffic manipulation in a single rule block rather than scattering it across inbound and outbound ports. It also facilitates the display of network-tool interconnects and corresponding traffic operations that makes even the largest, most complex monitoring infrastructure straightforward to visualize and update. These rules are all managed in a central library for use by the entire monitoring team and can be imported or exported.
Matrix provides three user or product interfaces:
HTML5 web UI Command line interface (CLI) RESTful API: Designed into the product from its inception, the Matrix
RESTful API provides third-party solutions access to all the configuration
and management capabilities found in the web UI and CLI.

Matrix technical specifications

A Port Block
Speed
B Port Status Light that shows whether that specific port is active. When it blinks, there is traffic on the port.
C Port Block Group of four ports that are assigned a speed (for instance, 1 Gb or 10 Gb). All ports in the
D Power Press and hold for three seconds to turn the device ON or OFF.
E RESET/PWR/
MGMT
Light that indicates the speed for the port block. If no light is lit for the port block, that port block is unlicensed.
The faster the blinking, the faster the traffic. When it is dark, the port is not enabled.
port block must be of the same speed; it cannot have mixed speeds. The 10 Gb licenses float, meaning that if you insert a 10 Gb SFP+ into a port, that port block will be 10 Gb. If you license two 10 Gb port blocks, the first two port blocks with 10 Gb SFP+s in them are licensed at 10 Gb. If you insert a 10 Gb SFP+ into a third port block, it remains at 1 Gb and there will be a warning in the logs and web interface. If you remove one of the first two 10 Gb SFP+s, the third port block upgrades to 10 Gb. If you require mixed speeds, use 1 Gb in one port block and 10 Gb in a different port block. You can then combine them using rules and filters.
To reset to factory defaults, unplug the power cables. Press and hold the Power button. While holding the Power button, insert the power cable. Continue holding until the device beeps twice.
RESET: Reset button. Press to clear the memory and restart the device when the device is not responding. Use instead of turning off or unplugging the device if there is a problem or before restoring to factory defaults.
Matrix technical specifications
Chapter 1: Getting Started 9
PWR: Power. When solid green, both power supplies are functioning as expected. When solid orange, one of the power supplies is OFF or not functioning properly. Different from the PWR light on the rear of the device.
MGMT: Ethernet (management) port. When solid green, an Ethernet cable is connected. When unlit, no cable is connected and no changes can be made to the settings through either the web UI or CLI.
F Power
Redundant auto-selecting 100-240 volt power supplies are standard.
supplies
G MUTE Mute button to silence the alarm.
H RST Reset button. Use to clear the memory and restart the device when the device is not responding.
Use instead of turning off or unplugging the device if there is a problem or before restoring to factory defaults.
I PWR/RDY/
ALARM
PWR: Power. Different than the PWR light on the front of the case and useful when troubleshooting web or CLI interface connectivity issues. When solid green, the web and SSH servers are running. When unlit, no power is present for those servers.
RDY: Ready. This light indicates that the web server and SSH server are running so that the web UI and CLI are accessible. This light blinks during a factory reset; otherwise it is solid green.
ALARM: Alarm. When this green light flashes, the device is in an alarmed state (for example, failed power supply). There are no current alarms if the light is dark.
J MGMT Ethernet (management) port. Used when configuring the device, which is done through the web
user interface (HTTPS) or command line interface (SSH). The left light is solid yellow when an Ethernet cable is connected. The right light blinks green with activity.
K GPS Time
Port for attaching an optional Viavi GPS timing device. Synchronization System Port
Dimensions 19 in (W) x 1.73 in (H) x 18 in
48.26 cm (W) x 4.39 cm (H) x 45.72 cm
Power consumption
Input voltage: 100V-240V auto select
Input frequency: 50/60Hz
93w (317 Btu/h)
Weight 17 lbs (7.7 kg) Supported
media
Operating Temperature
32° F (0° C) to 104° F (40° C) Optical/Fiber Multimode or Single-mode
1 Gb (SX or LX)
10 Gb (SR, LR, ZR)
Humidity 35-85% (non-condensing) Copper 100/1000 Ethernet
1. Twinax cable must be 2 meters or shorter. Tested with Molex cables.
10 Gb Twinaxial (CX4)1
License The device is pre-licensed at the factory. The license enables
ports in blocks of four starting at port 1. It also indicates the number of blocks that are 10 Gb-capable. If you have eight ports licensed, you may only use ports 1-8. Ports 9-24 remain dark and unusable even if you insert an SFP module. If you need more ports or blocks of 10 Gb, you can request a license upgrade.
IP Address 192.168.1.10. Must use HTTPS in a web browser or SSH. HTTP will
fail.
Matrix technical specifications
10 Matrix (22 Nov 2016) — Archive/Non-authoritative version
Default User/ password
Self-signed certificate
admin/admin
Viavi uses a self-signed certificate. When connecting to the device, your web browser may issue a warning about the site being "untrusted" or that there is a problem with the "security certificate." This is a harmless message that may be ignored. You see that message because the site uses a self-signed certificate. See your web browser's documentation for adding the IP address as a trusted source.

How to connect Matrix to your network

Before you can configure or use the Matrix, you must complete the basic installation by connecting power cables and inserting SFP modules.
1. Insert the two power cables (F).
2. Connect an RJ-45 Ethernet cable to the MGMT port (J).
3. Insert the SFP or SFP+ modules into the ports (C).
4. Connect the appropriate network cables to the SFP or SFP+ modules.
5. Press the Power switch (D) on the front of the device.
The PWR and MGMT lights turn green to indicate the device is ready to use.
You successfully connected the device to your network.
Next, change the network settings.

How to set IPv4 network settings

The Matrix must be added to your network like other devices. Use the network settings page to set IPv4 settings for IP address and netmask, gateway, host name, and more.
The Matrix is an active network device (unlike a typical optical TAP for instance). The Matrix has a hardware address and requires an IPv4 address assignment to join your network. However, IPv6 can optionally be enabled and used side-by­side with IPv4—the matrix supports native dual-stack. Address assignments can be manually configured or dynamically assigned using DHCP or DHCPv6.
1. Starting in the dashboard, click System.
2. Click Network.
3. In Hostname, type a host name for the Matrix.
4. (Optional) Use DHCP for address assignments: a. Select DHCP.
The manual configuration settings become hidden.
b. Click Save.
DHCP is enabled. No further configuration is necessary.
5. In IP Address, type the IP address the Matrix must use.
6. In Netmask, type the full netmask associated with the chosen IP address.
7. In Gateway, type the IP address of the gateway the Matrix must use.
How to connect Matrix to your network
Chapter 1: Getting Started 11
8. In DNS Address 1, type the IP address of a DNS server.
The IPv4 address of at least one DNS server is required. If two servers are declared, the first server is used unless unreachable.
9. (Optional) In DNS Address 2, type the IP address of a DNS server.
10. Click Save.
You successfully added the Matrix to your network with IPv4 settings. The changes take effect immediately.

How to set IPv6 network settings

The Matrix must be added to your network like other devices. Use the network settings page to set IPv6 settings for IP address and prefix, gateway, host name, and more.
The Matrix is an active network device (unlike a typical optical TAP for instance). The Matrix has a hardware address and requires an IPv4 address assignment to join your network. However, IPv6 can optionally be enabled and used side-by­side with IPv4—the matrix supports native dual-stack. Address assignments can be manually configured or dynamically assigned using DHCP or DHCPv6.
1. Starting in the dashboard, click System.
2. Click Network.
3. In Hostname, type a host name for the Matrix.
4. In the IPv6 Settings area, select IPv6.
5. (Optional) Use DHCPv6 for address assignments: a. Select DHCPv6.
The manual configuration settings become hidden.
b. Click Save.
DHCPv6 is enabled. No further configuration is necessary.
6. In IPv6 Address, type the IPv6 address the Matrix must use.
7. In IPv6 Prefix, type the network prefix associated with the chosen IPv6 address.
8. In IPv6 Gateway, type the IPv6 address of the gateway the Matrix must use.
9. In IPv6 DNS Address 1, type the IPv6 address of a DNS server.
The IPv6 address of at least one DNS server is required. If two servers are declared, the first server is used unless unreachable.
10. (Optional) In IPv6 DNS Address 2, type the IPv6 address of a DNS server.
11. Click Save.
You successfully added the Matrix to your network with IPv6 settings. The changes take effect immediately.

How to set the system time and date

You can set or change how the current date and time is acquired. Doing so ensures log events have correct dates and times and that packet trailer timestamps are accurate.
How to set IPv6 network settings
12 Matrix (22 Nov 2016) — Archive/Non-authoritative version
The Matrix must acquire its time and date from a clock source.
To set which clock source acquires the system time and date:
1. Starting in the dashboard, click System.
2. Click General.
3. In the Clock Source list under System Time Configuration, click a clock source.
Clock source establishes the system time and is used for packet timestamping.
Set now to browser time No configuration is necessary, but any system's time is highly vulnerable to clock drift unless it uses an outside time synchronization source.
IEEE-1588 IEEE-1588 is the Precision Time Protocol (PTP) specification. An IEEE 1588-2008 server with an accurate time source can provide higher resolution and accuracy than NTP. The IEEE 1588-2008 master time server must be accessible on the same network subnet as the monitor port.
GPS Uses an external GPS connected to the GPS port on the rear of the device. Only GPS Time Synchronization System appliances sold by Viavi may be used. The GPS Time Synchronization System can provide the highest resolution and accuracy.
NTP Synchronizing with Network Time Protocol servers or pools can provide a low resolution, accurate time source. If NTP is chosen, one or
more NTP servers or pools must be defined.
If you select NTP, you must type an NTP server IP address in Server 1.
4. Click Save.
The clock source is set. Both the system time and date of the Matrix are set by the selected clock source.
How to set the system time and date
Chapter 1: Getting Started 13

Chapter 2: Layouts

Operation of your Matrix is configured in an arrangement called a layout. The layout defines port connections, speeds, and the rules in use. You can also import and export layouts.

Understanding layouts

2
Operation of your Matrix is configured in an arrangement called a layout. The layout defines port connections, speeds, and the rules in use.
For most users, the default layout is sufficient. In the default layout, they will set their port definitions, how network ports are connected to tool ports, and which rules are used and do little else. However, you may want or need to have additional layouts for prototyping.
Only one layout may be the active layout—with all other layouts being inactive —and because changes made to layouts are effective immediately, carefully consider any changes you make to your active layout.
Layouts are unlikely to change often, because after a layout is set and working, there is little need to change it. However, something in your environment may change that causes you to need to change your layout. Before changing the active layout, you may want to prototype the changes in an inactive layout.
Creating a new layout is the only way you can design new port connections or change port speeds and more without affecting active rules. In essence, a second or third layout can be used as a sandbox to ensure options are configured as you wish before moving the layout into production (in other words, promoted to be the active layout).

How to edit a layout

You can edit any layout without first activating it. This ensures any changes made do not immediately affect operation of the Matrix while you edit the layout.
Note: To edit the active layout (the layout currently in use), perform edits
directly from the Ports page. Edits to the active layout take effect in real time.
To edit an inactive layout:
1. Starting in the dashboard, click Ports.
The layout designer appears, where connections between network and tool ports can be created.
2. In the Layout list, select a layout.
3. Click the Actions list.
The Actions list is located near the top-right corner of the layout designer.
4. Click Edit.
5. Make your changes.
6. When you finish, close the Edit Layout browser window.
The layout automatically saves.
You successfully edited a layout without affecting the current operation of the Matrix.

How to create an additional layout

You can create a layout to quickly and radically change how your Matrix operates —similar to a preset. Rules and filters, which network ports are connected to which tool ports, link aggregation, load balancing schemes, traffic isolation, and more, can be simultaneously made active with a single change of a layout.
By default, the Matrix has an non-deletable layout named default. This default layout can be the only layout your organization uses and needs—you make changes to it and never use additional layouts. So although it is typically unnecessary to do so, you can create additional layouts.
1. Starting in the dashboard, click Ports.
The layout designer appears, where connections between network and tool ports can be created.
2. Click the Actions list.
The Actions list is located near the top-right corner of the layout designer.
3. Click Create New.
4. Type a name for the layout, and click OK.
A blank layout is created for editing. This is indicated by the new layout having no tool port assignments.
Understanding layouts
Chapter 2: Layouts 15
5. Assign at least one network port as a tool port by doing the following (repeat for more):
Until you assign tool ports for use, no connections can be created between network ports and tool ports. Because you can assign and reassign network ports and tool ports at any time, do not place too much importance on finding the right number of assignments immediately.
a. Double-click a network port. b. In the Type list, select Tool. c. (Optional) Type a name for the new tool port.
Giving names to ports can help when designing a layout. When naming a port, consider the purpose of the port or the devices connecting to it.
d. (Optional) In the Speed list, click a speed setting.
6. When you finish, close the Edit Layout browser window.
The layout automatically saves.
You successfully created an additional layout. The new layout can be customized, just as the default layout can be.

How to activate a different layout

After a layout is created, you can activate it at any time. Activating a layout immediately changes how the Matrix operates.
Tip! Only activate a saved layout if you understand how the layout affects
the operation of the Matrix. Understanding the layout can help ensure traffic is not forwarded to the wrong devices.
To switch which layout is currently active:
1. Starting in the dashboard, click Ports.
The layout designer appears, where connections between network and tool ports can be created.
2. In the Layout list, select a layout.
3. Click the Actions list.
The Actions list is located near the top-right corner of the layout designer.
4. Click Activate.
The selected layout is now active. All connections, rules, filtering, and more, in the layout are now actively in use.

How to import a layout

You can add a layout configuration by importing its file. The layout becomes part of your library.
To import a layout file:
1. Starting in the dashboard, click Ports.
The layout designer appears, where connections between network and tool ports can be created.
How to import a layout
16 Matrix (22 Nov 2016) — Archive/Non-authoritative version
2. Click the Actions list.
The Actions list is located near the top-right corner of the layout designer.
3. Click Import.
4. Click Browse.
5. Browse to a previously exported layout file using the dialog box and click Open.
6. Click OK.
You successfully imported the layout. The layout is now part of the Matrix and can be activated, edited, saved, and deleted. The imported file does not need to be kept.

How to export a layout

You can export a layout configuration for archival or backup, sharing, and importing on other Matrix appliances.
To export a layout to a file:
1. Starting in the dashboard, click Ports.
The layout designer appears, where connections between network and tool ports can be created.
2. In the Layout list, select a layout.
3. Click the Actions list.
The Actions list is located near the top-right corner of the layout designer.
4. Click Export.
A download begins in your browser.
5. Save the downloaded layout file to a suitable location.
You successfully exported a layout to a file. The file can be kept for archival, and it can be imported by other appliances.
How to export a layout
Chapter 2: Layouts 17
3

Chapter 3: Ingress and Egress Ports

A network port is an ingress port that accepts network traffic. A tool port is an egress port that forwards network traffic to analysis tools. The connections must be made between (ingress) network ports and (egress) tool ports before rules can take effect.

How to connect ingress and egress ports

Connections must be made between (ingress) network ports and (egress) tool ports before rules can take effect.
There are no dedicated ingress and egress ports in the Matrix; all physical ports can assume either one of these roles. You, an administrator, can designate a physical port as either a (ingress) network port or (egress) tool port by using the web interface (dashboard) or command line interface (CLI).

How to connect a network port to a tool port

Connecting one network port to one tool port establishes a network path between the two. Packets entering the network port are forwarded to the tool port and any devices connected to it.
To connect a network port to a tool port:
1. Starting in the dashboard, click Ports.
The layout designer appears, where connections between network and tool ports can be created.
2. Use a drag-and-drop operation to connect a network port to a tool port.
Successful connections are represented by lines between the ports and the appearance of an empty rule. The empty rule is a placeholder for introducing options such as filtering.
You successfully connected a network port to a tool port. In this basic configuration, assuming the empty rule is unmodified, every packet entering the network port is forwarded to the tool port unchanged. And because the connection exists, you can now introduce packet processing in the form of rules —changing both how and what packets are forwarded to the tool port.

How to connect many ports to the same rule

Multiple network ports and tool ports can be connected to the same instance of a rule. For example, doing so determines if aggregation or replication (or both) are used in a layout configuration.
More than just for aggregation and replication of traffic, connecting multiple ports to the same rule creates additional benefits:
Ability to use load balancing Ability to apply the same filtering across several network links Ability to append packet trailers to packets arriving from various network
links
Ability to resize ingress packets from multiple network links before
forwarding (packet trimming)
Note: To edit the active layout (the layout currently in use), perform edits
directly from the Ports page. Edits to the active layout take effect in real time.
To connect multiple network ports or tool ports to the same rule:
1. Starting in the dashboard, click Ports.
The layout designer appears, where connections between network and tool ports can be created.
2. In the Layout list, select a layout.
3. Click the Actions list.
The Actions list is located near the top-right corner of the layout designer.
4. Click Edit.
5. Use a drag-and-drop operation to connect a network port to a tool port.
Successful connections are represented by lines between the ports and the appearance of an empty rule. The empty rule is a placeholder for introducing options such as filtering.
6. Use a drag-and-drop operation to connect additional network ports or tool ports to the same rule.
Depending on how many network ports or tool ports you connected to the rule, the results are different:
By connecting multiple network ports to the rule, you are aggregating
those network links.
By connecting multiple tool ports to the rule, you are replicating traffic (if
load balancing is disabled).
How to connect ingress and egress ports
Chapter 3: Ingress and Egress Ports 19

How to define a tool port

Tool ports forward post-processed traffic to the devices connected to them. You must define which physical ports are to be used as tool ports.
There are no dedicated ingress and egress ports in the Matrix; all physical ports can assume either one of these roles. You, an administrator, can designate a physical port as either a (ingress) network port or (egress) tool port by using the web interface (dashboard) or command line interface (CLI).
To define a tool port in a layout:
1. Starting in the dashboard, click Ports.
The layout designer appears, where connections between network and tool ports can be created.
2. Double-click a network port.
Network ports are always located leftmost in a layout.
Options appear for this port.
3. In the Type list, click Tool.
The appliance ports can change modes of operation.
Network Port Ingress port that accepts network traffic
Tool Port Egress port that forwards network traffic to tools and analyzers
4. Click OK.
You successfully defined a tool port. When connections are made between it and network ports, network traffic egresses from the port.

How to define a network port

By default, a new layout is comprised entirely of network ports. After establishing some tool ports, you may want to change those tool ports back to network ports in the future.
There are no dedicated ingress and egress ports in the Matrix; all physical ports can assume either one of these roles. You, an administrator, can designate a physical port as either a (ingress) network port or (egress) tool port by using the web interface (dashboard) or command line interface (CLI).
Note: These steps require at least one tool port is defined in the layout.
To define a network port in a layout:
1. Starting in the dashboard, click Ports.
The layout designer appears, where connections between network and tool ports can be created.
2. Double-click a tool port.
Tool ports are always located rightmost in a layout.
Options appear for this port.
3. In the Type list, select Network.
The appliance ports can change modes of operation.
How to define a tool port
20 Matrix (22 Nov 2016) — Archive/Non-authoritative version
Network Port Ingress port that accepts network traffic
Tool Port Egress port that forwards network traffic to tools and analyzers
4. Click OK.
You successfully defined a network port. When connections are made between it and tool ports, network traffic is forwarded to tool ports.

How to set port link speeds

You can set the link speed of ports to better accommodate connected devices. Doing so is particularly useful when a 10 Gb optical SFP+ needs to interface with a 1 Gb optical device, for example.
To set the port link speed of a network or tool port:
1. Starting in the dashboard, click Ports.
2. Right-click a port.
3. In the Set Speed submenu, click a speed setting.
The port is operating at the chosen speed.
The entire four port block now operates at the chosen speed.
How to set port link speeds
Chapter 3: Ingress and Egress Ports 21

Chapter 4: Traffic Rules

Rules modify how and what packets are forwarded from network ports to tool ports. Rules contain filters and set options like trailers, load balancing, and packet deduplication, but rules only take effect when connected to ports.

Understanding rules

4
Rules modify how and what packets are forwarded from network ports to tool ports. Rules contain filters and set options like trailers, load balancing, and packet deduplication, but rules only take effect when connected to ports.
A rule is necessary to establish connections between network ports and tool ports. Without a rule to establish the connection, no packets entering network ports can be forwarded to tool ports. This convention applies to all connections between network ports and tool ports regardless of how you design your layouts.
At minimum, a working network path between a network port and tool port can be made by connecting both ports to an "empty" rule. Empty rules establish a connection yet do not change the behavior of what is forwarded to tool ports and what ultimately egresses from them.

How to create a rule

You can create a rule to control how connected network ports and tool ports interact. Use the rule to establish filtering and other options like load balancing, packet deduplication, and more.
Tip! A new, empty rule is created by connecting a network port to a tool
port. This is a shortcut for creating new rules.
To create a rule:
1. Starting in the dashboard, click Rules.
The rules and filters designer appears, where rules and filters can be created and edited.
2. Ensure the Rules tab is selected.
3. Click New.
The rule opens and is ready to edit.
4. Make your changes.
5. Click Save.
You successfully created a rule. Whenever this rule is used to connect network ports to tool ports, the logic is applied.

How to edit a rule

You can edit a rule to change which filter is bound to it or to configure options.
Tip! You can also edit by double-clicking rules in a layout.
To edit a rule:
1. Starting in the dashboard, click Rules.
The rules and filters designer appears, where rules and filters can be created and edited.
2. Ensure the Rules tab is selected.
3. Click a rule from the list.
The rule opens and is ready to edit.
4. Make your changes.
5. Click Save.
You successfully edited a rule and saved the changes. If the rule is in use by the active layout, the changes take effect immediately.

How to apply a rule in an inactive layout

Applying a rule between established connections in an inactive layout causes the rule to take effect whenever the layout becomes active. Doing so changes how and what packets are forwarded to tool ports connected to the rule.
Prerequisite(s):
These steps require that at least one rule (empty or otherwise) exists in the target layout.
Tip! A new, empty rule is created by connecting a network port to a tool
port. This is a shortcut for creating new rules.
To apply a rule in an inactive layout:
1. Starting in the dashboard, click Ports.
The layout designer appears, where connections between network and tool ports can be created.
Understanding rules
Chapter 4: Traffic Rules 23
2. In the Layout list, select a layout.
3. Click the Actions list.
The Actions list is located near the top-right corner of the layout designer.
4. Click Edit.
5. Right-click a rule.
6. In the Apply Rule submenu, click Select and click a rule.
All of your created rules are in this submenu.
7. When you finish, close the Edit Layout browser window.
The layout automatically saves.
You successfully applied a rule in an inactive layout. When the layout is made active, your rule takes effect.

How to apply a rule in the active layout

Applying a rule between established connections in the active layout causes the rule to take effect immediately. Doing so changes how and what packets are forwarded to tool ports connected to the rule.
Prerequisite(s):
These steps require that at least one rule (empty or otherwise) exists in the target layout.
Tip! A new, empty rule is created by connecting a network port to a tool
port. This is a shortcut for creating new rules.
To apply a rule in an active layout:
1. Starting in the dashboard, click Ports.
The layout designer appears, where connections between network and tool ports can be created.
2. Right-click a rule.
3. In the Apply Rule submenu, click Select and click a rule.
All of your created rules are in this submenu.
You successfully applied a rule in an active layout. Your applied rule takes effect immediately.
Understanding rules
24 Matrix (22 Nov 2016) — Archive/Non-authoritative version

Chapter 5: Traffic Filters

Traffic filters function as a part of Matrix (page 22) and ensure only specific traffic reaches your analysis tools.

How to create a filter

You can choose what network traffic reaches your analysis tools. Use filters to ensure that only packets with certain characteristics are forwarded to tool ports.
5
To create a filter:
1. Starting in the dashboard, click Rules.
The rules and filters designer appears, where rules and filters can be created and edited.
2. Ensure the Filters tab is selected.
3. Click New.
The filter opens and is ready to edit.
4. Make your changes.
5. Click Save.
You successfully created a filter. The filter determines what packets are forwarded (or not forwarded) to tool ports and ultimately the devices connected to them.
For the filter to take effect, you must bind it to a rule and apply the rule in a layout.

How to bind a filter to a rule

Before a filter can take effect, you must bind the filter to a rule. The filter takes effect when the rule is applied in a layout.
Loading...
+ 56 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use