43 ! 2 43 ! codes 2 43 ! codes 43 ! codes 43 ! -ARCH 43 ! 43 ! 43 ! codes 43 ! 43 ! codes 43 codes .ETWORK 4!0S 4EST !CCESS 0ORTS Provides access to the data streams passing through a high-speed network device and a switch. Models available to monitor both copper and optical links. Customer Support Information Order toll-free in the U.S.: Call 877-877-BBOX (outside U.S.
FEDERAL COMMUNICATIONS COMMISSION and INDUSTRY CANADA RADIO FREQUENCY INTERFERENCE STATEMENTS This equipment generates, uses, and can radiate radio-frequency energy, and if not installed and used properly, that is, in strict accordance with the manufacturer’s instructions, may cause interference to radio communication.
7 El aparato eléctrico debe ser montado a la pared o al techo sólo como sea recomendado por el fabricante 8 Servicio-El usuario no debe intentar dar servicio al equipo eléctrico más allá a lo descrito en las instrucciones de operación. Todo otro servicio deberá ser referido a personal de servicio calificado. 9 El aparato eléctrico debe ser situado de tal manera que su posición no interfiera su uso.
Contents Chapter 1: TAPs Overview Security, convenience, and dependability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Deciding whether to use a TAP or a SPAN/mirror port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Choosing between a SPAN, Aggregator, or full-duplex TAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 When to use a SPAN/mirror port . . . . . . . . . . . . . . . . . . . . . . . .
Interpreting the Link and Speed LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Connection sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Chapter 5: FAQ and Troubleshooting What happens if my TAP loses power? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 What latency does a TAP create?.
Chapter 1 TAPs Overview 7 Chapter 1 TAPs Overview rev.
Thank you for purchasing the TAP: the most robust, secure, and convenient mechanism for network analyzers and similar devices to copy data streams from high-capacity network links. A network Test Access Port (TAP) provides access to the data streams passing through a high-speed, full-duplex network link (typically between a network device and a switch.
Most enterprise switches copy the activity of one or more ports through a Switch Port Analyzer (SPAN) port, also known as a mirror port. An analysis device can then be attached to the SPAN port to access network traffic. Use Figure 1 and Table 1 to determine whether to use a TAP or a SPAN/mirror port. Figure 1 TAP versus SPAN rev.
Table 1 Pros and Cons of TAPs and SPANs Pros Cons TAP SPAN/mirror port Eliminates the risk of dropped packets Low cost Monitoring device receives all packets, including physical errors Remotely configurable from any system connected to the switch Provides full visibility into full-duplex networks Able to copy intra-switch traffic Analysis device may need dual-receive capture interface if you are using a full-duplex TAP (does not apply to Aggregator TAPs) Cannot handle heavily utilized full-duplex
combined), but its design requires that the analyzer be a specialized device with a dual-receive capture interface that is capable of capturing the TAP’s output, providing accurate timing, and recombining the data for analysis.
channel. For more details, see “When to use a SPAN/mirror port” on page 12. Attaching a monitoring or analysis device to an Aggregator TAP inserted into a full-duplex link. As with a SPAN, the Aggregator TAP copies both sides of a full-duplex link to the analyzer’s single receive channel. It uses buffering which makes it somewhat better able to keep up with higher traffic levels than a SPAN.
Routes the integrated signal to the send channel of the SPAN/ mirror port Each of these activities burdens the switch’s internal processor. These demands on the switch’s CPU have implications for both your monitoring equipment and general network performance.
Cloning your SPAN/mirror port You can still access your SPAN/mirror port even if all of your SPAN/ mirror ports on your switch are used. This is fairly common, and you can use a TAP to produce two or three copies of the SPAN/mirror port. By cloning a SPAN/mirror port you get the benefits of a duplicate copy of the traffic and no security risk. Figure 2 Cloning your SPAN/mirror port 14 Choosing between a SPAN, Aggregator, or full-duplex TAP Chapter 1 TAPs Overview rev.
Joining SPAN/mirror ports If you have a primary switch and a failover switch, you can connect both of them to an Aggregator TAP. Connect one of them to Link A and the other to Link B. It does not matter whether the primary switch is connected to Link A or Link B, and you do not need to know which one is “live.” The Aggregator TAP joins the active and inactive SPAN/mirror port session together and sends the result to the analyzer.
NOTE: TAP BUFFER The role of the buffer is to absorb traffic spikes of over 50% full-duplex bandwidth saturation (100% with both sides combined), because the analyzer’s single-receive interface cannot receive the traffic fast enough to keep up at line rate. For more details about the Aggregator TAP’s buffer, see “Choosing an Aggregator TAP buffer size” on page 43. An Aggregator TAP is ideally suited to work with an analysis device with a standard, single-receive capture interface or NIC.
When to use a full-duplex TAP A full-duplex TAP is the only method of the three options that guarantees that all of the network traffic, including Layer 1 and 2 error information, makes it to the analysis device. It is more complex and potentially expensive to implement, but where there is high network utilization and it is important to guarantee the capture of “everything on the wire” along with errors from all network layers, a full-duplex TAP is the only choice.
Chapter 2 Copper TAPs 18 rev.
Major features The major features of the Black Box full-duplex Copper TAPs are: Passive access at 10/100 or 1000 Mbps without packet tampering or introducing a single point of failure No packet loss if the TAP loses power Automatic link failover for devices that have an alternate path Allows you to connect and disconnect the analysis device as needed without taking the network down Optional redundant power ensures maximum monitoring uptime All traffic (including errors) is passed fro
Patch cable(s) Redundant power supply Rack or bay mount If any part is missing or damaged, contact Black Box Support immediately. Installing the Copper TAP After reviewing the information in “Deciding whether to use a TAP or a SPAN/mirror port” on page 8 and “Choosing between a SPAN, Aggregator, or full-duplex TAP” on page 10, you decided a Copper TAP was the right one for you. Use the information in this section to install your TAP.
NOTE: INSIDE THE TAP When traffic comes in to Link A, two copies are made in the TAP. One copy is sent out Link B to the switch and the other copy is sent out Analyzer A to the analysis device. A similar thing happens with traffic that comes in Link B. Two copies are made. One copy is sent out Link A and the other copy is sent out Analyzer B. Figure 4 Connecting the TAP to the network device, switch, and analyzer CAUTION rev.
and Link A then must use the same speed as Link B. If your link is under test as part of a failover or redundancy arrangement, then connect the failover device to Link B. See “How do I connect my failover devices?” on page 55. NOTE: TAP NOT CONNECTING 3 Connect your network device (or primary device in a failover arrangement) to Link A. 4 Connect the Analyzer ports on the TAP to the dual-receive interface on the monitoring device.
or both power supply sockets. Connecting both sockets to different external power sources (using Network Instrument’s optional adapter kit TC2P-K) provides fail-safe power redundancy for the Analyzer side. The network pass-through link remains unaffected even if power to the TAP is interrupted. For a detailed description of what happens, read the information in “10/100/1000 TAP” on page 24.
3 Connected. The Speed LED is on and the Link LED shows activity. The Link LEDs flicker faster when there is more traffic on the Link and slower when there is less traffic. The Analyzer LEDs follow the Link LEDs. Because the TAP is passive, all activity on the Link port is automatically and passively copied to the Analyzer port and therefore the Analyzer port LED blinks at the same speed as the Link port — even if an analyzer is not connected.
common speed and other capabilities. The LED pattern is that the Speed LEDs flash and the Link LEDs flicker. 2 Connecting. The link parameters are attempting to connect using the parameters determined during the Capabilities search. The LED pattern is that the TAP shows the connection speed while the Link LEDs continue to flicker. 3 Connected. Both link ports/connections are connected to the link partners at a common speed. The Speed LED shows connection speed.
Technical specifications This section lists the dimensions, power requirements, supported media, and environmental requirements. For the regulatory compliance statements, see “FCC compliance statement” on page 24. Table 4 Technical specifications Power requirements AC Input 90V - 264V, 47-63Hz Operational Voltage 5V (+10%/-5%, < 100 mV ripple) Operational Current Typical: <= 1.8 amps; Max: <= 2.
Chapter 3 Optical TAPs 27 Chapter 3 Optical TAPs rev.
Major features The major features of the Black Box full-duplex Optical TAPs are: Passive access at 1 Gbps or 10 Gbps without packet tampering Allows you to connect and disconnect the analysis device as needed without taking the network down All traffic (including errors) is passed from all OSI layers for troubleshooting Enhanced security because the TAP does not require or use an IP address, which makes it, and the analyzer connected to it, impervious to viruses and other attacks Optional 19
Installing the Optical TAP After reviewing the information in “Deciding whether to use a TAP or a SPAN/mirror port” on page 8 and “Choosing between a SPAN, Aggregator, or full-duplex TAP” on page 10, you decided an Optical TAP was the right one for you. Use the information in this section to install your TAP. To install the TAP, you must: Decide where to place the TAP and physically mount it, if desired.
Figure 7 Cabling the Optical TAP To cable the Optical TAP, follow the steps outlined below. The example and diagram show how to monitor the link between a server and switch. CAUTION 30 Installing the Optical TAP Chapter 3 Optical TAPs Before you temporarily break the link between the device of interest and the network, you may want to shut down access to that device and notify users of the down time. 1 Disconnect the optical cable from the switch and connect it to the TAP’s Link B port.
analyzer for details. If auto-negotiation is not disabled, the analyzer will not be able to receive the stream from the TAP until it is. As an alternative, you can split your own duplex cable (or use two simplex cables) to connect each side of the Analyzer ports on the TAP to the receive ports on each of the NICs in the analyzer. Attenuation Network administrators who manage optical links have the added challenge of dealing with signal attenuation—the rate at which light dissipates over a network.
copies. One part of the split signal is sent to the other device on the network, while the other is simultaneously passed to the analysis or monitoring appliance. As with all devices inserted into an optical link, one side effect of TAP usage is signal attenuation. A TAP attenuates the signal for two reasons: A portion of the signal strength is “siphoned off” and sent to the analyzer. How much of the signal strength is redirected for analysis depends on the split ratio of the TAP.
Transmit power from the network devices Cable distance from the network device to the TAP Maximum insertion loss from the TAP (see Table 5) Cable distance from the TAP to the analyzer Analyzer port receive sensitivity Other less crucial items that may also affect you include: Number or quality of any connectors or patch panels in the path to and from the TAP Age of the fiber cables Amount of heat in the environment where the fiber runs Table 5 Maximum insertion losses Maxi
Determining your power loss budget is a several step process that requires you to know the send power and receive sensitivities of the devices connected to the TAP, and requires that you do some basic math. Use these equations to determine the light available in decibels at the analyzer. 1 Determine your power loss budget by subtracting the receive sensitivity of the device connected to Link B from the send power of the device connected to Link A. Get these values from the device manufacturers.
(Number of Connectors * Connector Loss) + (Fiber Length of Link A * Fiber Loss) + (Fiber Length of Analyzer * Fiber Loss) = Attenuation 6 Subtract the output from step 5 from step 4. Power Loss Budget - Attenuation = Actual Loss 7 Repeat step 4 through step 6 for Link B to the analyzer. For example, Figure 8 shows cable lengths to the TAP from the network devices and from the TAP to the analyzer.
This shows the power loss budget for Link A to Link B. Link A ↔ Link B Send Device Power -9.000 Receive Device Sensitivity - Power Loss Budget 10.500 Number of Connectors Connector Loss -19.5 4.0 x 0.5 1 Connector Loss 2.0 Fiber Length Link A (8 meters) Fiber Loss Link A 0.008 x 3.0 2 Fiber Loss Link A total + Fiber Length Link B (40 meters) 0.024 0.04 x 3.0 Fiber Loss Link B Fiber Loss Link B total Attenuation 3 Power Loss Budget - Attenuation + 0.120 - 2.144 8.356 1. Multimode. 2.
This shows the power loss budget for Link A to the analyzer. Link A → Analyzer Send Device Power -9.000 Receive Device Sensitivity - Power Loss Budget 9.000 Number of Connectors Connector Loss -17.5 4.0 x 0.5 1 Connector Loss 2.0 Fiber Length Link A (8 meters) Fiber Loss Link A 0.008 x 3.0 2 Fiber Loss Link A total + Fiber Length to Analyzer (75 meters) 0.024 0.075 x 3.0 Fiber Loss Analyzer Fiber Loss Link B total Attenuation 3 Power Loss Budget - Attenuation + 0.225 - 2.249 6.
Use this page to create your own power loss budget from Link A to Link B if you are considering an Optical TAP with a split ratio other than 50/50. Then use it for your Link A or Link B to the analyzer, whichever link has the longer fiber length. Use Table 5 on page 33 to assist you.
mode cable. Check with the cable manufacturer to determine specific attenuation rates. Managing attenuation Managing signal attenuation is critical for running a network at optimal performance. A problem arises when a signal is attenuated so much that the destination cannot interpret the signal or the signal fails in route. Repeaters can help, but they can be costly and inconvenient to implement.
Technical specifications This section lists the dimensions, power requirements, supported media, and environmental requirements. For the regulatory compliance statements, see “FCC compliance statement” on page 24.
Chapter 4 Aggregator TAPs 41 Chapter 4 Aggregator TAPs rev.
Major features An Aggregator TAPs provides a full-duplex pass through link for the connection being monitored. The TAP integrates both sides of the full-duplex link and sends the copied data out simplex (send only) ports to two analyzers. The Aggregator TAPs also provide a buffer (256 MB, 512 MB, or 1 GB) to protect against the packet loss that could otherwise result from traffic spikes where more data enters the TAP from the network than can be sent to the analyzer.
Standard and optional parts Carefully unpack the TAP and check for damaged or missing parts. The TAP ships with the following items: Aggregator TAP Voltage auto-sensing universal power supply and A/C power cord Manual Your kit may also contain: Patch cable(s) Analyzer cable(s) Redundant power supply Rack or bay mount If any part is missing or damaged, contact Black Box Support immediately.
To monitor links that are well over 50% utilization for minutes at a time, a full-duplex TAP may be a better choice. After the buffer is full, an Aggregator TAP will drop packets. Use Figure 9 to choose the best buffer size for your Aggregator TAP. The graph shows the buffer size and duration of traffic spikes that the buffer can absorb. NOTE: LINK SPEEDS The Link side and Analyzer side of the Aggregator TAP negotiate their connections independent of each other.
Figure 9 Bandwidth utilization that a buffer can absorb on a gigabit network Installing the Copper Aggregator TAP After reviewing the information in “Deciding whether to use a TAP or a SPAN/mirror port” on page 8 and “Choosing between a SPAN, Aggregator, or full-duplex TAP” on page 10, you decided an Copper Aggregator TAP was the right one for you. Use the information in this section to install your TAP. To install the Copper Aggregator TAP, you must: rev.
Connect the TAP to your analyzer or other monitoring device using standard Ethernet cables. Figure 10 Connecting the TAP to the network device, switch, and analyzer CAUTION Before you temporarily break the link between the device of interest and the network, you may want to shut down access to that device and notify users of the down time. 1 Ensure that power is connected to the TAP. You can supply power to one or both power supply sockets on the back panel of each TAP.
Other things to consider: “Can I daisy chain an Aggregator TAP?” on page 52 “Can I “team” NICs in my analyzer?” on page 53 Ports, LEDs, and power connectors This section provides a brief overview of installing the TAP and understanding the status LEDs. Figure 11 Aggregator TAP front panel Both power connectors are located on the back panel, along with the model information and serial number. You can supply power to either or both power supply sockets.
Figure 12 Back panel showing power connectors and serial number Interpreting the Link and Speed LEDs When the TAP is powered up and correctly connected to functioning devices, the Speed LED indicators simply show the connection speed. The Link LED indicators are either lit steadily (idle) or flicker (data transfer) depending on whether there is any traffic present.
whether there is any traffic present. If a Link LED is unlit, there is no functioning device connected to that port. See “How do I connect my failover devices?” on page 55 for details about what happens when a primary device fails. Error conditions are shown by the Speed LEDs for approximately 10 seconds, after which the TAP resets itself (goes back to the Search connection step). Table 7 Errors LED Pattern Error Condition The Speed LED lights repeat the following sequence: 10 → 100 → 1000.
Table 8 Technical specifications (Continued) Link ports Copper: Straight-through RJ-45 cable or crossover cable Copper-to-Optical: Straight-through RJ-45 cable or crossover cable Optical-to-Copper: Fiber diameter: Multimode: 50 or 62.5/125 micrometers (μm) Single-mode: 9/125 micrometers Wavelength ranges Multimode: 850 or 1300 nanometers Single-mode: 1310 or 1550 nanometers Copper Analyzer ports Straight-through RJ-45 cable or crossover cable Buffer size 256 MB 512 MB 1 GB Dimensions Width 5.62 in/14.
Chapter 5 FAQ and Troubleshooting 51 Chapter 5 FAQ and Troubleshooting rev.
What happens if my TAP loses power? If your copper TAP loses power (optical TAPs do not require power), the TAP will not be able to send data to the analyzer. You will temporarily lose network connectivity, but it will be re-established as soon as the two devices connected to the Link ports can renegotiate a connection with each other. This could take a few seconds and is completely dependent on the network and the devices. What latency does a TAP create? A Black Box TAP’s latency is 200-250 nanoseconds.
transmission unit), the receiving device could restart the negotiation process. For more details, see “Not seeing traffic at the analyzer from the TAP” on page 56. If you are attempting to daisy chain Aggregator TAPs to more than two analyzers and you are certain your MTU on the receiving devices is high enough, contact Black Box Support for assistance. Can I “team” NICs in my analyzer? Yes, it is possible, with some caveats.
NOTE: REQUIREMENTS You need at least one IntelPro/1000 card that supports Advanced Network Services. If the card has two ports, they can be teamed, otherwise another NIC with an unused port must be present. 1 Connect the TAP to the analyzer using the appropriate cables. The TAP is cabled between the devices being monitored normally (i.e., it provides a pass-through circuit for the link under test).
C Choose the “Team with other adapters” option and then click New Team... to start the New Team Wizard. The first dialog lets you name the Team (you may want to call it something like “Virtual Dual-receive”). D Click Next and add another adapter/port that supports teaming (for example the second port on a dual-port IntelPro card). E Click Next and choose Static Link Aggregation. This option works best for aggregating both sides of a full duplex link for analysis. Click Next, and then Finish.
Not seeing traffic at the analyzer from the TAP If your TAP is not transmitting to the analyzer as you expect, check the following: The TAP is receiving power using a Black Box power adapter. The Link A and Link B lights flash when there is traffic traversing through the TAP, which indicates the TAP has power. The Link is definitely up and running. The Ethernet/SPAN or Fiber channel are not diverted elsewhere. The cable to connect to the analyzer works.
nanosecond. A smaller MTU forces a server and client to redo their handshake. Increase the MTU on your server to alleviate this issue. Choosing crossover or straight-through cables When choosing whether to use a crossover or straight-through cable with a TAP, consider the following: The 10/100 Copper TAP requires straight-through cables. Straight-through cables will always work when the TAP is powered on because of the TAP’s auto-sensing capabilities.
VLAN tags not visible at the analyzer All TAPs pass VLAN tags with the packets. If you are not seeing the VLAN tags at the analyzer, check the following: On the switch: Confirm that the SPAN was created to pass VLAN tags. Sometimes SPANs are created and passing VLAN tags is not enabled. Confirm the communication between the switch and the router is passing the VLAN tags (normally the communication between them is not a trunk).
Index Numerics 10/100 network 13 10/100 TAP see also Copper TAP auto-negotiation 22 passive 23 straight-through cables 20 10/100/1000 TAP see also Copper TAP active negotiation 24 power loss 24 A active negotiation, 10/100/1000 TAP 24 advantages Aggregator TAP 11 SPAN 11 Aggregator TAP 10–11, 15 advantages 11 buffer 45ff buffer size 42–43 daisy chain 52 dual receive analyzer 12 errors 25t, 49t features 42 front panel 47ff joining SPANs 15 LEDs 47 link speeds 46 NIC teaming 53 OSI Layer 1 & 2 errors 16 par
heat dissipation 20 internal processing 21 LEDs 22 parts 19 ports 22 power connectors 22 power loss 21 rear panel 23ff specifications 26 Copper-to-Optical Aggregator TAP 50 CRC errors 8, 57 crossover cables 57 D daisy chain 52 DCE 53 decibels, Optical TAP 34 DTE 53 dual receive analyzer, Aggregator TAP 12 dual-receive capture card 11 E errors 25t, 49t F failover 15, 55 failover devices 15 failover, SPAN 15 features Aggregator TAP 42 Copper TAP 19 Optical TAP 28 front panel, Aggregator TAP 47ff full-duple
cable distance 33 cable lengths 35ff cables 31 decibels 34 features 28 maximum insertion losses 33 multimode 33, 50 parts 28 passive 28 patch panels 39 power loss budget 34 repeaters 39 single-mode 33, 38, 50 specifications 40 split ratio 32 Optical-to-Copper Aggregator TAP 50 OSI Layer 1 & 2 errors 8, 11 Aggregator TAP 16 SPAN 12 over-subscribing 44 P packet tampering 19, 42 packets 8 parts Aggregator TAP 43 Copper TAP 19 Optical TAP 28 passive 10/100 TAP 23 Optical TAP 28 patch 39 patch panels, Optical T
T TCP stack 56 U UNIX 56 up-converting 44 V VLAN tags 58 W when to use, SPAN 8 62 T–W Index Legend: ff=Figure, t=Table rev.
Black Box Tech Support: FREE! Live. 24/7. Tech support the way it should be. Great tech support is just 30 seconds away at 724-746-5500 or blackbox.com. About Black Box Black Box provides an extensive range of networking and infrastructure products. You’ll find everything from cabinets and racks and power and surge protection products to media converters and Ethernet switches all supported by free, live 24/7 Tech support available in 30 seconds or less. © Copyright 2011. Black Box Corporation.
