manualshive.com logo in svg

Black Box TS250A, Manual, Page: 8 / 64

Share
Download
Black Box TS250A Manual Download Page 8

Security, convenience, and dependability
Chapter 1 TAPs Overview

8

rev. 1

Thank you for purchasing the TAP: the most robust, secure, and 
convenient mechanism for network analyzers and similar devices to 
copy data streams from high-capacity network links. 

A network Test Access Port (TAP) provides access to the data streams 
passing through a high-speed, full-duplex network link (typically 
between a network device and a switch. The TAP copies both sides of 
a full-duplex link (copper or optical, depending on type of TAP), and 
sends the copied data streams to an analyzer, probe, intrusion 
detection system (IDS) or any other passive analysis device. There are 
different TAP models available to monitor both copper and optical 
links.

Security, convenience, and dependability

The security and convenience of a TAP makes it preferable to inline 
connections for network analysis and intrusion detection and 
prevention (IDS/IPS) applications. Because a TAP has no address on 
the network, the TAP and the analyzer connected to it cannot be the 
target of a hack or virus attack. TAPs are economical to install, 
allowing you to leave them permanently deployed. This allows you to 
connect and disconnect the analysis device as needed without 
breaking the full-duplex connection, much like plugging in an 
electrical device.

A TAP is also preferable to using a switch’s SPAN/mirror port to copy 
the data stream. Unlike the SPAN/mirror port, a TAP will not filter 
any errors from the data stream. Also, because a SPAN/mirror port is a 
half-duplex link (that is, a send-only “simplex” data stream), it has the 
capacity to transmit only half of a fully-saturated link. Additionally, a 
TAP does not use any of the switch’s CPU resources.

Deciding whether to use a TAP or a SPAN/mirror port

A TAP is a passive splitting mechanism installed between a device of 
interest and the network. A TAP copies the incoming network traffic 
and splits it. It passes the network traffic to the network and sends a 
copy of that traffic (both send and receive) to a monitoring device in 
real time. A switch cannot pass physical layer errors (poorly formed 
packets, runts, CRCs) to the analyzer, but a TAP will.

Summary of Contents for TS250A

Page 1: ... U S Call 877 877 BBOX outside U S call 724 746 5500 FREE technical support 24 hours a day 7 days a week Call 724 746 5500 or fax s AILING ADDRESS LACK OX ORPORATION 0ARK RIVE AWRENCE 0 s 7EB SITE WWW BLACKBOX COM s MAIL INFO BLACKBOX COM Customer Support Information ARCH codes codes codes codes codes codes ETWORK 4 0S 4EST CCESS 0ORTS 43 2 43 43 43 2 43 43 43 43 43 43 43 ...

Page 2: ......

Page 3: ...to operate the equipment This digital apparatus does not exceed the Class A limits for radio noise emission from digital apparatus set out in the Radio Interference Regulation of Industry Canada Le présent appareil numérique n émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe A prescrites dans le Règlement sur le brouillage radioélectrique ...

Page 4: ... aparato 12 Precaución debe ser tomada de tal manera que la tierra fisica y la polarización del equipo no sea eliminada 13 Los cables de la fuente de poder deben ser guiados de tal manera que no sean pisados ni pellizcados por objetos colocados sobre o contra ellos poniendo particular atención a los contactos y receptáculos donde salen del aparato 14 El equipo eléctrico debe ser limpiado únicament...

Page 5: ...rts LEDs and power connectors 22 Interpreting the Link and Speed LEDs 23 10 100 TAP 23 10 100 1000 TAP 24 Technical specifications 26 Chapter 3 Optical TAPs Major features 28 Standard and optional parts 28 Installing the Optical TAP 29 Attenuation 31 Attenuation and TAPs 31 Determining the best split ratio for you 32 Attenuation and optical cables 38 Managing attenuation 39 Technical specification...

Page 6: ...oes a TAP create 52 Are the analyzer ports send only 52 Can I daisy chain an Aggregator TAP 52 Can I team NICs in my analyzer 53 How do I connect my failover devices 55 Not seeing traffic at the analyzer from the TAP 56 Choosing crossover or straight through cables 57 I am seeing CRC errors on my network 57 VLAN tags not visible at the analyzer 58 Index 59 ...

Page 7: ...Chapter 1 TAPs Overview 7 rev 1 Chapter 1 TAPs Overview ...

Page 8: ...TAP and the analyzer connected to it cannot be the target of a hack or virus attack TAPs are economical to install allowing you to leave them permanently deployed This allows you to connect and disconnect the analysis device as needed without breaking the full duplex connection much like plugging in an electrical device A TAP is also preferable to using a switch s SPAN mirror port to copy the data...

Page 9: ...itches copy the activity of one or more ports through a Switch Port Analyzer SPAN port also known as a mirror port An analysis device can then be attached to the SPAN port to access network traffic Use Figure 1 and Table 1 to determine whether to use a TAP or a SPAN mirror port Figure 1 TAP versus SPAN ...

Page 10: ...w cost Monitoring device receives all packets including physical errors Remotely configurable from any system connected to the switch Provides full visibility into full duplex networks Able to copy intra switch traffic Cons Analysis device may need dual receive capture interface if you are using a full duplex TAP does not apply to Aggregator TAPs Cannot handle heavily utilized full duplex links wi...

Page 11: ...alysis device to a switch s analyzer port SPAN mirror port to monitor a full duplex link Because a SPAN mirror port is a send only simplex stream of data there is a potential bottleneck when trying to mirror both sides of a full duplex link to the analyzer s single receive Table 2 Span vs Aggregator vs Full duplex TAPs Aggregator SPAN Mirror Full Duplex Requires power 1 May drop packets 2 Uses sin...

Page 12: ... duplex link For more details see When to use a full duplex TAP on page 17 When to use a SPAN mirror port The advantage to using a SPAN mirror port is its cost as a SPAN mirror port is included for free with virtually every managed switch A SPAN mirror port is also remotely configurable allowing you to change which ports are mirrored from the switch management console Limitations of a SPAN mirror ...

Page 13: ...opy re direction and channel integration is affected by switch load This means the SPAN mirror port may not deliver accurate captures when the switch are under heavy load Monitoring a 10 100 network through a gigabit SPAN mirror port and analyzer does not alleviate these concerns Also there is no notification when the SPAN mirror port is dropping packets or delivering inaccurate time stamps A SPAN...

Page 14: ...ccess your SPAN mirror port even if all of your SPAN mirror ports on your switch are used This is fairly common and you can use a TAP to produce two or three copies of the SPAN mirror port By cloning a SPAN mirror port you get the benefits of a duplicate copy of the traffic and no security risk Figure 2 Cloning your SPAN mirror port ...

Page 15: ...oining SPAN mirror ports When to use an Aggregator TAP An Aggregator TAP makes a good compromise between the SPAN mirror port and full duplex TAP options It costs more than a full duplex TAP due to the added complexity and memory requirements of its built in buffer But it does not require a specialized and potentially more expensive analyzer with a dual receive capture interface Like a full duplex...

Page 16: ...lysis device Another advantage the Aggregator TAP has over a SPAN mirror port session is its internal memory buffer The memory buffer provides limited protection against packet loss and if the network utilization does not regularly exceed the capacity of the analyzer s capture card an Aggregator TAP may be the right choice The appropriate solution for capturing full duplex data for analysis depend...

Page 17: ...d optically splits the full duplex signal into two full duplex signals One signal maintains the network link while the other is passed to an analyzer equipped with a dual receive capture card A copper TAP performs the same function but uses electronic circuitry to duplicate the signals Because a full duplex TAP copies both the send and receive channels from a full duplex link to the analyzer where...

Page 18: ...Chapter 2 Copper TAPs 18 rev 1 Chapter 2 Copper TAPs ...

Page 19: ...ptime All traffic including errors is passed from all OSI layers for troubleshooting Enhanced security because the TAP does not require or use an IP address which makes it and the analyzer connected to it impervious to viruses and other attacks LEDs show power and link status Optional 19 inch rack frames hold up to three TAPs Front mounted connectors make installation simple Fully IEEE 802 3 compl...

Page 20: ...ecide where to place the TAP and physically mount it if desired This will be in a PC drive bay rack mount bracket or wherever it is most convenient For efficient heat dissipation keep the TAP horizontal Use standard Ethernet cables with RJ 45 connectors to complete the pass through connection between the device of interest and the network The 10 100 TAP must use straight through cables It cannot u...

Page 21: ...st and the network you may want to shut down access to that device and notify users of the down time 1 Ensure that power is connected to the TAP You can supply power to one or both power supply sockets on the back panel of each TAP Connecting both sockets to different external power sources provides fail safe power redundancy for the Analyzer side The network pass through Link side remains unaffec...

Page 22: ...ou are attempting to connect to a device with a 1000 Mb NIC and your 10 100 TAP is not linking this is likely due to the auto negotiation feature To allow the TAP to connect you must force the NIC in your device to 100 Mb full duplex Ports LEDs and power connectors This section provides a brief overview of installing the TAP and understanding the status LEDs The front panel will differ slightly de...

Page 23: ...n the 10 100 and 10 100 1000 TAPs 10 100 TAP The 10 100 TAP is passive which means no packets are lost or delayed if power is lost The 10 100 TAP supports Power over Ethernet PoE When powered up the TAP performs a sequence of steps to determine whether its link ports are connected to any devices and what speeds and other capabilities those devices have The blinking pattern of the LEDs indicate whi...

Page 24: ...wer with no loss of network connection If you are not using a redundant power supply or UPS or power to both power supplies is lost then The Analyzer ports stop working and the analysis device s connected to the TAP will go dark The TAP continues to pass data between the network devices connected to it firewall router switch to server switch In this sense the TAP is passive The network devices con...

Page 25: ...d to that port See How do I connect my failover devices on page 55 for details about what happens when a primary device fails Error conditions are shown by the Speed LEDs for approximately 10 seconds after which the TAP resets itself goes back to the Search connection step Table 3 Errors LED Pattern Error Condition The Speed LED lights repeat the following sequence 10 100 1000 No Common Speed Ther...

Page 26: ...V 10 5 100 mV ripple Operational Current Typical 1 8 amps Max 2 8 amps Power Dissipation Typical 8 watt Max 14 watt Environmental requirements Temperature range 32o 120o F 0o 55o C Operating 32º 167º F 0o 75o C Storage Humidity 35 85 non condensing Supported media Link ports 10 100 Straight through RJ 45 cable 10 100 1000 Straight through RJ 45 cable or crossover cable Analyzer ports 10 100 Straig...

Page 27: ...Chapter 3 Optical TAPs 27 rev 1 Chapter 3 Optical TAPs ...

Page 28: ...nhanced security because the TAP does not require or use an IP address which makes it and the analyzer connected to it impervious to viruses and other attacks Optional 19 inch rack frames hold up to three TAPs Front mounted connectors make installation simple Fully RoHS compliant Standard and optional parts Carefully unpack the TAP and check for damaged or missing parts The TAP ships with the foll...

Page 29: ...r it is most convenient Use the TAP cables you purchased or your own optical patch cables to complete the pass through connection between the device of interest and the network Connect the TAP to your analyzer or other monitoring device Be certain to connect to the receive ports on the two NICs in your analyzer These steps are described in more detail in the sections that follow An Optical TAP spl...

Page 30: ...of the down time 1 Disconnect the optical cable from the switch and connect it to the TAP s Link B port 2 Use another full duplex optical cable to connect the server router firewall or switch to the TAP s Link A port thus completing the pass through link 3 Use a Y cable i e a splitter cable to connect the TAP s Analyzer port to the receive sockets on your analyzer s capture interface Be certain to...

Page 31: ...affected by fiber and other optical elements on a network and how it can be efficiently managed Attenuation is the reduction of signal strength during transmission caused by the absorption of light from the materials through which it travels Greater signal loss equals higher attenuation A signal can lose intensity or experience increased attenuation with each surface or medium it traverses Many fa...

Page 32: ...e an alternative ratio in order to meet signal power needs For example if a TAP is cabled close to the analyzer NIC and the link under test requires a long cable run you may want to provide more light power back to the network than to the monitoring device If you do choose a ratio other than 50 50 keep in mind that the signal has to be strong enough for it to be interpreted at the analyzer Determi...

Page 33: ...ller portion is the light power for the analyzer As long as there is sufficient light power all data is still sent to the analyzer regardless of the split ratio chosen Table 5 Maximum insertion losses Maximum Insertion Losses in Decibels Multimode 50 micrometer Multimode 62 5 micrometer Single Mode 9 micrometer Split Ratio1 1 The ratio is network analyzer So a 70 30 connection has 70 of the light ...

Page 34: ...termine the loss caused by attenuation See Table 5 for values to assist you If your cables are less than one kilometer convert your cable length for the equation Number of Connectors Connector Loss Fiber Length of Link A Fiber Loss Fiber Length of Link B Fiber Loss Attenuation 3 Subtract the output from step 2 from step 1 Power Loss Budget Attenuation Actual Loss If the actual loss is less than th...

Page 35: ...tenuation Actual Loss 7 Repeat step 4 through step 6 for Link B to the analyzer For example Figure 8 shows cable lengths to the TAP from the network devices and from the TAP to the analyzer Using these cable lengths and some information from the device manufacturers you can determine the power loss Figure 8 Cable lengths to from the TAP The equations here are examples of how to calculate a power l...

Page 36: ...k A Link B Send Device Power 9 000 Receive Device Sensitivity 19 5 Power Loss Budget 10 500 Number of Connectors 4 0 Connector Loss1 1 Multimode x 0 5 Connector Loss 2 0 Fiber Length Link A 8 meters 0 008 Fiber Loss Link A2 2 850nm multimode x 3 0 Fiber Loss Link A total 0 024 Fiber Length Link B 40 meters 0 04 Fiber Loss Link B x 3 0 Fiber Loss Link B total 0 120 Attenuation 2 144 Power Loss Budg...

Page 37: ...ge 33 All others do not provide enough light power to the analyzer Link A Analyzer Send Device Power 9 000 Receive Device Sensitivity 17 5 Power Loss Budget 9 000 Number of Connectors 4 0 Connector Loss1 1 Multimode x 0 5 Connector Loss 2 0 Fiber Length Link A 8 meters 0 008 Fiber Loss Link A2 2 850nm multimode x 3 0 Fiber Loss Link A total 0 024 Fiber Length to Analyzer 75 meters 0 075 Fiber Loss...

Page 38: ...to use a specific cable type Examples include single mode for LX or LR and multimode for SX or SR Multimode cable has a larger core diameter than single mode cable resulting in greater light dispersion Unless the cable run is extremely long the signal attenuation for both cable types is minor contributor to the power loss budget However multimode cable does cause higher signal attenuation than sin...

Page 39: ...travel a long distance or is compromised by patch panels there should not be a problem using the 50 50 split ratio The most efficient and cost conscious way to manage attenuation is to measure signal levels throughout the network and place repeaters only when and where they are needed To determine if a light signal is at an acceptable level at any point on a network it is helpful to use an optical...

Page 40: ...ting 52 to 185 F 47 to 85 C storage Humidity 35 85 non condensing Supported media Fiber Multimode or Single Mode Connector LC Fiber diameter Multimode 50 or 62 5 125 micrometers μm Single Mode 9 125 micrometers Wavelength ranges Multimode 850 or 1300 nanometers Single Mode 1310 or 1550 nanometers Wavelength tolerance ranges 850 1300 Dual window Multimode 20 nanometers 1310 or 1550 Dual window Sing...

Page 41: ...Chapter 4 Aggregator TAPs 41 rev 1 Chapter 4 Aggregator TAPs ...

Page 42: ...lack Box TAPs are Passive access at 10 100 1000 Mbps without packet tampering or introducing a single point of failure No packet loss if the TAP loses power Automatic link failover for devices that have an alternate path Allows you to connect and disconnect the analysis device as needed without taking the network down Optional redundant power ensures maximum monitoring uptime All traffic including...

Page 43: ...ur network utilization is before you decide to use an Aggregator TAP If your network utilization is too high an Aggregator TAP may not be the correct solution for you The internal buffer helps absorb traffic spikes of over 50 full duplex bandwidth saturation 100 when both data streams are combined because the analyzer s single receive interface is limited to line rate and the amount of data on the...

Page 44: ...their connections independent of each other This means that the Link network side can be at a speed slower than or up to the same speed as the Analyzer side It cannot be faster than the Analyzer side This is true whether you use a copper or optical connection to the analyzer For instance if your Link network side is at 10 Mb or 100 Mb and your analyzer connection is 1 Gb the TAP sends data to the ...

Page 45: ...ided an Copper Aggregator TAP was the right one for you Use the information in this section to install your TAP To install the Copper Aggregator TAP you must Decide where to place the TAP and physically mount it if desired This will be in a PC drive bay rack mount bracket or wherever it is most convenient For efficient heat dissipation keep the TAP horizontal Use standard Ethernet cables with RJ 4...

Page 46: ...ides fail safe power redundancy for the Analyzer side The network pass through Link side remains unaffected even if power to the TAP is interrupted If you do lose power you will temporarily lose connectivity while the devices renegotiate their connection The Analyzer side will be down until power is reestablished 2 Connect your device typically a switch to Link B You want to connect Link B first b...

Page 47: ...tanding the status LEDs Figure 11 Aggregator TAP front panel Both power connectors are located on the back panel along with the model information and serial number You can supply power to either or both power supply sockets Connecting both sockets to different external power sources using Network Instrument s optional adapter kit TC2P K provides fail safe power redundancy for the Analyzer side The...

Page 48: ...dicate which step of the connection process the TAP is performing The duration of each state depends on the type of equipment attached to each port of the TAP Here are the connection steps listed in the order they occur 1 Capabilities search Both link ports connections on the TAP are attempting to attach to their respective devices and determine a common speed and other capabilities The LED patter...

Page 49: ...repeat the following sequence 10 100 1000 No Common Speed There is no common speed capability between the devices attached to Link A and Link B The 10 LED flashes The other Speed LEDs are on and do not flash Timed Out The TAP software has timed out waiting for some event The expected speed s LED is on while the actual speed s LED flashes Wrong Speed One of the links has connected at the wrong spee...

Page 50: ...cal to Copper Fiber diameter Multimode 50 or 62 5 125 micrometers μm Single mode 9 125 micrometers Wavelength ranges Multimode 850 or 1300 nanometers Single mode 1310 or 1550 nanometers Copper Analyzer ports Straight through RJ 45 cable or crossover cable Buffer size 256 MB 512 MB 1 GB Dimensions Width 5 62 in 14 28 cm Height 1 15 in 2 93 cm Length 7 79 in 19 78 cm Table 8 Technical specifications...

Page 51: ...Chapter 5 FAQ and Troubleshooting 51 rev 1 Chapter 5 FAQ and Troubleshooting ...

Page 52: ...y The full duplex and Copper Aggregator TAPs are incapable of sending data from the Analyzer side of the TAP to the Link or network side of the TAP The A B or AB ports on the Analyzer side of the TAP must be capable of both transmitting and receiving data to negotiate a connection with the analyzer and they do this through the physical interface The physical interface is responsible for negotiatin...

Page 53: ...nced Network Services allows you to team multiple connections at the driver level presenting your analyzer with an aggregated view of send and receive channels Because of the processing overhead and its affect on NIC performance this method is not recommended for monitoring moderate to highly saturated links such as those between switches However it can be an economical alternative when monitoring...

Page 54: ...through circuit for the link under test Instead of connecting to a single dual receive port as is the preferred deployment connect the send lines to the transmit TX sides of the two ports you intend to aggregate You can team ports on separate cards as long as one of them is an IntelPro card Figure 13 NIC teaming 2 Configure the IntelPro 1000 Driver Software to Define Teamed Connections A Open Netw...

Page 55: ... works best for aggregating both sides of a full duplex link for analysis Click Next and then Finish The My Network Places display should now list the new virtual adapter How do I connect my failover devices When the device connected to Link B fails the TAP disables Link A so that the device on Link A can initiate its failover procedure The TAP then restarts its search phase Until the Link B devic...

Page 56: ...nection This may work for a copper connection to the analyzer It is not recommended for optical connections The correct SFPs are used if you are connecting to an optical analyzer Use a light meter to verify there is enough light power with an optical TAP If you have checked all of the above then a couple of common issues may have occurred If you are using an optical connection from the TAP to your...

Page 57: ...t that the TAP loses power and your switch must renegotiate the link however depending on your device it may need straight through cables to allow the switch to renegotiate the link when the TAP does not have power Check with your device manufacturer Straight through cables make an acceptable choice for a connection to the analyzer because the analyzer connection is secondary to the network connec...

Page 58: ...lyzer check the following On the switch Confirm that the SPAN was created to pass VLAN tags Sometimes SPANs are created and passing VLAN tags is not enabled Confirm the communication between the switch and the router is passing the VLAN tags normally the communication between them is not a trunk On a GigaStor if you are using one Confirm the Gen2 capture card has been enabled to receive or pass VL...

Page 59: ...gle receive capture card 16 specifications 49 analyzer auto negotiation 56 cables 57 dual receive capture card 11 no traffic from TAP 56 ports unidirectional 52 single receive capture card 11 attenuation 31 managing 39 optical cables 38 power loss budget 32 34 37 TAPs 31 auto negotiation 22 30 56 10 100 TAP 22 analyzer 56 Optical TAP 30 B bandwidth utilization 45ff bottleneck SPAN 11 buffer 16 43 ...

Page 60: ...card 58 GigaStor 56 58 H half duplex SPAN 8 heat dissipation Copper TAP 20 I IntelPro 54 internal processing Copper TAP 21 J joining SPAN 15ff L latency 52 LEDs Aggregator TAP 47 Copper TAP 22 light meter 56 light power 31 32 light power equation 34 lights connection sequence 48 link loss budget see power loss budget link speeds Aggregator TAP 46 Linux 56 LR 38 LX 38 M maximum insertion losses Opt...

Page 61: ...analyzer 52 power connectors Aggregator TAP 47 Copper TAP 22 power loss 52 10 100 1000 TAP 24 Copper TAP 21 power loss budget 32 34 38 attenuation 32 Optical TAP 34 Power over Ethernet 23 R rear panel Aggregator TAP 48ff Copper TAP 23ff redundancy see failover repeaters 31 39 repeaters Optical TAP 39 risks SPAN 13 runts 8 S security 8 SFP modules 56 single mode 33 38 50 single receive capture card...

Page 62: ...T W Index 62 rev 1 Legend ff Figure t Table T TCP stack 56 U UNIX 56 up converting 44 V VLAN tags 58 W when to use SPAN 8 ...

Page 63: ......

Page 64: ...find everything from cabinets and racks and power and surge protection products to media converters and Ethernet switches all supported by free live 24 7 Tech support available in 30 seconds or less Copyright 2011 Black Box Corporation All rights reserved Black Box and the Double Diamond logo are registered trademarks of BB Technologies Inc Any third party trademarks appearing in this manual are a...

Reviews:

No comments