Anue 5200 User Guide

(1)

Anue Systems, Inc.



http://www.anuesystems.com

Anue Net Tool Optimizer User Guide

Version 3.7

(2)

Anue Net Tool Optimizer User Guide, October 11, 2012  Part no: 510-12-0017-A0-0

The information contained in this document is subject to change without notice and does not represent a commitment on the part of Anue Systems. No part of this manual may be copied, reproduced, stored in a retrieval system, or transmitted in any form, or by any means, electronic, mechanical, or otherwise, without the prior written permission of Anue Systems, Inc.

Anue Systems makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.

The information in this document is believed to be accurate and reliable, however, Anue Systems assumes no responsibility or liability for any errors or inaccuracies that may appear in the document.

Limited Warranty

Anue Systems warrants that its Products will conform to the description on the face of order, that it will convey good title thereto, and that the Product will be delivered free from any lawful security interest or other lien or encumbrance. Anue Systems further warrants to Customer that hardware which it supplies and the tangible media on which it supplies software will be free from significant defects in materials and workmanship for a period of twelve (12) months, except as otherwise noted, from the date of delivery (the “Hardware Warranty Period”), under normal use and conditions. To the extent the Product is or contains software (“Software”), Anue Systems also warrants that, if properly used by Customer in accordance with the Software License Agreement, the Software which it supplies will operate in material conformity with the specifications supplied by Anue Systems for such Software for a period of ninety (90) days from the date of delivery (the “Software Warranty Period”). The “Product Warranty Period” shall mean the Hardware Warranty Period or the Software Warranty Period, as applicable. Anue Systems does not warrant that the functions contained in the Software will meet a specific requirement or that the operation will be uninterrupted or error free. Anue Systems shall have no warranty obligations whatsoever with respect to any Software which has been modified in any manner by Customer or any third party.

Defective Products and Software under warranty shall be, at Anue Systems' discretion, repaired or replaced or a credit issued to Customer's account for an amount equal to the price paid for such Product provided that: (a) such Product is returned to Anue Systems after first obtaining a return authorization number and shipping instructions, freight prepaid, to Anue Systems' location in the United States; (b) Customer provides a written explanation of the defect or Software failure claimed by Customer; and (c) the claimed defect actually exists and was not caused by neglect, accident, misuse, improper installation, improper repair, fire, flood, lightning, power surges, earthquake, or alteration. Anue Systems will ship repaired Products to Customer, freight prepaid, based on reasonable best efforts after the receipt of defective Products.

Except as otherwise stated, any claim on account of defective materials or for any other cause whatsoever will conclusively be deemed waived by Customer unless written notice thereof is given to Anue Systems within the Warranty Period. Anue Systems reserves the right to change the warranty and service policy set forth above at any time, after reasonable notice and without liability to Customer.

TO THE EXTENT PERMITTED BY APPLICABLE LAW, ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, ARE HEREBY EXCLUDED, AND THE LIABILITY OF ANUE SYSTEMS, IF ANY, FOR DAMAGE RELATING TO ANY ALLEGEDLY DEFECTIVE PRODUCT SHALL BE LIMITED TO THE ACTUAL PRICE PAID BY THE CUSTOMER FOR SUCH PRODUCT. THE PROVISIONS SET FORTH ABOVE STATE ANUE SYSTEMS' ENTIRE RESPONSIBILITY AND CUSTOMER'S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY BREACH OF ANY WARRANTY.

(3)

Anue Net Tool Optimizer User Guide 1

Preface

About this Document

This documentprovides detailed information about the Anue Net Tool

Optimizer™ (NTO), as well as the procedures necessary to use the Anue NTO to manage your network. For information about installing the Anue NTO, refer to the Installation Guide for your NTO model.

Audience

This document is intended for Anue customers that use the Anue Net Tool Optimizer (NTO). Readers should be familiar with networking concepts.

Organization

The following table describes the chapters and appendixes in this document.

NOTE This document is intended to be printed using double-side

printing. If you print this document using single-side printing, some pages appear blank.

NOTE Some Control Panel details differ for various models of the NTO.

Therefore, the screen captures you see in this document may differ from what you see for your particular model.

Chapter/Appendix Description

Chapter 1, “Overview” Provides an overview of the Anue NTO.

Chapter 2, “Configuring the Management Port IP Settings”

Describes how to configure the management port IP address.

Chapter 3, “5273/5288/5293 Craft Port Interface”

Describes the Craft Port Interface.

Chapter 4, “Log in to the Management Control Panel”

Describes how to log in to the management control panel.

Chapter 5, “Control Panel Menu Options”

(10)

Preface

Chapter 6, “Creating and Using Objects”

Describes how to create and configure objects.

Chapter 7, “Control Panel Views” Describes control panel views.

Chapter 8, “Authentication, Authorization, and Accounting (AAA) Using TACACS+ and RADIUS”

Describes TACACS+ and RADIUS authentication.

Chapter 9, “SNMP” Describes SNMP functionality.

Chapter 10, “SYSLOG” Describes SYSLOG functionality.

Chapter 11, “Access Control Using Groups”

Describes how to control access using groups.

Chapter 12, “Use Cases and Common Configurations”

Provides use cases and describes common configurations.

Chapter 13, “Control Panel Ease of Use Features”

Describes control panel ease of use features.

Chapter 14, “Automation Scripting”

Describes automation scripting.

Chapter 15, “Statistics” Describes statistics.

Appendix A, “Software Upgrade and Port Allocation Procedures”

Describes software upgrade and port allocation procedures.

Appendix B, “5204/5236/5273 Front Panel LCD Menu Reference”

Describes the front panel LCD menus and functions.

Appendix C, “Packet Processing Features”

Describes packet processing features, both standard features and advanced features that are part of the advanced features modules for the 5236/5273 and the 5288.

Appendix D, “How Licenses are Remapped Due to a

Configuration Change”

Describes how floating licenses change when the configuration changes.

Appendix E, “Troubleshooting” Describes troubleshooting tools and procedures.

Appendix F, “5273/5288/5293 Safety Guidelines”

Describes safety guidelines.

(11)

Document Conventions

Typographic The following table describes the typographic conventions used in this document.

Notational The following table describes the notational conventions used in this document.

Convention Description Example

ABCdef Identifies book titles,

emphasized words or words that appear in the glossary, and command variables.

You

must

log in as root. C:\>cd directory_name

ABCdef Identifies commands and graphical user interface items with which you interact.

Click the OK button.

ADCdef Identifies a hyperlink or URL. http://www.anuesystems.com

ABCdef Identifies computer-generated output, API elements, and code samples.

package require anuento

?? Indicates optional parameters within a syntax description.

This convention applies to scripting documentation only.

?login_id?

| Separates items in a list of choices; used with braces (??) in a syntax description.

This convention applies to scripting documentation only.

?-include

tcl_list(import_export_spec) | -exclude

tcl_list(import_export_spec)?

Type Icon Description

Tip Provides information that might help you use the _{product more efficiently.} NOTE Provides information that emphasizes the main

text.

CAUTION

Provides information of critical importance that is required to ensure your own personal safety and to help protect your equipment and working environment from potential damage.

Indicates an electrical hazard. This convention applies to hardware-related material only. Indicates a laser light hazard. This convention applies to hardware-related material only.

(12)

Preface

Additional Information

The following table lists additional documentation associated with the Anue Net Tool Optimizer (NTO).

Indicates that the material should not be discarded with ordinary waste. This convention applies to hardware-related material only. Indicates a dual power supply. This convention applies to hardware-related material only.

Type Icon Description

Resource Description

Installation Guide for your NTO model

Provides instructions for installing the Anue NTO.

Anue 5204/5236 Redundant AC Power Supply Connection Guide

D

escribes how to connect the Unipower AC Redundant Power Supply to the Anue NTO.

Anue 5204/5236 Redundant DC Power Supply Connection Guide

D

escribes how to connect the Unipower DC Redundant Power Supply to the Anue NTO.

Anue 5200 Automation

Scripting Guide

P

rovides detailed information about the Anue NTO Automation Scripting capabilities.

(13)

Technical Support

Contacting Anue Technical Support

For technical support, contact Anue Systems: – Email: [email protected]

– Phone: • Direct

(512) 600-7200

• Toll Free (US & Canada Only)

1-877-268-3269 (Select option 2 from the phone menu.) • Asia

+852 2824 8850

• EMEA (Europe, Middle East, Africa) +44 (0) 1189 076 204

The Anue Customer Portal (http://support.anuesystems.com) is also available. The customer portal allows customers to open support tickets, search for solutions and download documentation. All customers with a current support contract have an employee that has been designated as their Customer Administrator. Contact your Customer Administrator for details on how to request an Anue Customer Portal password and login account.

Optional service and maintenance contracts are available for each of Anue’s products and may be purchased separately. Contact Anue at

[email protected] for details.

Sending Log Files to Anue Technical Support

A technical issue may require that you send the Anue NTO log files to Anue Technical Support.

To send log files to Anue Technical Support:

1. Select Help > Save and Send Logs from the menu. 2. Type a name for the log file, and click the Save button.

Your email application launches with a new message addressed to [email protected] as shown in the image below.

3. Attach the log from the directory indicated in the body of the email.

4. Specify the reason you are sending the logs and include any other pertinent information in the body of the message.

(14)

Preface

(15)

C

HAPTER

1 Overview

The Anue Net Tool Optimizer (NTO) directs network data from SPAN ports and TAPS in your data center and forwards it to a convenient centralized tool farm where multiple tools can share simultaneous access to the network data.

The Anue NTO has a full range of connectivity capabilities so that each network tool is fed exactly the data it needs from anywhere in your network.

Figure 1-1. Anue NTO Tool Optimization

Inbound traffic from any incoming port may be switched to one or more outgoing ports, regardless of the speed of the incoming and outgoing ports.

Ports designated through software as Network Ports are used to connect tap and SPAN ports to the Anue NTO.

Ports designated through software as Tool Ports are used to connect tools such as data recorders and VoIP monitors to the Anue NTO.

The NTO server runs on the unit chassis and the Control Panel client, a Java based graphical user interface (GUI), is provided so that the configuration and visualization of port mappings is easy and intuitive.

Multiple users can manage the NTO simultaneously and passwords and access privileges can be assigned. The Anue NTO server manages access to the

configuration database. Users are warned when potential database conflicts exist and are allowed to decide if changes are saved to the database.

Models 5273, 5293: These models of the NTO are Network

(16)

Chapter 1, Overview

NTO Automation Scripting enhances the functionality of the NTO by providing the ability to automate the configuration and management of the NTO. NTO

Automation Scripting consists of a command interpreter and a set of commands that can be saved in script files for automated processing or typed into an interactive shell for immediate processing. For example, this functionality allows you to interactively manage several Anue Net Tool Optimizers, to track specific traffic patterns during certain times of day, and to automatically update filter criteria and/or connections based on user defined trigger parameters. Statistics are also provided to help monitor tool utilization and optimization.

Table 1-1 summarizes the physical characteristics of the different NTO models.

Figure 1-2. Anue 5204 Net Tool Optimizer

Figure 1-4. Anue 5273 Net Tool Optimizer Table 1-1: Characteristics of NTO Models Models Characteristics

5204, 5236, 5273

The unit chassis is 1U high (5273 is 2U high) and supports up to 28 ports on the front and back. Port speeds of 1G and 10G are supported. In addition, built-in copper ports support 10/100/1000.

5288, 5293 The unit chassis is 2U high and supports up to 64 ports on the front. Port speeds of 1G, 10G, and 40G are supported.

(17)

Port Connection Options

The Anue NTO supports up to 28 (Models 5204/5236/5273) or 64 (Models 5288/ 5293) ports. Ports can be configured in the following manner:

■ Single Input (network port) to Single Output (tool port)

■ Single Input (network port) to Multiple Outputs (tool ports) (i.e. port sharing) ■ Multiple Inputs (network ports) to Multiple Outputs (tool ports)

■ Multiple Inputs (network ports) to Single Output (tool port) (i.e. aggregation) ■ Port Groups – Provides the ability to aggregate ports into higher bandwidth trunks for the purposes of load balancing tool traffic or interconnecting Net Tool Optimizers.

You can combine the port connection combinations listed above in any speed mapping combination.

NOTE When you map ports with higher rates of traffic to ports with

lower rates of traffic (for example, a 10G Ethernet port mapped to a 1G port or multiple 1G ports aggregated to a 1G port), you should use filters so excess traffic is not passed to lower rate ports. Filtering can help tools avoid being overloaded with unnecessary or unwanted data.

(18)

Chapter 1, Overview

Supported Packet Sizes

The Anue Net Tool Optimizer supports packet sizes from 64 bytes to 16K bytes (jumbo packets) at all line rates.

The following information provides details about how different packets sizes are defined and handled by the NTO:

■ Runt packets: Runt packets are packets that are less than 64 bytes. Runt

packets are dropped at the ingress of the NTO.

■ Standard packets: Packets that are between 64 and 1,518 bytes (1522 with

VLAN) are considered standard packets. Standard packets are supported. ■ Jumbo packets: Packets that are between 1,519 and 16,360 bytes are

considered jumbo packets. Jumbo packets are supported.

Filter Overview

This section provides an overview of the filter types that are available on the NTO.

Filter Types

Dynamic filters are the primary method used to filter traffic on the Anue NTO. These are the filters that appear in the middle of the NTO Control Panel Diagram View. They are optimized for topologies that require both aggregating traffic from multiple network ports to a single tool, as well as sharing traffic from a network port with multiple tools. Dynamic filters are recommended as the default

filtering approach because nearly all users have both of these topology

requirements.

In addition to the dynamic filters, three other filter types are available: an ingress filter (located in the Network Ports column in the control panel), an egress filter (located in the Tool Ports column), and a Dynamic One-Stage filter (an advanced mode of dynamic filter, located in the Dynamic Filters column). All of the filter types can be used in combination with each other.

Tip: Several technical notes on advanced filtering subjects can also be

downloaded from the Anue Customer Portal. See “Technical Support” on page 11 for information on how to access the Anue Customer Portal.

(19)

Filter Criteria Options

Ingress Filters

Ingress filters are configured at the network port. Ingress filtering occurs

immediately upon traffic entering a network port, upstream from other filter types. One ingress filter can be applied to each network port. “Deny” and “Pass” filter modes are supported. Any traffic that is filtered out (i.e. removed) at ingress is no longer available to any downstream filters or tools. Therefore, care should be used when applying Ingress filters.

Ingress filters are typically used in conjunction with dynamic filters to remove traffic that is not needed by the tools that are connected, or plan to be connected to a network port. By filtering at ingress, traffic that is not needed is removed from the beginning and the overall filtering capacity of the NTO is improved.

Egress Filters

Egress filters are configured at the tool port. Egress filtering occurs

downstream from Ingress and Dynamic filters. “Deny” and “Pass All” filter modes are supported. This filter type is typically used to fine tune filtering in combination with the Dynamic filters. Using a Deny filter to remove traffic that is not required by tools can also improve tool performance.

Dynamic One-Stage Filters

One-stage is an advanced setting on a dynamic filter. This type of filter is

appropriate for applications that require sharing network port traffic with multiple tools, but do not require a heavy aggregation capability that could exceed the bandwidth of the tool port to which it is connected.

Filter Criteria Options

Filter criteria are available to define the type of traffic that can pass through a filter or be denied from passing through a filter. Dynamic filters, network ports (ingress filters) and tool ports (egress filters) all have filter criteria settings. Network ports

allow or deny traffic from passing through based on the defined criteria. The

(20)

Chapter 1, Overview

■ Dynamic filters (which display in the center of the diagram area) allow traffic to pass through based on the defined criteria. The filter can also be

configured to Pass All or Deny All traffic.

■ Tool ports deny traffic from passing through based on the defined criteria. The filter can also be configured to Pass All or Deny All traffic.

The following filter criteria options are available. Note that the available filter criteria options may vary based on the object type (port or dynamic filter), filter mode (Pass All or Deny All) and the filter memory allocation settings.

Layer 2 ■ MAC Address ■ Ethertype ■ VLAN Tag IPv4 Layer 3 – IPv4 Address – IP Protocol – DSCP/ECN Layer 4

– L4 Port (TCP/UDP Port) – TCP Control

IPv6 (Models 5236/5273 only) Layer 3

– IPv6 Address – Next Header – Traffic Class

Layer 4

– L4 Port (TCP/UDP Port) – TCP Control

Several criteria options can be selected per filter. The selected criteria can be “AND’d” or “OR’d”.

(21)

C

HAPTER

2 Configuring the Management Port IP Settings

This chapter describes the basic setup procedure and other related information required to quickly get the Anue Net Tool Optimizer up and running.

Connect and Configure Ethernet Management Ports

This section covers information about connecting and configuring Ethernet Management Ports. Topics include:

■ “Port Locations and Labels” on page 19

■ “5273/5288/5293 Rules and Practices” on page 19

Port Locations and Labels

Table 2-1 describes the locations of the Ethernet management port(s) on each model of NTO:

5273/5288/5293 Rules and Practices

For models with two Ethernet management ports, one port will be active and the other port will be a backup (standby). Each Ethernet port provides a transparent backup in the event of an Ethernet port link failure. If the link status of the active port stays down for approximately 5 seconds, the IP interface will move to the backup Ethernet port.

Table 2-1: Ethernet Management Port Locations and Labels Model Location(s) and Labels

5204 One port on the rear of the chassis 5236 One port on the front of the chassis

5273 Two ports: one on the front of chassis labeled “front”, one on the rear labeled “rear”

(22)

Chapter 2, Configuring the Management Port IP Settings

The following rules and practices apply to the management ports:

■ Connecting both management ports allows for failover redundancy which is recommended but not required.

■ Both management ports must be connected to the same subnet.

■ Both management ports will automatically be assigned the same IP address but have unique MAC addresses.

■ If both management ports are connected and report a link up status when the unit is powered up, the 1st Ethernet port will be the active port and the 2nd Ethernet port will be the standby (backup).

■ In the event of failover to the standby Ethernet port, the standby port will remain active when the original active port returns to service. The original active port becomes the standby (backup) port.

Configuring the Management Port IP Address

This procedure describes how to configure the management port IP address using the GUI.

NOTE You cannot access the standby port to manage the NTO while it is

the standby, only if it becomes the active port.

Models 5273/5288/5293: Auto-MDIX (automatic medium-dependent

interface crossover) is supported for copper 1G, 100M and 10M copper ports. Auto-MDIX allows the interface to automatically detect and support a straight through or crossover Ethernet cable.

NOTE In the event of management port failover the NTO will issue

gratuitous self ARPs to cause the remote nodes to update their ARP tables. Customers should verify that the routers in their network have gratuitous ARPs enabled. If gratuitous ARPS are not enabled on remote nodes, management port switchover may take longer to complete.

Table 2-2: Additional Information per Model

Model More Information

5200, 5236, 5273

For information about configuring the management port IP address using the front panel control panel and LCD, refer to the either the Anue 5204/5236 Installation Guide or the Anue

5273 Installation Guide.

5273, 5288, 5293

For information on how to configure the management port IP address using the craft port, see Chapter 3, “5273/5288/5293 Craft Port Interface.”

(23)

Configuring the Management Port IP Address

1. Log in to the control panel as described in Log in to the Management Control Panel using an account that has System Administrator privileges.

2. Click System in the management frame at the left side of the control panel and access the Status Settings tab. The information on this tab differs depending on your NTO model.

Figure 2-1. System Settings

3. Click the hyperlink to the right of either IPxx configuration: field.

Caution: Changing the IPv4 address, subnet mask, default gateway, IPv6

address, or network prefix settings will restart the NTO and force all users off the system. The user performing the IP address change will lose connection to the unit from the control panel GUI after saving the

modification. To regain access to the unit, log in to the ANUE NTO using the new IP address. If the newly assigned IP address values are not correct, users will not be able to access the NTO remotely.

(Models 5204/5236/5273) Misconfigured IP address settings can only be corrected using the LCD interface. (Model 5273 addresses can be corrected using either the LCD or the craft/serial port interface.)

(Models 5273/5288/5293) Misconfigured IP address settings can only be corrected using the craft/serial port interface.

(24)

Chapter 2, Configuring the Management Port IP Settings

4. Configure the desired IP address, subnet mask and gateway in the Set IP

Configuration window. Click OK to save the changes.

Figure 2-2. Set IP Configuration

The NTO supports dual stack IPv4/IPv6 management. IPv4 is always enabled and available for static assignment. IPv6 can optionally be enabled for dual stack operation and a static IPv6 management address can be assigned. IPv6 addresses may be entered using preferred format (e.g. -

2001:0:0:0:0:80:21AF:3DAB) or compressed format (e.g. - 2001::80:21AF:3DAB where ‘::’ collapses consecutive groups of zeros.

The default gateway for the NTO’s IPv6 management interface is automatically determined by periodic router advertisements received on the interface.

(25)

C

HAPTER

3 5273/5288/5293 Craft Port Interface

The craft/serial port interface provides access to several commands which are described in detail below.

Craft Port Connection

Table 3-1 describes the craft port connections and their locations for each of the relevant NTO models.

Connect a serial cable between the NTO craft port and the serial port of a computer running a COM port terminal utility.

The settings of the COM port terminal utility must be set to 115200 baud, 8 data bits, 1 stop bit, and no parity.

You can configure the NTO for IPv4 and IPv6.

Craft Port Main Menu

After connecting to the unit craft port, the following unit status information is displayed at the top of the menu.

■ The unit IP address is displayed.

■ The System Name is displayed if this feature is configured. ■ System Type displays the NTO model number.

■ The System Status displays the alarm state of the NTO. When the System Status is “Not ready” the System Type will not be shown and only the Reboot System menu option will be available.

Models 5204, 5236: The craft port interface is not available on these

models.

Table 3-1: Craft Port Connections

Model More Information

5273 Standard 9-pin, RS-232 serial port, located on the rear panel Note that the 5273 craft port exposes a “female” connector. 5288, 5293 Standard RJ45 serial port, located on the front panel

(26)

Chapter 3, 5273/5288/5293 Craft Port Interface

Main Menu options are displayed below the unit status information. Welcome to Anue Systems

<IP Address, IPv4 and IPv6 if it’s also enabled.> Hit Enter to refresh status

[System Name]

<System Type: System Status> Main Menu:

1. Reboot System 2. IP Config

3. Management Port Config 4. Reset Admin Password 5. Run POST tests

6. Get POST results Enter command number:

Reboot System

From the Main Menu type 1 to reboot the system and then press the Enter key on the keyboard.

A reboot verification message will be received. Type “yes” to begin the system reboot.

(27)

IP Config

1. From the Main Menu, type 2 and then press the Enter key on the keyboard. The following menu will display. Notice that the current settings are displayed next to each menu item.

IP Config:

1. Set IP Address (192.168.41.99) 2. Set Netmask (255.255.255.0) 3. Set Gateway Address (0.0.0.0)

4. Commit changes

5. Cancel/Return to Main Menu

2. Enter the command number for the IP setting you wish to change (1, 2, or 3). For this example, we will select menu option 1 (Set IP Address). The

following prompt will display. Enter new IP Address:

Type 192.168.162.12.Then press the Enter key on the keyboard.

A confirmation message will then display. Value entered: 192.168.162.12 Correct? Enter Y or N

Type “y” or “Y”. Then press the Enter key on the keyboard.

3. The IP Config menu will now display the modified IP address along with the other settings and options. Note that the modification will not take effect on the NTO until the changes have been committed (menu option 4).

IP Config:

1. Set IP Address (192.168.162.12) 2. Set Netmask (255.255.255.0) 3. Set Gateway Address (0.0.0.0)

4. Commit changes

5. Cancel/Return to Main Menu

Select option 1, 2 or 3 to continue modifying the current IP settings using the procedure described above. Select option 4 to commit changes (there will be another verification prompt before changes are actually applied). Select option 5 to cancel all changes that have not been committed.

Note: The System Status displayed on the main menu may indicate “Not

ready” until management port configuration changes have been

completed. Once the configuration changes have completed, the full main menu will display.

(28)

Management Port Config

The duplex mode of the Ethernet management port(s) is set to Auto-negotiate by default. The example below configures both Ethernet management ports

simultaneously.

1. From the Main Menu, type 3 and then press the Enter key on the keyboard. The following menu will display. Note that “(current)” is displayed next to the currently configured duplex mode.

Management Port Config 1. Auto (current) 2. 1G Full 3. 100M Full 4. 100M Half 5. 10M Full 6. 10M Half

7. Return to Main Menu

2. Type a command number to select the duplex mode for the management port(s). Type 7 if you wish to return to main menu. For this example, we will type 2 (1G Full). Then press the Enter key on the keyboard.

A confirmation message will then display.

Changing management port to 1G Full.

Type “yes” to accept, anything else to cancel: 3. To accept the change, type yes and then press the Enter key on the

keyboard. To cancel the changes, type any key on the keyboard and then press the Enter key.

Reset Administrator Password

From the Main Menu, type 4, the Reset Admin Password menu will display. Enter the last 8 digits of the unit serial number. For example, serial number 5236-00000003 will be entered as “5236-00000003.” The unit serial number is located on the rear of the unit.

Anue 5236: Status: Normal Hit Enter to refresh status

Models 5204/5236: These NTO models have only one Ethernet

(29)

Run POST Tests

Main Menu:

6. Get POST results Enter command number: 4

Enter the key to reset the admin pasword: 00000003

Value entered: 00000003

Type "yes" to accept, anything else to cancel: yes

The password has been reset to default.

Run POST Tests

From the Main Menu, type 5 to initiate Power On diagnostic SelfTests. This will cause the system to restart. Note that running POST adds several minutes to system startup.

Welcome to Anue Systems IP address: 192.168.162.33 Anue 5288: Status: Normal

Hit Enter to refresh status Main Menu:

Run Power On Self Tests

The NTO is being restarted. The power-on self-test will run during restart.

(30)

Get POST Results

From the Main Menu, type 6 to retrieve the results of the last POST run. This command cannot be run while the system is restarting.

Welcome to Anue Systems IP address: 192.168.162.33 Main Menu:

Get Power On Self Tests results

Results: Passed

(31)

C

HAPTER

4 Log in to the Management Control Panel

The NTO allows multiple users to access and manage the system simultaneously but any single account may only be logged in from one location at a time. For example, if a user logs into the “admin” account on an NTO from one PC, a user on a different PC cannot also log into the "admin" account on the same NTO until the first user logs off.

Users can also manage multiple NTO systems from the same Control Panel. For information, see “Manage Multiple NTO Systems from the Same Control Panel Interface using ULM” on page 37.

Requirements for the NTO Management PC

■ The Control Panel application requires a Windows operating system environment. Windows XP and Windows 7 have been tested and are recommended.

■ Internet Explorer version 6 and higher and Mozilla Firefox 2.x and higher are the supported HTML browsers. Other browsers should also work. Note that Anue has only tested on Internet Explorer 8 and 9 and on Firefox 9.0.1 and 10.0.1.

■ The Control Panel requires the installation of a Java Runtime Environment (JRE) on the client PC. Both JRE 1.6 and 1.7 (that is, Java 6 and Java 7) are supported. If Java is not installed on the client PC, the Anue NTO HTML Welcome page will provide a link to a website from which you can download and install Java. Anue has tested on and recommends Java versions

1.6.0_31 and 1.7.0_05-b05. Both the 32-bit and 64-bit version of JRE are supported.

■ HTML browser “cookies” need to be enabled.

■ If you wish to enable cookies only for the NTO, follow the steps below: A. In the Internet Explorer browser, select Tools > Internet Options. Click

the Privacy tab. Click the Sites button. In the Address of website field, enter the IP address of the NTO – for example, “http://192.168.40.122/”. Click the Allow button. Click OK.

B. At the top of the Mozilla Firefox browser, select Firefox > Options >

Options. Click the Content tab. Click the Privacy tab. To the right of the Firefox will field, open the drop-list and select Use custom settings for history. Ensure the check box is selected for the field Accept cookies from sites, and to the right of that field, click the Exceptions button. In the

(32)

Chapter 4, Log in to the Management Control Panel

Address of website field, enter the IP address of the NTO – for example,

“http://192.168.40.122/”. Click the Allow button. Click the Close button. Click OK.

C. For network environments where NAT (Network Address Translation) firewall traversal is required, see “Port Forwarding for NAT Firewall Network Environments” on page 36.

Adding a Login Banner

You can add a login banner, such as a security warning banner, to the control panel console and Tcl shell. Once configured, all users, including vendors, will see it prior to logging in to the console or Tcl shell. One use for this feature is

compliance with the Sarbanes-Oxley Act (SOX).

For the control panel console, the login banner displays in a text banner as part of the login dialog. System administrators (admins) can add plain text or simple HTML. Admins can also enter Uniform Resource Identifiers (URI’s) that display as clickable links, opening the associated application (if available). The URI’s are user-defined. They may include internet URL’s, file shares, and any other system recognizable URI.

For the Tcl shell, once the login banner is configured, the Tcl shell presents the login banner text after a session initiates and the user logs in to the NTO. The login banner text displays directly above the current session result notice. To add a login banner:

1. In the control panel, select the System view. 2. Click the Settings tab.

NOTE If your browser version requires a different procedure to enable

cookies, please consult the help information of the browser for instructions.

(33)

Adding a Login Banner

3. In the General section, click the link to the right of the Login banner field. The Set Login Banner Configuration dialog displays, Figure 4-1.

Figure 4-1. Set Login Banner Configuration Dialog

4. Type in the login banner text and URI you want to display at login and click

Preview to see it – for example, see Figure 4-2.

Figure 4-2. Preview of Login Banner

5. Click Cancel to close the preview.

6. Click OK to accept the new login configuration.

A portion of the login banner text displays to the right of the Login banner field.

(34)

Logging in to the NTO

To log in to the NTO Control Panel:

1. Enter the IPv4 or IPv6 address assigned to the NTO into the URL field of your browser. You will be prompted to accept the Anue Software License

Agreement.

2. The Welcome page will then display as shown in the figure below.

The Welcome page provides general information about the Net Tool Optimizer and resources to help manage and configure your NTO model.

Figure 4-3. NTO Control Panel Welcome Page

At the left side of the page, there are links to the PDF versions of the Startup

Guide and the User Guide.

NOTE When entering an IPv6 address into a browser, square brackets

“[ ]” must surround the IPv6 address. For example,  “http://[fe80::21b:6eff:fe01:8]/”

(35)

Logging in to the NTO

At the lower left side of the page there is a display that indicates the current status of the NTO. This is a real time display that is updated once a second.

In the center of the page, there are links to the Anue Systems Support web page, the Anue Systems home page, and the Tcl package to be downloaded. Unzip the Tcl package zip file to install the Tcl package. Complete help for installing and using the Anue Tcl Package can be found in the Automation Scripting Guide for your NTO model.

Click the Launch 52xx Control Panel button.

If this is the first time you have launched the application, a Java based client will automatically download to the client PC from the NTO server. The Java based client requires Java Runtime Environment (JRE) 1.6 or 1.7 (that is, Java 6 or

Java 7). Anue has tested on and recommends Java versions 1.6.0_31 and

1.7.0_05-b05. Both the 32-bit and 64-bit version of JRE are supported.

The Firefox browser may prompt you to open console_jnlp.jsp with Java (TM) Web Start Launcher as shown in. Click Ok if you receive this prompt.

Figure 4-4. Open console_jnlp.jsp Prompt

Models 5204, 5236, 5273: The current status information also appears

on the front panel LCD for the NTO. For information about status messages, see the 5204/5236/5273 Front Panel LCD Menu Reference.

Tip: If you have previously accessed the NTO server from your current

PC, you can skip to the Control Panel Login instructions as described below. See Login Issues in the Appendix E, “Troubleshooting” for information on resolving log in issues.

(36)

If an older version of Java is installed on the client PC, one of the following will happen:

■ The NTO Server will attempt to update client PC to the supported version. The browser will display the message, “This website wants to install the following add-on: ‘Java (TM) SE Runtime Environment 6 Update #’ from ‘Sun Microsystems, Inc.’ If you trust website and the add-on and want to install it click here.”

Click the message and select “Install Active X control” to upgrade Java.

■ The NTO Welcome page will provide a link to a website that will allow Java to be downloaded and installed instead of displaying the Launch 52xx Control Panel button (as shown in). The prompt will also display if the client PC

does not have any version of Java installed.

Figure 4-5. Required Java Files Not Installed Message Control Panel Log In

When the Control Panel Log In window displays, enter the NTO DNS name or address (IPv4 or IPv6), Login ID, and password. Note the system default Login

ID (admin) and default Password (admin).

Figure 4-6. Log In Window

If this is the first time that the NTO has been powered up or the unit has been reset to factory defaults a license key must be entered. The license key is located on the USB memory stick that was shipped in the same box as the NTO unit.

(37)

Logging in to the NTO

Figure 4-7. License Prompt Window

To enter the license key, click the Browse button at the bottom of the window, navigate to the license key on the USB flash drive, select the license key, and click the OK button.

Log In Window options:

NTO:

Enter the IP address (IPv4 or IPv6) or DNS name defined for the NTO.

If this is the first attempt to log in to the NTO, the displayed IP address or DNS name matches the value entered into the HTML browser URL field. Subsequent login attempts will display the IP address or DNS name of the NTO that was last successfully logged in to.

NOTE IPv6 management must be enabled before IPv6 can be used to

login or manage the NTO. IPv4 addresses must be entered using dotted quad format (e.g. - 192.168.162.25). IPv6 addresses may be entered using preferred format (e.g. - 2001:0:0:0:0:80:21AF:3DAB) or

compressed format (e.g. - 2001::80:21AF:3DAB where ‘::’ collapses consecutive groups of zeros.’

(38)

History: If there have been prior logins, clicking the History button will provide a

pick list of IP addresses and/or DNS names that can be selected for login - for example, the Address History shown below:

A selection from the History will populate the NTO field.

Login Id: Enter the login name. Note the system default Login Id (admin) Password: Enter the password associated with the name entered in the Login Id

field. Note the system default Password (admin) Click OK to log in.

Port Forwarding for NAT Firewall Network Environments

To allow an NTO server (or any other server) to reside behind a Network Address Translation (NAT) firewall, the network administrator typically configures the firewall to perform port-forwarding to ensure the server receives the necessary packets. For an NTO server, the NAT firewall needs to be configured to do port forwarding for the following four (4) ports:

■ NTO port (default 1099) ■ HTTP port (default 80) ■ Tcl port (default 5200) ■ SNMP port (default 161)

Note: Additional users can be added as described in the Adding Users and Configuring Authentication section.

(39)

Manage Multiple NTO Systems from the Same Control Panel Interface using ULM

Table 4-1 shows an example port forwarding table (using default ports):

As shown in Table 4-1 above, any traffic received by the NAT firewall destined for port 80 will be forwarded to port 80 on the NTO server at 10.0.0.21.

Given the configuration shown above, clients inside and outside the NAT firewall could still access NTO web server at IP address 10.0.0.21 using the default HTTP port 80.

Clients inside the firewall can access the NTO web server as follows: ■ http://10.0.0.21

Clients outside the NAT firewall could access the NTO web server as follows: ■ http://67.195.3.55

By using default incoming ports as shown in the example above, only one NTO server can be configured behind the NAT firewall because the default ports can only be forwarded to one server. If more than one NTO server resides behind the firewall, the administrator needs to configure additional (non-default) ports. For more detailed information about setting up NAT firewall traversal and using multiple NTO servers behind the firewall, go to the customer portal and download the NTO tech note entitled 5200 - Anue 5200 Series NAT Traversal.

Manage Multiple NTO Systems from the Same Control Panel

Interface using ULM

The ULM (Unified Login and Management) feature allows users to log in to and manage multiple NTO systems without having to start multiple instances of the Control Panel interface. Using ULM a user will be able to easily switch between NTO units for viewing and management.

Although the diagram area and controls for the NTO units appear in the same interface, the units are completely independent and do not share data. A change made to the configuration of one of the units will have no effect on the other units.

Table 4-1: Example Port Forwarding Table, Using Default Ports Incoming IP Address: Port Destination Server: Port

67.195.3.55:1099 10.0.0.21:1099 67.195.3.55:80 10.0.0.21:80 67.195.3.55:5200 10.0.0.21:5200 67.195.3.55:161 10.0.0.21:161

Note: All NTO systems managed with ULM must be running the same

(40)

After logging in to a NTO system, select File -> New Session from the Control Panel menu to log in to additional systems.

The user can also log in to the same system more than once using different Login IDs. This feature can be used as a method to troubleshoot security issues. For example, an administrator could log in to the same unit as a System Administrator and as a non-System Administrator to verify that applied security settings are having the desired effect for certain users.

Figure 4-8. Tabs for Each Login

After more than one user is logged in, a separate tab will appear in the Control Panel interface for each unique login Id/NTO combination.

Information displayed on the tab:

■ A user icon. Non-administrators are represented by a person wearing a blue shirt. System administrators are represented by a person wearing a shirt and tie.

■ A system alarm status indicator which indicates the highest alarm state of all subsystems.

■ The System Info name (if defined on the Settings tab of the System view). The System Info name in the example above is “NTO-52 3.0 Testing”. ■ The NTO model number (for example, 5293).

■ The user Login Id name “@“ the NTO IP address or DNS name.

■ The user can choose which system to manage by clicking on the appropriate tab. The active tab will have a gold border along the top edge.

ULM Functionality Notes:

■ Except for the Edit -> Options settings, actions performed using the menu options will only apply to the configuration of the NTO system that is selected. The Edit -> Options settings are stored locally and apply to all systems that are logged in to from the same PC.

■ Objects (filters and filter criteria, for example) can be copied and pasted from one NTO diagram to another.

■ It is possible to have multiple property and statistic dialog boxes from different NTO systems open simultaneously. The title bar of each dialog box will display the NTO model number, user name and unit IP address or DNS name.

■ When several port or filter statistic dialog boxes are open (from the same system or different systems), clicking the Pause button in one of the dialog boxes will pause the reporting of statistics for all open dialog boxes. Clicking the Resume button in one of the dialog boxes, will resume the reporting of statistics for all open dialog boxes. Note that pausing and resuming of

(41)

Adding Users and Configuring Authentication

statistics reporting also affects the statistics displayed in the ports and dynamic filter views.

To log out of a system (close the tab for the system):

1. Click the tab of the system.

2. Select File -> Log Out from the menu or use the Ctrl+L shortcut.

Subsequent Log in using the Saved Sessions Feature

The control panel GUI has the ability to remember active sessions upon exit. Session information can be saved to the user’s local PC preferences and recalled the next time the user logs in.

This feature is enabled by default but it can be disabled by selecting Edit ->

Options from the menu, deselecting the “Remember active sessions on exit”

option and clicking OK.

After the IP address of an NTO (that was active upon exit of the last session) is entered into a HTML browser and the Launch 52xx Control Panel button is clicked, the user will be prompted for the Login IDs and passwords that were active during the last session.

Adding Users and Configuring Authentication

The NTO supports user authentication using locally-managed user accounts or using the remote authentication services TACACS+ (Terminal Access Controller Access Control System Plus) or RADIUS (Remote Authentication Dial-In User Service). Configuration and use of TACACS+ and RADIUS are documented in

Chapter 8, “Authentication, Authorization, and Accounting (AAA) Using TACACS+ and RADIUS.” Both locally and remotely managed users may be authorized as NTO administrators or non-administrators.

Using NTO Local Authentication

By default the NTO is configured to authenticate using locally managed user accounts. It comes from the factory with a single local administrator account with

Tip: The F12 function key can be used to bring all open statistics windows

into the foreground at the same time

Tip: If the last session included logins to systems that used the same

login name/password combination, the login name/password combination only has to be entered once to log into all of those systems. For example, if a session included 4 systems with the login name/password of admin/ admin, the user will automatically be logged into all 4 systems after entering “admin/admin” once at the Log In prompt.

(42)

login ID “admin” and password “admin.” The admin account cannot be deleted, even when using one of the remote authentication services. You should change the password for the admin account at your earliest opportunity.

Creating a New User Account

To create a new local user account on an NTO using local authentication: 1. Log in to the NTO Control Panel with a Login ID that has System

Administrator capability.

2. Select File > New > User from the control panel menu or click the Add New

User icon located on the shortcut tool bar.

Figure 4-9. Add New User Icon

3. Configure the user account in the New User window. Click the System

Administrator checkbox to assign system administrator capability to the user

account.

A password must be assigned for new users. Users can change their passwords after logging in.

Caution: If forgotten, account passwords cannot be recovered. If the admin account password is lost, and it is not possible to use one of the reset procedures described below, the NTO unit must be returned to Anue Systems to be reset.

Models 5204, 5236, 5273: The password for the admin account can be

reset using the front panel controls if the LCD admin password reset feature is enabled on the System Settings page. Note that this feature is enabled by default. See “Resetting the Admin Password from the LCD Menu” on page 311 for more information.

Models 5273, 5288, 5293: The password for the admin account can be

reset using the serial/craft port interface. See “Reset Administrator Password” on page 26.

(43)

Adding Users and Configuring Authentication

Figure 4-10. New User Window

4. Click OK to save the account settings.

Table 4-2 lists the capabilities of System Administrators and Non-Administrator Users.

Table 4-2: System Administrator and Non-Administrator User Capabilities

Capabilities System

Administrator User

Add and delete user accounts and modify the properties of any user account

x Modify system configuration settings x Install a license and software upgrades x Save, restore and clear configurations x

Clear filters x

Clear the system x

Import/export configurations x Create groups and port groups x

Shutdown/restart the system x

Add, modify, delete, enable and disable any object x

Modify the Edit->Option settings x x Modify their own user account properties x x

(44)

Control Panel Overview

The control panel is the client interface to the Net Tool Optimizer (NTO) server. The control panel is a Java based graphical user interface (GUI) that provides simple and intuitive configuration and tool management features.

Multiple users can manage the NTO simultaneously and passwords and access privileges can be assigned to each individual user.

Statistics are also provided to help manage tool utilization and optimization. After logging into the NTO, the Control Panel will display. The Control Panel allows network operators to easily manage NTOs and perform day-to-day troubleshooting. The graphical user interface (GUI) provides a clear view of the links and filtered traffic each optimizer is monitoring.

The following is an overview of the control panel options. Detailed descriptions of how to use these controls are presented later in this document.

View, reset and export object statistics x x

Add, modify and delete filters x x

Delete and add connections between objects x x Create and modify custom icons and filter

templates

x x

Table 4-2: System Administrator and Non-Administrator User Capabilities

NOTE Some Control Panel details differ for various models of the NTO.

Therefore, the screen captures you see in this document may differ from what you see for your particular model.

(45)

Control Panel Overview

Figure 4-11. Control Panel

The Control Panel is the primary user interface for controlling, configuring, and monitoring the NTO. There is also an automation scripting interface. See

Automation Scripting for more information.

Title Bar, Menu and Shortcut Toolbar

The title bar area displays the System Info name (if it is assigned in the System Settings), the 5200 model number (for example, 5293), the current Login ID and the IP address or DNS name assigned to the NTO. The title bar information changes when the user selects the tabs that represent unique logins into the same or different NTO units (described in detail in the “Manage Multiple NTO Systems from the Same Control Panel Interface using ULM” on page 37).

Figure 4-12. Title Bar, Menu and Shortcut Toolbar

The menu options (File, Edit, View, Help) and shortcut toolbar can be used to configure the NTO settings and gather information. Focus indicates which objects are currently displayed in the diagram. Selection indicates the selected object.

Anue 5200 User Guide



Anue Net Tool Optimizer User Guide

Version 3.7

Contents

Preface

About this Document

Audience

Organization

Document Conventions

must

Additional Information

D

D

P

Technical Support

C

HAPTER

1

Overview

Port Connection Options

Supported Packet Sizes

Filter Overview

Filter Criteria Options

C

HAPTER

2

Configuring the Management Port IP Settings

Connect and Configure Ethernet Management Ports

Port Locations and Labels

5273/5288/5293 Rules and Practices

Configuring the Management Port IP Address

C

HAPTER

3

5273/5288/5293 Craft Port Interface

Craft Port Connection

Craft Port Main Menu

Reboot System

IP Config

Management Port Config

Reset Administrator Password

Run POST Tests

Get POST Results

C

HAPTER

4

Log in to the Management Control Panel

Requirements for the NTO Management PC

Adding a Login Banner

Logging in to the NTO

Port Forwarding for NAT Firewall Network Environments

Manage Multiple NTO Systems from the Same Control Panel

Interface using ULM

Adding Users and Configuring Authentication

Using NTO Local Authentication

Creating a New User Account

Control Panel Overview

Title Bar, Menu and Shortcut Toolbar