Datacom Systems Inc Access Your Network TM VS-1200 Series Data Access Switch VS-1200 Series Data Access Switch USERguide October 2009 541-0127-U-A.
Product Description The VERSAstream™ VS-1200 Series Data Access Switches are adaptable. All ports are Any-to-Any ports and can be configured by the Command Line Interface (CLI) to be either input or output ports. Aggregation offers a complete view of the traffic and easily lets security and analysis tools collect all the data they need, expanding network visibility.
VS-1200 Data Acccess Switch © 2009 Datacom Systems Inc All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems - without the written permission of the publisher. Products that are referred to in this document may be either trademarks and/or registered trademarks of the respective owners. The publisher and the author make no claim to these trademarks.
Contents 5 Table of Contents Section 1 Terms of Use 7 1 Copyright ................................................................................................................................... 7 2 License ................................................................................................................................... Agreement 7 3 Trademark ...................................................................................................................................
VS-1200 Data Acccess Switch ......................................................................................................................................................... 22 SET PROMPT (SE PR) SET IP (SE......................................................................................................................................................... IP), SUBNET (SU), GATEWAY (GA) 23 SET DATE .................................................................................................
Terms of Use 1 7 Terms of Use The following terms and conditions relate to the use of this document. Please note that Datacom Systems Inc. reserves the right, at its entire discretion, to change, modify, add, or remove portions of these Terms of Use at any time. Please read the Terms of Use carefully as your use of this document is subject to the Terms of Use stipulated herein. 1.1 Copyright Copyright© 2009 by Datacom Systems, Inc. All rights reserved. Printed in the United States of America.
VS-1200 Data Acccess Switch The CE logo indicates that this equipment has been tested and found to meet radiated and conducted emission to the European Community EMC Directive 89/336/EEC requirements as per EN 61000-6-3:2001, the generic emissions standard for residential, commercial and light industrial devices, the limits are those for an EN 55022 Class A product.
Overview 2 9 Overview The configurable VS-1200 family of products increases network visibility and leverages your investment in network analyzers, probes, and security equipment by allowing you to simultaneously monitor as many supported configurable ports as you may need to fit your peripheral network tools. Greater visibility accelerates problem resolution, reduces downtime and increases enterprise productivity.
2.2 VS-1200 Data Acccess Switch What Shipped? VS-1200 Series Data Access Switch 1 — Model: VS-1200 series Data Access Switch 2 — Switching AC Adapters 2 — AC Line Cords 1 — DRL512-2M-R serial cable, DB9 M/F straight thru 1 — USERguide 2.
Overview 2.4 11 VS-1200 Series Common Specifications Management Port (front): RJ45 @ 100 Mbps Full-Duplex The factory configured IP Address, Subnet Mask and Default Gateway are as follows: IP Address: 192.168.1.1; Subnet Mask: 255.255.255.0; Default Gateway: 0.0.0.0 Serial Port (rear): DB9 Power Requirement: Two external power adapters Input: 100 - 240VAC 50 - 60Hz, 0.4-0.2 A — Output: 5VDC, 2.5A Certified : CE, UL, CUL, CSA, TUV, CCC, PSE, JET, EU RoHS and China RoHS Power Consumption: 12W; BTU/h: 40.
Hardware 3 Hardware Front panel images of the VS-1200 series are provided in this section. 3.
3.2 VS-1200 Data Acccess Switch Front Panel Description This section provides a illustration and description of the front panel of the VS-1200 series. An explanation of each front panel legend follows: 3.2.1 Power Two switching AC adapter power supplies are provided for each configurable unit. Although only one power supply is required to power the module, use of a second independent power source is strongly recommended to assure uninterrupted monitoring.
Hardware 15 LX-BT/SX-BT - The LEDs located to the right of the SFP connectors are solid green indicating a link has been detected between the respective Any-to-Any Rx port and network device/tool Tx port or network segment. The LEDs are flashing green when data is passed.
3.3.1 VS-1200 Data Acccess Switch Serial DB9 The SERIAL connector port is a shielded DB9 Female and is cabled to the COM port of any compatible network tool or PC where HyperTerminal software resides. It is the only port that can easily connect the Management PC to set the IP address (default 192.168.1.1) for the first time. 3.3.
Initial Configuration 4 17 Initial Configuration IMPORTANT: Prior to initial configuration of the hardware, it is imperative to review the entire Initial Configuration section before proceeding to the Installation section. This section explains the considerations and requirements for the initial configuration of the VS-1200 series by a Command Line Interface (CLI) with a management PC using a terminal emulation application connected either through the SERIAL DB9 port or though the MANAGEMENT RJ45 port.
4.1.2 VS-1200 Data Acccess Switch Password Recovery Password Recovery is provided for cases where a user has forgotten the Superuser and/or Administrator login password. Password recovery is accomplished by connecting to the unit serially using a HyperTerminal like program and rebooting the unit. As the power-up sequence is occurring, depress . Upon receipt of this command, a text recovery key will be generated and displayed prior to the prompt. This key is used to reset the passwords.
Initial Configuration SET PORT MONITOR SET PORT VTAG SET PORT GROUP ADD USER EDIT USER DELETE USER 4.1.3.
4.1.3.4 VS-1200 Data Acccess Switch SHOW TIME (SH TI) This command displays the set date and time for the product, it is entered as shown: > SHOW TIME (SH TI) DATE and TIME Example: > SH TI Date/Time 4.1.3.5 10-09-2007 12:40:25 SHOW MANAGEMENT (SH MA) This command displays Management RJ45 port information as shown: > SHOW MANAGEMENT (SH MA) MAC Address IP Address IP Subnet IP Default Gateway IP Port Example: > SH MA MAC Address: IP Address: IP Subnet: IP Default Gateway: IP Port: 4.1.3.
Initial Configuration 4.1.3.7 SHOW PORT CONFIG (SH PO CO) This command displays all configurable related data for all ports as shown: > SHOW PORT CONFIG (SH PO CO) 01: Name Configuration: Current: Media type: Connection type (SPAN, TAP [Ports on TAP circuit]): Group membership: Steering configuration: VLAN tag status: Example: > SH PO CO 01: Port 1 CFG: 1G Full Duplex Current: No Link Type: Tap (1..
4.1.4 VS-1200 Data Acccess Switch Superuser Commands (Configuration Access) The topic headings in the following section show the long form of the Superuser command set with the shortcut input for the command noted in parenthesis. After the topic heading, a brief overview of the command display function is given followed by an example (Example: #) command input. All commands are entered after the prompt (default #) at the cursor. No auto-fill mode is available. 4.1.4.
Initial Configuration 4.1.4.5 23 SET IP (SE IP), SUBNET (SU), GATEWAY (GA) This command configures the IP address (default 192.168.1.1), Subnet Mask (default 255.255.255.0) and Default Gateway (default 0.0.0.0) parameters. Initially, it is highly recommended that this be done through the direct serial connection using the HyperTerminal or equivalent terminal emulation application. Only those variables that require configuration need to be entered.
4.1.4.7 VS-1200 Data Acccess Switch SET TIME (SE TI) This command, followed by the time (HHMMSS), sets the real time clock time as shown: SET TIME (HHMMSS) Example: # SE TI 033526 # 4.1.4.8 SET PORT NAME (SE PO NA) This command, followed by the port number or port name, a command separator (TO), then the name text (up to 32 characters), assigns the new name text entered as shown: SET PORT NAME (SE PO NA) port number or port name TO name text Example: # SE PO NA 4 TO Port 4 # 4.1.4.
Initial Configuration 25 4.1.4.11 SET PORT VTAG (SE PO VT) This command is used to change the capability of a port to either pass VLAN Tags or strip them from a frame and recalculate the CRC of the frame as shown: SE PO VT (Comma separated list of port numbers, port names, or group names) ON/OFF Example: # SE PO VT 1,4,6,7 ON # 4.1.4.12 SET PORT GROUP (SE PO GR) This command is used to create a port list under a common name for ease of use.
VS-1200 Data Acccess Switch 4.1.4.15 DELETE USER (DE US) This command deletes users as shown: DELETE USER (USERNAME) Example: # DE US edituser User edituser deleted # 4.2 SERIAL Port Configuration (DB9) Note: Use of the SERIAL DB9 port, which is fairly simple and straight forward, is strongly recommended for initial configuration of the hardware.
Initial Configuration 4.3 27 MANAGEMENT Port Configuration (RJ45) Once VS-1200 series connection is made to the MANAGEMENT RJ45 port, open the terminal emulation application and create a connection with settings that fit your needs: The factory configured VS-1200 series IP Address, Subnet Mask and Default Gateway are as follows: IP Address: 192.168.1.1; Subnet Mask: 255.255.255.0; Default Gateway: 0.0.0.0 4.3.1 HyperTerminal The following example utilizes Microsoft HyperTerminal.
4.3.2 VS-1200 Data Acccess Switch TELNET Most network equipment and operating systems with a TCP/IP stack also support some kind of TELNET service server for remote configuration. Security-related shortcomings have limited TELNET (TErminaL NETwork) usage, although TELNET is still widely used when diagnosing problems, manually "talking" to other services without specialized client software, and administration of network elements such as integration and maintenance of core network elements.
Initial Configuration 29 Step 2. Connect your PC and VS-1200 using the provided Datacom Systems DRL512-2M-R cable. Connect the DB9 Female pin end to the serial port on your PC and connect the DB9 Male pin to the SERIAL port on the unit. NOTE: For PCs without 9-pin serial ports, check with your product representative for available sources of a USB to RS-232 Plug-in Adapter. Step 3.
VS-1200 Data Acccess Switch Step 5. On the Connect to window, create a serial link by selecting the COM port assigned to the serial port on your PC from the Connect using: pull-down menu and select OK Step 6. Next, configure the COM Properties. The initial correct settings to communicate with the VS-1200 series (9600, 8, None, 1, None) are shown below. Once all settings are configured correctly, click Apply, then click OK. Step 7. You are now connected, hit the Enter key twice in succession (i.e.
Initial Configuration 31 Step 8. SET IP (SE IP) by typing se ip xxx.xxx.xxx.xxx corresponding to a valid IP address for your network. Press the Enter key to continue. Step 9. SET SUBNET (SE SU) by typing se su xxx.xxx.xxx.xxx corresponding to your network's subnet mask. Press the Enter key to continue. Step 10. SET GATEWAY (SE GA) (if needed) by typing se ga xxx.xxx.xxx.xxx corresponding to your network's default gateway. Press the Enter key to continue. Step 11.
VS-1200 Data Acccess Switch Step 13. Type Exit to save the network address changes and press the Enter key to end the connection session indicated by 'Connection closed' response. Step 14. Close HyperTerminal, respond 'Yes' to the "You are currently connected. Are you sure you want to disconnect now?' prompt and respond 'Yes, No or Cancel,' as you prefer, to the "Do you want to save the connection named "Connect"?" prompt. Step 15. Disconnect the DRL512-2M-R serial cable. Step 16.
Initial Configuration 33 Step 3. Check the PC Local Area Network Connection by selecting START > Control Panel > Network Connections Step 4. Right click the Local Area Connection and from the drop down menu select Properties. Highlight Internet Protocol (TCP/IP) and highlight and click the Properties box. Check the button Use the following IP Address: Use IP Address: 192.168.1.5 and Subnet Mask: 255.255.255.0. Click OK.
VS-1200 Data Acccess Switch Step 5. Open the Command Prompt on your PC by selecting START > All Programs > Accessories > Command Prompt Step 6. In the Command Prompt window, at the prompt, enter TELNET and hit the Enter key. (To see a list of available Microsoft Telnet Client Commands, at the prompt, enter ? and hit the Enter key. Supported commands will be displayed.) Step 7. At the Command Prompt window prompt, enter o 192.168.1.1 and hit the Enter key.
Initial Configuration 35 Step 8. You are now connected at the Enter Username: prompt. Usernames and passwords are case-sensitive. Type Administrator (default value) and press the Enter key. At the Enter Password: prompt, type admin (default value) and press the Enter key to display the command line > prompt. At the command line > prompt, type su and press the Enter key. At the Enter Password: prompt, type password (default value) and press the Enter key to display the command line # prompt.
VS-1200 Data Acccess Switch Step 13. If the pending IP Address is not correct, repeat Step 9, if the pending IP Subnet is not correct, repeat Step 10 and if the pending IP Default Gateway is not correct, repeat Step 11. Repeat Step 12 to review and verify that the pending IP Address, IP Subnet and IP Default Gateway match the intended Local Area Network input IP Address, IP Subnet and IP Default Gateway. Step 14.
Initial Configuration 37 GOAL/SOLUTION: The exercise for the setup of a VS-1210BT/SFP shown is as follows: Ports 1, 2, 3 and 4 have been setup as inputs. Port 5 has been setup to output data to a Network IDS from Port 4’s input. Port 6 has been setup to output aggregated data to a Probe from Port 3 and 4’s inputs. Port 7 has been setup to output data to a Network IDS from Port 1’s input and returns TCP resets from the Network IDS.
VS-1200 Data Acccess Switch Then enter Superuser mode, at the user prompt >, enter SU, Enter key, and enter the Password (default: password) and Enter key. Default prompt is the # symbol. In Superuser mode use the following syntax for the different connections. This syntax sets the input/ output for Any-to-Any ports as well as the input/output for Tap ports. The VS-1200 Series factory default for all Any-to-Any ports is off.
Initial Configuration Port 5 is set as output for Port 4’s input which is set with this syntax: # SET PORT MONITOR 5 FROM 4 Port 6 is set as output for Ports 3 and 4’s input which is set with this syntax: # SET PORT MONITOR 6 FROM 3,4 Port 7 is set as output for Port 1’s input/output which is set with this syntax: # SET PORT MONITOR 7 FROM 1 Port 8 is set as output for Port 2’s input/output which is set with this syntax: # SET PORT MONITOR 8 FROM 2 Port 9 is set as output for Ports 1 and 2’s input/output w
4.6 VS-1200 Data Acccess Switch Small Form-Factor Plug Module This section provides information about small form-factor plug (SFP) modules. The SFP modules are input/output devices that plug into a Gigabit Ethernet (GE) small form-factor (SFF) port, linking the port with a 1000Base-X fiber or 1000Base-T copper network. The fiber SFP module have a receiver port (Rx) and a transmitter port (Tx) that make up one optical interface.
Initial Configuration 4.6.3 41 Installing the SFP Module SFP modules might ship already installed in your VS-1200, or they might arrive packaged separately. This section describes how to install the SFP module. NOTE: You can install SFP modules with power on to the system; however, it is strongly recommended that you do not install the SFP module with fiber or copper cables attached to it. Disconnect all cables before installing a SFP module.
Hardware Installation 5 43 Hardware Installation This section describes the VS-1200 series hardware installation at the network site of your choice. For specific VS-1200 applications see the 'Application 5.1 47 ' section. Power This section describes the power connection at the network installation site of the VS-1200 configurable series. or Two DC input power sockets are provided on the rear panel.
VS-1200 Data Acccess Switch NOTE: For the VS-1200 series with a Gigabit Ethernet (GE) small form-factor (SFF) port, the SFP modules might ship already installed in your unit, or they might arrive packaged separately. See the 'Small Form-Factor Pluggable' section, 'Installing the SFP Module 41 ,' on how to install the SFP module. Step 1. Connect a network or monitoring cable to an Any-to-Any port socket and the other side of this cable to the network or monitoring tool NIC port as appropriate.. Step 2.
VS-1200 Series Functional Drawing 6 VS-1200 Series Functional Drawing VS-1210BT-BT/SFP VS-1210SFP VS-1208BT VS-1206SFP © 2009 Datacom Systems Inc 45
VS-1200 Data Acccess Switch VS-1204BT VS-1204SFP © 2009 Datacom Systems Inc
Application 7 47 Application This section will present techniques and applications describing the practical use and new remedies for performing network analysis requirements using VS-1200 series solutions. 7.1 Gathering the Data (HyperTerminal configuration example) PREMISE: This application consists of workgroup switches that allow end users to access a group of servers. The servers are connected to a single server switch and the users are distributed across several workgroup switches.
VS-1200 Data Acccess Switch SOLUTION: The VS-1210BT/SFP solves all goals by accepting the input from the two SPAN ports along with the output from the TAP, aggregating and replicating the traffic to multiple ports and ports 9 and 10 provide small form pluggables that allow either fiber or copper connectivity. CONFIGURATION: The IP address (default 192.168.1.
Application 49 Now you can begin setting the ports as to which port inputs the data and which ports aggregate and/ or output the data.
7.2 VS-1200 Data Acccess Switch All Pluggable in Optical Network (TELNET configuration example) PREMISE: This network application consists of several workgroup optical switches that allow end users to access a group of servers.; The servers are all connected to a single server optical switch and the users are distributed across several workgroup switches. The security department wants to view all server bound access from the users and view server to server traffic.
Application 51 SOLUTION: The VS-1210SFP solves the goals by accepting both sides of each optical network traffic from four optical tap full-duplex ports and aggregating and replicating the traffic to multiple ports. The VS-1210SFP also provides media conversion with the small form pluggables so that both copper and fiber ports are available for connectivity. CONFIGURATION: The IP address (default 192.168.1.
VS-1200 Data Acccess Switch IMPORTANT: Fiber taps are not capable and CAN NOT auto-negotiate link with the VS1210SFP ports and MUST BE be hard set to 1,000 Mbs and full-duplex. Port 1, 2, 3, and 4's is set to 1,000 Mbs and full-duplex with this syntax: # SET PORT SPEED 1,2,3,4 1000FULL Now you can begin setting the ports as to which port inputs the data and which ports aggregate and/or output the data.
Customer Service 8 53 Customer Service This USERguide was written to help you get to know your new VS-1200 Series quickly and easily. We would welcome any comments or suggestions you may have regarding this USERguide. Datacom Customer Service is available via telephone, facsimile, E-mail and Web. Outside of support hours, please leave a voice message and our Customer Service Staff will return your call as soon as possible. Tel: (315) 463-9541 Fax: (315) 463-9557 E-mail: support@datacomsystems.
Datacom Systems Inc. 9 Adler Drive • East Syracuse, NY 13057 TEL: (315) 463-9541 • FAX: (315) 463-9557 http://www.datacomsystems.
