Datacom Systems DURAstream DS-1010, User Manual

Page 1: ...Datacom Systems Inc Access Your Network TM 2010 Datacom Systems Inc 541 0130 U A 00 USERguide DS 1010 Bypass Switch May 2010 DURA 10 Gigabit DS 1010 TM stream ...

Page 2: ...This page intentionally left blank 2010 Datacom Systems Inc ...

Page 3: ... intelligent external active bypass that enables plug and play connectivity which includes an auto heartbeat and requires no additional drivers to be installed on any connected appliance The DS 1010 consists of one 10Gbps segment which can support one network segment and one appliance ...

Page 4: ...hor make no claim to these trademarks While every precaution has been taken in the preparation of this document the publisher and the author assume no responsibility for errors or omissions or for damages resulting from the use of information contained in this document or from the use of programs and source code that may accompany it In no event shall the publisher and the author be liable for any...

Page 5: ...ions 13 5 Technical Brief 14 Section 3 Hardware Interface 14 1 Device Management 14 2 Port LED Interface 14 3 LCD Interface 15 Section 4 Theory of Operation 16 1 Operation Modes 17 1 Normal Active Bypass 18 2 Normal Active Inline 19 3 Manual Active Inline 19 4 Manual Active Bypass 20 5 Manual Passive Bypass 21 2 Heartbeat Hb 21 3 Power Failure Protection 22 Section 5 Initial Configuration 22 1 Com...

Page 6: ... 30 Section 7 Secure Web Management 30 1 Login 31 2 Status 31 3 Bypass Module 31 4 Management Port 32 5 eMail Notifications 32 6 SNMP Settings 32 7 NTP Settings 33 8 Time Settings 33 9 Backup Restore 33 10 Firmware Update 33 11 Log Settings 34 12 Reboot 34 13 Users 34 14 TACACS 35 Section 8 Appendix 1 Heartbeat frame format 36 Section 9 Appendix 2 Console Cable Drawing 38 Section 10 Customer Servi...

Page 7: ... with respect to the technology described and Datacom Systems Inc retains all rights with respect to the technology described herein If applicable you may return the product to the place of purchase for a full refund 1 3 Trademark Attribution Access Your Network DURAstream DS3 ACTIVEtap DS3switch ETHERNETtap Empowering Network Professionals FDDIswitch FIBERsplitter FIBERswitch FIBERSWITCHsystem FL...

Page 8: ...herefore consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature Tma specified in the DS 1010 Series Common Specifications section B Reduced Air Flow Installation of the equipment in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised C Mechanical Loading Mounting of th...

Page 9: ...ts data and allows critical voice and data applications to perform uninterrupted and meet high demands for quality and security Deployed with an in line monitoring tool a DURAstream Bypass Switch creates a comprehensive solution for intrusion prevention Heartbeat Mode The DURAstream DS 1010 10G Bypass Switch can monitor the health of in line appliances by sending and receiving a heartbeat packet A...

Page 10: ... 463 9557 Website www datacomsystems com E mail support datacomsystems com Features Passive bypass maintains network integrity during power loss Active switching of traffic in case of system failure to prevent network interruptions Heartbeat Mode several user configurable options to monitor link status and health of inline appliances including bridge devices like firewalls and VPN gateways Flexibl...

Page 11: ...1 4A MAX Power Adapter Output 12VDC 5 0A Power Consumption 60 0W MAX BTU h 204 6 MAX Operating Temperature Tma 32º to 131 F 0º to 55 C Storage Temperature 22º to 149 F 30º to 65 C Operating Range Relative Humidity 5 to 90 non condensing Dimensions H x W x D includes rack mount bracket 1 75 x 19 00 x 21 00 inch 4 44 x 48 26 x 53 34 cm Weight 13 5 lbs shipping 21 0 lbs 6 12 kg shipping 9 53 kg Warra...

Page 12: ...e features 1 segment 10Gb active bypass switch Supports Fiber Multi Mode and Fiber Single Mode Comprehensive management tools Secure Web management Interface SSL o SNMP o CLI by serial console o SSH Different Heartbeat Modes that monitor appliance system health without appliance driver including Internal Loop back Heartbeat Frame Mode and Link Status Mode Email Notification for appliance status ch...

Page 13: ... 10Gigabit N1 and N2 Ports which connect to an ingress network and egress network 10Gigabit A1 and A2 Ports which connect to a network appliance i e IDS UTM or Firewall Link Active LEDs for 10Gigabit Ports Link status of the port Green LED ON signifies link is stable Blinking LED signifies there is traffic on that port Inline LED ON for Inline state or OFF for Bypass state Bypass LED OFF for Inlin...

Page 14: ...o ports of the module direct traffic through the inline appliance these are the appliance ports Heartbeat packets flow between the bottom ports to ensure the appliance is working properly Heartbeat packets are not passed beyond the bottom ports An inline appliance is connected on the single module using the following diagram Figure 5 DS 1010 Bypass Switching Mode and Active Switching Mode Ports ar...

Page 15: ...heartbeat DS 1010 will remain in Bypass Switching mode Mode 1 Normal Active Inline If DS 1010 receives heartbeat signals within the TIMEOUT time period the switching mode remains or is changed to Bypass Switching Mode If DS 1010 does not receive heartbeat signals within the TIMEOUT time period it will change to or remain in Active Switching Mode By default without any heartbeat DS 1010 will remain...

Page 16: ...ignals are not received within the timeout period traffic will be routed between N1 and N2 Ports A1 and A2 will be bypassed Heartbeat packets will continue to be sent out the Appliance port This allows the module to automatically route traffic back through the appliance once it is repaired or placed back into service Figure 7 Normal Active Bypass Figure 8 Normal Active Bypass Device Failure ...

Page 17: ... while heartbeats continue to flow between A1 and A2 Loss of heartbeats will direct traffic from N1 to A1 and N2 to A2 This mode may be used to make sure the heartbeat is flowing through the appliance while network traffic is not flowing through the appliance Figure 9 Normal Active Inline Figure 10 Normal Active Inline Heartbeat is Blocked ...

Page 18: ...raffic flows from N1 to A1 and N2 to A2 until changed No heartbeat packets are sent Figure 11 Manual Active Inline 4 1 4 Manual Active Bypass Traffic flows between N1 and N2 No heartbeat packets are sent and the device will remain in this mode until changed Figure 12 Manual Active Bypass ...

Page 19: ...ass Switch loses power from both of its redundant power supplies the mode will automatically occur to maintain the network link Note that switching to the mode will cause a brief interruption of the network link which may force routing and link protocol algorithms to recalculate and renegotiate This may cause link downtime Figure 13 Manual Passive Bypass ...

Page 20: ...tbeat Frame from the appliance Heartbeat Mode 1 for the DS 1010 is designed for network appliance units that act as a bridge like IPS or Firewall The user needs to make sure the Network appliance is properly configured so that the device will not filter out the Heartbeat Frame In heartbeat Mode 1 no driver is needed for Appliance systems Heartbeat Mode 3 Link Status Heartbeat Mode In Heartbeat Mod...

Page 21: ...e characters ASCII codes 32 126 and non printable codes noted below Non Printable Character Description enter key Executes command places command in history buffer backspace key Erases previous character entry removes history buffer entry Connectivity Authentication Functionality Connectivity to the bypass product is made through the Management RJ45 or Console RJ45 port and authentication is requi...

Page 22: ...ss_hb_cnt value stores the bypass heartbeat signal count segment will switch to bypass switch mode only if it loses bypass_hb_cnt heartbeat signal number default 1 1 10 current_ip current ip address for management port dhcp dhcp client enable disable setting option to dhcp will enable dhcp client on Management Port setting option to static will disable dhcp client on Management Port default dhcp a...

Page 23: ...sables the secure WEB Management interface a value 1 enables access to secure WEB Management interface default 1 ip static IP address for Management Port default 192 168 0 111 lfd 1 enabled the system will detect and activate the lfd 0 disabled the system will not detect lfd default 1 mac shows mac address for the Management Ethernet Port read only mask subnet mask for Management Port default 255 ...

Page 24: ... port number default 514 tacacs enable tacacs service 0 disable 1 enable tacacs_encryption enable tacacs encryption 0 disable 1 enable tacacs_protocol tacacs_secret define the tacacs secret tacacs_server ip address of tacacs server tacacs_service timeout timeout values for DS 1010 bypass unit each timeout unit is 100ms timeout range is 100ms to 255ms in default bypass operation mode if the unit do...

Page 25: ... check the system variables Figure 14 CLI get output To dump values for all variables cli get more To display a value for individual variable cli get variable For example cli get timeout will display timeout value in decimal form To set a value for individual variable cli set variable option For example cli set timeout 20 will set timeout value to 20 ...

Page 26: ...IP Address 192 168 0 111 Subnet Mask 255 255 255 0 default Gateway 192 168 0 1 IMPORTANT If you expect to remotely connect to the DS 1010 series you must change the IP Address Subnet Mask and default Gateway to match your Local Area Network The IP address can be configured via a serial connection with either Microsoft s HyperTerminal application available on most Windows PCs or an open source free...

Page 27: ...programmable options and monitor unit status 6 3 Password The default Password for the admin account is admin The password can be changed using the CLI command 6 4 SNMP DS 1010 supports SNMP traps on predefined events 6 4 1 Support The Events that will be triggering traps are as follows SNMP trap LFD Link Fault Detection will be generated following detection of a network port going down The usual ...

Page 28: ... set tacacs_server IP cli tacacs_enabled 1 cli get to show all the TACACS options tacacs_enabled 1 tacacs_server 192 168 3 55 this is the TACACS server IP address tacacs_encrypt 0 tacacs_secret None tacacs_service all tacacs_protocol all 6 6 NTP Definitions ntp 0 NTP service 0 DISABLED 1 ENABLED ntp_server default value is us pool ntp org 6 7 SYSLOG Definitions syslog default value 0 Syslog servic...

Page 29: ...LI interface or LCD interface The default Management Port IP is 192 168 0 111 Figure 15 Certificate Error Page Figure 15 Certificate Error Page shows the first page that appears on the web browser after entering the URL Currently DS 1010 s website security certification is in the process of being approved You will need to accept the fact that the certificate has not been approved to continue There...

Page 30: ...nformation power supply status unit link status and the operation mode 7 3 Bypass Module Figure 18 Bypass Module Setting shows the options and allows the user to set and tune them according to the site requirements Figure 18 Bypass Module Setting 7 4 Management Port Figure 19 Management Port Figure 19 Management Port shows the Management Port options which can configure IP settings of the manageme...

Page 31: ...l servers and accounts 7 6 SNMP Settings DS 1010 provides SNMP Trap function which can send messages to a destination IP when the I O segment status or Power Supply status is changed Figure 21 SNMP Settings shows the SNMP options setting which enables or disables the SNMP Trap function and configures the SNMP destination IP and SNMPv2 community name Figure 21 SNMP Settings 7 7 NTP Settings Figure ...

Page 32: ...s which can restore the DS 1010 to default settings 7 10 Firmware Update Figure 25 Firmware Update shows firmware update options which enable firmware update of DS 1010 Figure 25 Firmware Update 7 11 Log Settings Figure 26 Log Settings Figure 26 Log Settings shows the Log Setting options which enables or disables forwarding log messages in an Internet Protocol IP computer network It allows separat...

Page 33: ...count Settings shows the User Account options which allows for the change of a user name and password via the WEB management page 7 14 TACACS Figure 29 TACACS shows the Terminal Access Controller Access Control System Plus TACACS which enables or disables the protocol which provides access control for routers network access servers and other networked computing devices via one or more centralized ...

Page 34: ...stination and Source Mac address Destination MAC 00 0C BD 00 00 FF Source MAC 00 0C BD 00 00 Port Number Byte 12 13 byte are Ether Frame Type 0x8000 EtherFrame 0x80 0x00 Byte 14 63 byte pattern count from 0x00 0x3F Payload or Data 0x00 0x01 0x02 0x03 0x04 0x05 0x3F Byte 64 123 byte pattern 0x55 Payload or Data 0x55 0x55 0x55 Byte 123 127 byte CRC Checksum field This field is byte machine generated...

Page 35: ...ector Pin 1 Pin 4 Pin 6 are shorted together Pin 2 Green Striped wire Pin 3 Solid Green wire Pin 5 Solid Blue Blue Stripe wire Pin 7 Pin 8 Short Pin 9 No Connect Other 2 Sets of Wires Orange Orange Stripe and Brown Brown Stripe Solid Orange and Brown Stripe should be connected together Stripe Orange and Solid Brown should be connected together DB9 Connector Pin Description ...

Page 36: ... wire Solid Blue wire Blue White Stripe wire Solid Green wire Brown White Stripe wire Solid Brown wire CAT5e Cable Wire Colors Top View CAT5e Cable Wire Colors Top to Bottom Solid Brown wire Brown White Stripe wire Solid Green wire Blue White Stripe wire Solid Blue wire Green White Stripe wire Solid Orange wire Orange White Stripe wire CAT5e Cable Wire Colors Bottom View ...

Page 37: ...defective equipment and return it to you freight prepaid If DSI determines that the equipment is not defective it will return it to you freight collect DSI shall have no responsibility for any deficiency resulting from accidents misuse modifications power disturbances including use of a power supply not specified by DSI or various other forms of disaster e g earthquakes floods etc PLEASE DO NOT AT...

Page 38: ... 2010 Datacom Systems Inc This page intentionally left blank ...

Page 39: ...Datacom Systems Inc 9 Adler Drive East Syracuse NY 13057 TEL 315 463 9541 FAX 315 463 9557 http www datacomsystems com Datacom Systems Inc Access Your Network TM ...