Viavi 10/100 Copper nTAP User Manual Download Page 7

Page: 7 / 30

Choosing between a SPAN, Aggregator, or full-duplex TAP

Chapter 2: Why choose a TAP or SPAN port 7

Table 1. Methods of accessing traffic

Aggregator

SPAN/Mirror

Full-Duplex

Requires power

Better

protection

against dropped

packets

Uses single-receive

capture card

Uses internal buffer

to mitigate traffic

spikes

Suitable for

networks with light

to moderate traffic

with occasional

spikes

Passes OSI Layer 1

& 2 errors

Not Addressable

(cannot be hacked)

Requires dual-

receive capture

card

Ideal for heavy

traffic/critical

networks

Suitable for

networks with light

to moderate traffic

Remotely

configurable

The Optical TAP does not require power, but the Copper TAP does.

Better protection against dropping packets than SPAN/mirror.

Although the Aggregator TAP has an internal buffer that mitigates spikes in traffic, when the

buffer itself is full, the new packets are dropped until the output of the buffer can catch up.

Whether you are monitoring a network for security threats or capturing and

decoding packets while troubleshooting, you need a reliable way to see the

network traffic. The appropriate TAP for capturing full-duplex data for analysis

depends on the rates of traffic you must monitor, and what level of visibility you

require.

♦

Attaching a monitoring or analysis device to a switch’s analyzer port

(SPAN/mirror port) to monitor a full-duplex link.
Because a SPAN/mirror port is a send-only simplex stream of data there

is a potential bottleneck when trying to mirror both sides of a full-duplex

Summary of Contents for 10/100 Copper nTAP

Page 1: ...10 100 Copper TAP User Guide 7 Feb 2018 ...

Page 2: ...he authority to operate this product is conditioned by the requirements that no modifications be made to the equipment unless the changes or modifications are expressly approved by VIAVI Laser compliance This device is a class 1 laser product Industry Canada Requirements This Class A digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe A est conforme à la norme NMB...

Page 3: ...14 Features 14 Chapter 4 Standard and Optional Parts 15 Parts 15 Chapter 5 10 100 Copper nTAP Installation 16 Installing 16 Chapter 6 LEDs and connection sequence 18 Chapter 7 Technical Specifications 20 Technical specifications 20 Chapter 8 Troubleshooting 22 What happens if my TAP loses power 22 What latency does a TAP create 22 Are the analyzer ports send only 22 Not seeing traffic at the analy...

Page 4: ...Feb 2018 Archive Non authoritative version VLAN tags not visible at the analyzer 26 Memory 26 Maximum frame size 26 Understanding why Link B is active when Link A is offline 26 Chapter 9 FCC compliance statement 28 Index 29 ...

Page 5: ...ptical links Security convenience and dependability The security and convenience of a TAP makes it preferable to inline connections for network analysis and intrusion detection and prevention IDS IPS applications Because a TAP has no address on the network the TAP and the analyzer connected to it cannot be the target of a hack or virus attack TAPs are economical to install allowing you to leave th...

Page 6: ...ator TAPs are designed to work with a standard and usually less expensive network card on the analysis device but their limitations make them less than ideal for situations where it is necessary to guarantee the visibility of every packet on the wire A full duplex TAP is the ideal solution for monitoring full duplex networks utilized at more than 50 percent 100 when both sides are combined but its...

Page 7: ...ire power but the Copper TAP does 2 Better protection against dropping packets than SPAN mirror 3 Although the Aggregator TAP has an internal buffer that mitigates spikes in traffic when the buffer itself is full the new packets are dropped until the output of the buffer can catch up Whether you are monitoring a network for security threats or capturing and decoding packets while troubleshooting y...

Page 8: ... analyzer By its very nature it is half duplex which means that it cannot send all of the send and receive traffic it sees if traffic exceeds 50 of the bandwidth Moreover switch manufacturers design their products so that the SPAN mirror port has a lower priority in the switch operating system Therefore one of the first things to stop working when the switch gets busy is the SPAN mirror port traff...

Page 9: ...he Aggregator TAP family Cannot handle heavily utilized full duplex links without dropping packets Additional cost with purchase of TAP hardware Filters out physical layer errors hampering some types of analysis Cannot monitor intra switch traffic Burden placed on a switch s CPU to copy all data passing through ports Switch puts lower priority on SPAN port data than regular port to port data Can c...

Page 10: ...eneral network performance Using a SPAN mirror port to capture network traffic for analysis presents the following risks As total bandwidth usage for both channels exceeds the capacity of the outbound link to the analyzer the excess traffic is dropped from the analyzer stream There simply is not enough bandwidth to transmit both sides of the full duplex traffic across a single standard interface T...

Page 11: ...c and no security risk Figure 2 Cloning your SPAN mirror port Joining SPAN mirror ports If you have a primary switch and a failover switch you can connect both of them to the Aggregator TAP Connect one of them to Link A and the other to Link B It does not matter whether the primary switch is connected to Link A or Link B and you do not need to know which one is live The Aggregator TAP joins the ac...

Page 12: ...evice with a standard single receive capture interface or NIC This means that a laptop or a standard system can be deployed as an analyzer rather than the more expensive specialized analyzers or appliances that are designed to accept full duplex traffic through a dual receive capture interface Just like a SPAN mirror port the Aggregator TAP is ideal for a lightly used network that occasionally has...

Page 13: ...e to guarantee the capture of everything on the wire along with errors from all network layers a full duplex TAP is the only choice If the analysis requires a high level of data stream fidelity for instance looking for jitter in video or VoIP only a full duplex TAP forwards the original data timing to the analyzer Note A full duplex TAP must be coupled with a probe or monitoring device capable of ...

Page 14: ...uire or use an IP address making it undetectable compared to a SPAN Allows you to connect and disconnect the analysis device as needed without taking the network down Fully IEEE 802 3 compliant Fully RoHS compliant Automatic link failover for devices that have an alternate path Optional redundant power ensures maximum monitoring uptime LEDs show power and link status Front mounted connectors make ...

Page 15: ...everal parts If any part is missing or damaged contact VIAVI immediately The 10 100 Copper nTAP ships with the following items 10 100 Copper nTAP Quick Reference Card A C power cord Voltage auto sensing universal power supply Your kit may also contain optionally available parts for instance patch cables ...

Page 16: ...sover cables The Copper TAP transmits the analyzer signals through a pair of 10 100 1000 BaseT RJ 45 ports or 10 100 BaseT if a 10 100 Copper TAP model When traffic comes in to Link A two copies are made in the TAP One copy is sent out Link B to the switch and the other copy is sent out Analyzer A to the analysis device A similar thing happens with traffic that comes in Link B Two copies are made ...

Page 17: ...u do lose power you will temporarily lose connectivity while the devices renegotiate their connection The analyzer side will be down until power is reestablished and during this time some packets may be dropped 2 Disconnect the cable from your device typically a switch and connect it to Link B You want to connect Link B first because it negotiates its network speed first and Link A then must use t...

Page 18: ...s sense the TAP is passive The network devices connected to the TAP on the Link ports must renegotiate a connection with each other because the TAP has dropped out This may take a few seconds When turned on the TAP performs a sequence of steps to determine whether its link ports are connected to any devices and what speeds and other capabilities those devices have The blinking pattern of the LEDs ...

Page 19: ...e Link LEDs continue to flicker 3 Connected Both link ports connections are connected to the link partners at a common speed The Speed LED shows connection speed The Link LEDs light steadily idle or flicker depending on whether there is any traffic present If a Link LED is unlit there is no functioning device connected to that port See How do I connect my failover devices for details about what ha...

Page 20: ...tos of the appliance Technical specifications This section lists the dimensions power requirements supported media and environmental requirements Both power connectors are located on the back panel along with the model information and serial number Power requirements AC Input 100 240V 50 60Hz 0 5A Operational Voltage 5V 10 5 100 mV ripple ...

Page 21: ... design relies on conduction and convection from the nTAP casing Your installation environment must provide enough cool airflow for the nTAP casing to maintain an operating temperature less than 113 F 45 C 52 to 185 F 47 to 85 C storage Humidity 35 85 non condensing Supported media Link ports Straight through RJ 45 cable Copper Analyzer ports Straight through RJ 45 cable Dimensions Width 5 62 in 1...

Page 22: ...rding the copy Are the analyzer ports send only Yes the analyzer ports are send only The TAP is incapable of sending data from the Analyzer side of the TAP to the Link or network side of the TAP The A B or AB ports on the Analyzer side of the TAP must be capable of both transmitting and receiving data to negotiate a connection with the analyzer and they do this through the physical interface The p...

Page 23: ...capture cards to capture full duplex TAP output for analysis Because a standard capture card port has only one receive channel you must aggregate the receive channels from two ports to see both sides of the two way connection being monitored Intel s Advanced Network Services allows you to team multiple connections at the driver level presenting your analyzer with an aggregated view of send and rec...

Page 24: ... the Windows Start menu and choosing Properties 4 Right click a Monitor Port from an IntelPro 1000 card which one does not matter and choose Properties Click the Teaming tab 5 Choose the Team with other adapters option and then click New Team to start the New Team Wizard The first dialog lets you name the Team you may want to call it something like Virtual Dual receive 6 Click Next and add another...

Page 25: ...e to another is used as half of the link That is the existing cable connects one device to the TAP and a new cable connects the TAP to the second device The new second cable is generally a crossover cable If the new cable is not a crossover cable then your endpoint devices may not be able to re establish a connection if the TAP loses power Symptom The TAP and endpoint devices work fine while the T...

Page 26: ... capture card has been enabled to receive or pass VLAN tags Memory Fully optical TAPs do not have internal memory or any electronic components and are strictly a pass through wherein a copy of the data is made TAPs with any copper connections have two distinct and separate memory stores The two memory stores are non volatile memory and volatile memory They are not connected in any way and no data ...

Page 27: ...can be established One of the great advantages to having this capability is to use the nTAP to replicate traffic to multiple devices and not use it strictly for pass through For example when you use an aggregation nTAP and if you connect Link B to a SPAN you can then pass the SPAN traffic out the two analyzer ports and have two copies of the SPAN traffic going to two different devices You can have...

Page 28: ...sed in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or mo...

Page 29: ...e card 6 F failover 24 failover SPAN 11 FCC Compliance Statement 28 full duplex NIC 23 full duplex TAP 6 13 G GigaStor 23 26 H half duplex 5 half duplex SPAN 5 I IntelPro 23 J joining 11 joining SPAN 11 jumbo frame 26 L latency 22 light meter 23 Link A 26 Link B 26 link negotiation 26 Linux 23 23 M maximum frame size 26 Maximum Transmission Unit 23 mirror port see SPAN 10 MTU 23 N NIC teaming 23 N...

Page 30: ...ngle receive capture card 6 analyzer 6 SPAN 12 SPAN 6 26 advantages 6 as bottleneck 6 choosing NIC 23 cloning 11 failover 11 half duplex 5 joining 11 pros and cons 8 risks 10 single receive capture card 12 VLAN tags 26 SPANOSI Layer 1 2 errors OSI Layer 1 2 errors 10 straight through cables 25 SYN ACK 23 T TAP 26 TCP stack 23 U UNIX 23 V VLAN tags 26 W when to use SPAN 8 ...

Search results

Summary of Contents for 10/100 Copper nTAP

Reviews:

Related manuals for 10/100 Copper nTAP

Brands by name

Popular brands

Viavi 10/100 Copper nTAP, User Manual

Search results

Summary of Contents for 10/100 Copper nTAP

Reviews:

Related manuals for 10/100 Copper nTAP

Brands by name

Popular brands