SS-22Xx-10G Fiber Network Taps

SS-2212

SS-2222

SS-22xx-10G Fiber Network Taps

CLIg uide

You realize how critical your fiber networks are to your personal success and the success of your overall network strategy. These fiber links carry a very high volume of traffic across your network and are absolutely central to network performance. Virtually all of your fiber links are the very definition of mission critical. It’s nothing new and no secret that the uptime of mission critical segments must approach 100%. As a busy network manager, when a problem occurs in a remote closet, you can now handle the problem remotely with a few keystrokes rather than physically going to the site. Seamless control from Datacom software saves you precious time and is an integral part of the SS-2212-10G Fiber 10 Gigabit Network Tap.

The SS-2212-10G Fiber 10 Gigabit Network Tap affords the ultimate in network integrity to meet whatever monitoring or analysis requirements you may have and allows the sharing of network tools between fiber segments. Your tools can be quickly and effectively targeted at the point of failure, expanding visibility to the farthest reaches of your fiber networks. SS-22xx-10G Fiber Network Taps

All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems - without the written permission of the publisher.

Products that are referred to in this document may be either trademarks and/or registered trademarks of the respective owners. The publisher and the author make no claim to these trademarks.

While every precaution has been taken in the preparation of this document, the publisher and the author assume no responsibility for errors or omissions, or for damages resulting from the use of information contained in this document or from the use of programs and source code that may accompany it. In no event shall the publisher and the author be liable for any loss of profit or any other commercial damage caused or alleged to have been caused directly or indirectly by this document.

Printed: March 2013 in East Syracuse, New York

SS-22xx-10G Fiber Network Taps Contents 5

Table of Contents

Section 1 Terms of Use 9 1 Copyright...... 9 2 License...... Agreement ...... 9 3 Trademark...... Attribution ...... 9 4 Proprietary...... Notice ...... 9 5 Certifi...... cations and Mark s ...... 10 6 Safety...... Notices and Warnings ...... 11 Section 2 Overview 13 1 What ...... Shipped? ...... 13 2 Specif...... ications ...... 13 Section 3 Hardware 15 1 Front ...... Panel Descriptio n ...... 15 Netw ork Ports...... 15 Netw ork Copies...... 15 Common Ports...... 16 Pow er and Status...... Indicators ...... 16 Display and Buttons...... 17 2 Rear Panel...... Description ...... 17 Pow er Module...... 17 Management Module...... 18 Section 4 Initial Network IP Address Configuration 19 1 SERIAL...... Port Configuration (DB9) ...... 19 2 IP Add...... ress Configuratio n ...... 20 Section 5 Hardware Installation 25 1 Stand-...... Alone Installation ...... 25 Pow er Connection...... 25 Netw ork Ports...... 26 Netw ork Copies...... 27 Common Ports...... 28 Management Port...... 29 2 Daisy-...... Chain Installatio n ...... 29 Netw ork, Common...... Connection ...... 29 Serial-Link, Management...... Connection ...... 30 Section 6 Management Connection 33 1 STREAMlite™...... 33

Initial Login and...... Quick Start ...... 34 Setup ...... 39 Management...... Configuration ...... 40 Users ...... 41 Port Settings...... 42 Stacking ...... 43 System ...... 43 Status ...... 45 Counters ...... 46 System Health...... 46 Logs ...... 46 Help ...... 47 2 TELNET...... 48 3 SSH ...... 49 4 Command...... Line Interface (CLI) ...... 52 Basic Functionality...... 52 Basic Commands...... 52 HELP (HE) or...... (?) ...... 52 EXIT (EX) ...... 57 POWER STATUS...... (PO ST) ...... 57 SHOW (SH)...... 57 SHOW CURRENT...... USER (SH CU US) ...... 58 SHOW SYS...... NAME (SH SY NA) ...... 58 SHOW SYS...... DESC (SH SY DE) ...... 58 SHOW MANAGEMENT...... (SH MA) ...... 59 SHOW PORT...... CONFIG (SH PO CO) ...... 59 SHOW PORT...... NAME (SH PO NA) ...... 59 SHOW PORT...... STATS (SH PO ST) ...... 60 SHOW PORT...... DESC (SH PO DE) ...... 60 SHOW SWITCH...... PORT (SH SW PO) ...... 60 SHOW PRODUCT...... (SH PR) ...... 61 SHOW SERIAL...... (SH SE) ...... 61 SHOW SERVICE...... STATUS (SH SV ST) ...... 61 SHOW TIME...... (SH TI) ...... 61 SHOW SESSION...... TIMEOUT (SH SE TI) ...... 62 SHOW STACK...... (SH ST) ...... 62 SHOW SNMP...... (SH SN) ...... 63 SHOW SNMPV3...... USERS (SH V3 US) ...... 63 SHOW SNMPV3...... TRAP DESTINATION (SH V3 TR DE) ...... 63 SHOW SNMPV2C...... READCOMMUNITY (SH V2 RC ) ...... 64 SHOW SNMPV2C...... WRITECOMMUNITY (SH V2 WC) ...... 64 SHOW SNMPV2C...... TRAP DESTINATION (SH V2 TR DE) ...... 64 SHOW USERS...... (SH US) ...... 64 ADD USER...... (AD US) ...... 65 EDIT USER...... (ED US) ...... 66 DELETE USER...... (DE US) ...... 66 REBOOT ...... 66 SET SYS NAME...... (SE SY NA) ...... 67 SET SYS DESC...... (SE SY DE) ...... 67 SET PROMPT...... (SE PR) ...... 67

SET DATE (SE...... DA) ...... 67 SET SESSION...... TIMEOUT (SE SE TI) ...... 68 SET TIME (SE...... TI) ...... 68 SET MANAGEMENT...... PORT (SE MA PO) ...... 68 SET IP (SE ....IP) ...... 68 SET AUTO ...... ADDRESS (SE AU AD) ...... 69 SET SUBNET...... (SE SU) ...... 69 SET GATEWAY...... (SE GA) ...... 69 SET TCP PORT...... (SE TC PO) ...... 70 SET SWITCH...... PORT (SE SW PO) ...... 70 SET PORT NAME...... (SE PO NA) ...... 70 SET PORT DESC...... (SE PO DE) ...... 70 DEL PORT ...... NAME (DE PO NA) ...... 71 DEL PORT ...... DESC (DE PO DE) ...... 71 SET PORT SPEED...... (SE PO SP) ...... 71 SET PING (SE...... PI) ON/OFF ...... 72 SET TELNET...... (SE TE) ON/OFF ...... 72 SET SSH (SE...... SS) ON/OFF ...... 72 ADD RADIUS...... (AD RA) ...... 73 DELETE RADIUS...... (DE RA) ...... 73 SET RADIUS...... SECRET (SE RA SE) ...... 73 SET RADIUS...... TIMEOUT (SE RA TI) ...... 73 SHOW RADIUS...... (SH RA) ...... 74 ADD TACACS...... LOGIN (AD TA LO) ...... 74 ADD TACACS...... RIGHTS (AD TA RI) ...... 74 DELETE TACACS...... LOGIN (DE TA LO) ...... 75 DELETE TACACS...... RIGHTS (DE TA RI) ...... 75 SET TACACS...... LOGIN SECRET (SE TA LO SE) ...... 75 SET TACACS...... RIGHTS SECRET (SE TA RI SE) ...... 75 SET TACACS...... RIGHTS SERVICE (SE TA RI SV) ...... 76 SET TACACS...... TIMEOUT (SE TA TI) ...... 76 SHOW TACACS...... (SH TA) ...... 76 SET AUTHENTICATION...... ORDER (SE AU OR) ...... 77 SHOW AUTHENTICATION...... ORDER (SH AU OR) ...... 77 SET SNMPV3...... SUPERUSER (SE V3 SU) ...... 77 SET SNMPV3...... MONITORUSER (SE VS MU) ...... 78 DELETE SNMPV3...... USER (DE V3 US) ...... 78 DELETE SNMPV3...... TRAP DESTINATION (DE V3 TR DE) ...... 78 SET SNMPV2C...... READCOMMUNITY (SE V2 RC ) ...... 79 DELETE SNMPV2C...... READCOMMUNITY (DE V2 RC ) ...... 79 SET SNMPV3...... TRAP DESTINATION (SE V3 TR DE) ...... 79 SET SNMPV2C...... WRITECOMMUNITY (SE V2 WC) ...... 79 DELETE SNMPV2C...... WRITECOMMUNITY (DE V2 WC) ...... 80 SET SNMPV2C...... TRAP DESTINATION (SE V2 TR DE) ...... 80 DELETE SNMPV2C...... TRAP DESTINATION (DE V2 TR DE) ...... 80 SET SNMP ...... (SE SN) ON/OFF ...... 81 RESET SNMP...... DEFAULTS (RE SN DE) ...... 81 RESTART WEB...... SERVER ((SE WE SE) ...... 81 Section 7 Customer Service 83 1 World...... Wide Web ...... 83 2 Warranty...... 83

3 Limits...... of Liability ...... 83

1 Terms of Use

The following terms and conditions relate to the use of this document. Please note that Datacom Systems Inc. reserves the right, at its entire discretion, to change, modify, add, or remove portions of these Terms of Use at any time. Please read the Terms of Use carefully as your use of this document is subject to the Terms of Use stipulated herein.

1.1 Copyright Copyright ©2010 by Datacom Systems, Inc. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of Datacom Systems, Inc. To obtain this permission, write to the attention of the Datacom Systems legal department at 9 Adler Drive, East Syracuse, New York 13057-1290, or call 315-463-9541.

1.2 License Agreement Notice To All Users: By using Datacom Systems, Inc. products, you agree to the terms set forth. No licenses, express or implied, are granted with respect to the technology described and Datacom Systems, Inc. retains all rights with respect to the technology described herein. If applicable, you may return the product to the place of purchase for a full refund.

1.3 Trademark Attribution

Access Your Network , DS3 ACTIVEtap , DS3switch , ETHERNETtap , Empowering Network Professionals , FDDIswitch , FIBERsplitter , FIBERswitch , FIBERSWITCH• system , FLOWcontrol , GIGABITswitch , INSERTswitch , INSERTunit , LANswitch , MANAgents , MULTINETswitch , NETspan , PROline , RMON SWITCHINGanalyzer , UNIVERSALswitch , WANswitch are trademarks of Datacom Systems, Inc. 1ST in Switching Solutions®, DATACOMsystems®, Empowering Network Professionals®, FLOWcontrol®, LAN clipper®, LINKprotect®, MANAgents®, MULTIview®, PERMAlink®, SIGNALdetect®, SINGLEstream®, STREAMlite , VERSAlink® and VERSAstream® are registered trademarks of Datacom Systems, Inc. All other registered and unregistered trademarks are the sole property of their respective owners. All specifications may be changed without notice. 1.4 Proprietary Notice This document contains proprietary information about the SS-22xx-10G 10 Gigabit Network Tap and is not to be disclosed or used except as authorized by written contract with Datacom Systems, Inc.

1.5 Certifications and Marks

For information regarding certifications and marks, please refer to the product info section of our website at http://www.datacomsystems.com

1.6 Safety Notices and Warnings

These explanatory labels are included in this information for the user in accordance with the requirements of IEC 60825.1.

WARNING: Class 1 laser and LED product. A class 1 laser is safe under all conditions of normal use. Invisible laser radiation may be emitted from optical port openings when no fiber cable is connected, avoid exposure to laser radiation and do not stare into open optical ports.

IMPORTANT: Rack Mount Instructions are included here to call the attention of installation technicians to pertinent safety and warning issues prior to the installation of the product as follows:

A. Elevated Operating Ambient — If installed in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. Therefore, consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature specified. B. Reduced Air Flow — Installation of the equipment in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised. C. Mechanical Loading — Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading. D. Circuit Overloading — Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on over-current protection and supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern. E. Reliable Earthing — Reliable earthing of rack-mounted equipment should be maintained. Particular attention should be given to supply connections other than direct connections to the branch circuit (e.g. use of power strips).

1.6 Safety Notices and Warnings

These explanatory labels are included for user information.

WARNING: Class 1 laser and LED product. A class 1 laser is safe under all conditions of normal use. Invisible laser radiation may be emitted from optical port openings when no fiber cable is connected, common safety precaution suggests avoid exposure to laser radiation and do not stare into open optical ports.

IMPORTANT: Rack Mount Instructions are included here to call the attention of installation technicians to pertinent safety and warning issues prior to the installation of the product as follows:

B. Reduced Air Flow — Installation of the equipment in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised.

C. Mechanical Loading — Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading.

D. Circuit Overloading — Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on over-current protection and supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern.

E. Reliable Earthing — Reliable earthing of rack-mounted equipment should be maintained. Particular attention should be given to supply connections other than direct connections to the branch circuit (e.g. use of power strips).

(This page intentionally blank)

Overview 13

2 Overview

The SS-22xx-10G Fiber Network Tap increases network visibility and leverages your investment in network analyzers, probes, and security equipment by allowing you to simultaneously monitor up to four separate ports. Greater visibility accelerates problem resolution, reduces downtime and increases enterprise productivity.

Like all Datacom Systems Network Taps, the SS-22xx-10G Network Tap is compatible with all vendor hardware and can be controlled by our Command Line Interface (CLI), which will allow you to control all of your Network Taps through a single interface regardless of what network appliances you choose to deploy. 2.1 What Shipped?

1 - SS-22xx-SR-10G, SS-22xx-LR-10G, SS-22xx-CM#-10G 2 - AC Line Cords 1 - DRL512-2M-R cables, DB9 M/F straight thru 1 - FLASHutils™ software

NOTE: xx = 12 or 22 CM# = CM, CM1, CM2 or CM3 2.2 Specifications SS-2212-LR-10G Ports: 10 - 10G LR (LC Connectors)

SS-2212-SR-10G Ports: 10 - 10G SR (LC Connectors)

SS-2212-CM#-10G Ports: ( NOTE: CM# = CM, CM1, CM2 or CM3 ) 10 - 10G custom mix of LR and SR (LC Connectors)

SS-2222-LR-10G Ports: 15 - 10G LR (LC Connectors)

SS-2222-SR-10G Ports: 15 - 10G SR (LC Connectors)

SS-2222-CM#-10G Ports: ( NOTE: CM# = CM, CM1, CM2 or CM3 ) 15 - 10G custom mix of LR and SR (LC Connectors)

Common Ports: 4 - 10G LR or SR (LC Connectors)

Management Port (rear): RJ45 @ 10/100/1,000 Mbs Full-Duplex

14 SS-22xx-10G Fiber Network Taps

Serial Port (rear): DB9

Input Power Requirement: 100-240VAC 50-60Hz, 4.0-2.0 A

Dimensions (H x W x D): 1.72 x 19.00 x 26.50 inch (4.37 x 48.26 x 67.31 cm)

Weight: 18.15 lbs (8.23 kg)

Operating Temperature: 32º to 104° F (0º to 40° C)

Storage Temperature: -22º to 149° F (-30º to 65° C)

Humidity: Less than 95° C non-condensing

Warranty: One (1) year - see 5.2 Warranty section for details

Hardware 15

3 Hardware

This section provides a description of the SS-22xx-10G Fiber Network Tap. 3.1 Front Panel Description

SS-2212

SS-2222

This section provides a front panel description of the SS-22xx-10G Fiber Network Tap.

3.1.1 Network Ports The NETWORK PORTS 1-10 are quad-LC sockets used for connection to 10 Gigabit networks. SS-2212

SS-2222

3.1.2 Network Copies The NETWORK COPIES 1A-10B are quad-LC sockets used to provide copies of the 10 Gigabit network ports.

SS-2222

16 SS-22xx-10G Fiber Network Taps

3.1.3 Common Ports The COMMON PORTS A1, A2, B1, B2 are quad-LC sockets used when this is a stand-alone switch for connection to network monitor tools or connection to another 10 Gigabit Network Tap.

SS-2212

SS-2222

3.1.4 Power and Status Indicators The POWER 1, POWER 2 LEDs illuminate green when the unit power is switched ON with power available to both of the two rear AC power sockets. Although only one power source is required to power the SS-22xx-10G, use of a second independent power source is strongly recommended to assure uninterrupted monitoring.

SS-2212

SS-2222

To power the unit ON: Power ON by depressing the AC power switch bar icon located on the rear panel. The powered ON SS-22xx-10G is indicated by the illuminated green POWER 1 and POWER 2 LEDs on the front panel when the rear panel AC power switch is depressed ON and AC power is available at both the two rear AC power sockets. Either POWER 1, POWER 2 LED illuminated red indicates a defective power source and immediate investigation as to the cause is required to insure redundant power integrity.

The STATUS LED indicator is orange during the boot-up cycle and turns green upon a successful boot sequence indicating the 10 Gigabit Network Tap is operational.

Hardware 17

3.1.5 Display and Buttons The display shows Network Port and Common Port status. The Selectable Button Functions are for future use.

SS-2212

SS-2222

3.2 Rear Panel Description This section provides a rear panel description of the SS-22xx-10G Fiber Network Tap.

An explanation of each rear panel legend follows:

3.2.1 Power Module

The AC power switch is a rocker style switch. The AC power switch circle icon depressed is OFF. The AC power switch bar icon depressed is ON. To power the unit ON: Power ON the SS-22xx- 10G by depressing the AC power switch bar icon. The powered ON SS-22xx-10G is indicated by the illuminated green POWER 1 and POWER 2 LEDs on the front panel.

Two AC input power sockets are provided on the rear panel. The front panel POWER 1, POWER 2 LEDs are illuminated green, respectively, when the AC power switch is depressed ON and AC power is available at both the two rear AC power sockets. Either POWER 1, POWER 2 LED illuminated red indicates a defective power source and immediate investigation as to the cause is required to insure redundant power integrity.

18 SS-22xx-10G Fiber Network Taps

Although only one power supply is required to power the SS-22xx-10G, use of a second independent power source is strongly recommended to assure uninterrupted monitoring. Furthermore, connecting the second AC input power socket to a different external power source circuit than the first AC input power source eliminates power as a single point of failure.

3.2.2 Management Module

The SERIAL 1 connector port is a shielded DB9 Female and is cabled to the COM port of any compatible network tool or PC where HyperTerminal or Datacom Systems Switch Control Software resides. If this SS-22xx-10G Fiber Network Tap is daisy-chained, the SERIAL 1 port will be connected to the preceding switch SERIAL 2 port.

The SERIAL 2 connector port is a shielded DB9 male and if this SS-22xx-10G Fiber Network Tap is daisy-chained, the port will be connected from the preceding switch SERIAL 1 port.

The MANAGEMENT connector port is a shielded RJ45 and is cabled to the network.

Media Access Control (MAC) address identifier and certification compliance identifiers are provided on this rear label.

Initial Network IP Address Configuration 19

4 Initial Network IP Address Configuration

IMPORTANT: Prior to initial configuration of the hardware, it is imperative to review the entire Initial Network IP Address Configuration section before proceeding to the Installation section.

This section explains the considerations and requirements for the initial configuration of the SS-22xx- 10G series by a Command Line Interface (CLI) with a management PC using a terminal emulation application connected through the SERIAL 1 DB9 Female port.

All SS-22xx-10G series units are shipped with a factory default configuration as follows: IP Address:192.168.1.1; Subnet Mask: 255.255.0.0; Gateway: 192.168.1.0 IMPORTANT: If you expect to remotely connect to the SS-22xx-10G series, you must change the IP Address, Subnet Mask and Gateway to match your Local Area Network. See SET IP (SE IP), SUBNET (SU), GATEWAY (GA) 68 section for the CLI command details to change from the default.

Note: If your SS-22xx-10G already has the IP Address, Subnet Mask and Gateway set for your network, you may proceed to the 'Hardware Installation 25 ' section. 4.1 SERIAL Port Configuration (DB9)

Note: Use the SERIAL1 DB9 Female port for initial configuration of the hardware. Once the SS- 22xx-10GF connection is made to the SERIAL 1 DB9 Female port with the shipped1 DRL512- 2M-R cables, DB9 M/F straight thru cable, open the terminal emulation application and create a connection. Any freely available terminal emulator may be utilized, but please take note of the specific Microsoft HyperTerminal settings in the following example, if an alternate terminal emulator is used. HyperTerminal (terminal emulator) enter: 115,200 bits per second 8 data bits Parity none 1 stop bit Flow control none

Detailed IP Address configuration can be found in the SET IP (SE IP) 68 command portion of the Command Line Interface (CLI) section.

20 SS-22xx-10G Fiber Network Taps

4.2 IP Address Configuration All SS-22xx-10G Fiber Network Taps are assigned an IP address (192.168.1.1) by default. You must change the IP address to match your network.

NOTE: If your SS-22xx-10G Fiber Network Tap already has an IP address for your network, you may proceed to the 'Stand-Alone Installation 25 ' section.

In the following example, Microsoft's HyperTerminal is used, but any freely available alternative terminal emulator (PuTTy or Tera Term for example) maybe used. The IP address of the SS-22xx- 10G Fiber Network Tap can be configured via a serial connection made with Microsoft's HyperTerminal application available on Windows PCs.

Step 1. First, connect your PC and your SS-22xx-10G Fiber Network Tap using the provided Datacom Systems DRL512-2M-R cable. Connect the DB9 Female pin end to the serial port on your PC and connect the DB9 Male pin to the CONTROL port on your SS-22xx-10G.

NOTE: For PCs without 9-pin serial ports, check with you product representative for available sources of a USB to RS-232 Plug-in Adapter.

Step 2. Using a supplied AC Line Cord, plug the SS-22xx-10G Fiber Network Tap into the external power source. Note that either POWER 1 or POWER 2 LED is illuminated green indicating power is available at the rear AC power socket to which the AC Line Cord is connected. The other POWER LED is illuminated red indicating a lack of power to the unconnected AC power socket. Depress the AC power switch bar icon to power ON the SS-22xx-10G which is indicated by the internal cooling fans powering up.

Initial Network IP Address Configuration 21

Step 3. Open the HyperTerminal application on your PC by selecting START > All Programs > Accessories > Communications > HyperTerminal

Step 4. Name a new HyperTerminal connection and select OK

22 SS-22xx-10G Fiber Network Taps

Step 5. On the Connect to window, create a serial link by selecting the COM port assigned to the serial port on your PC from the Connect using: pull-down menu and select OK

Step 6. Next, configure the COM Properties. The initial correct setting to communicate with the SS-22xx-10G (115,200, 8, None, 1, None) are shown below. Once all settings are configured correctly, click Apply, then click OK.

Initial Network IP Address Configuration 23

Step 7. You are now connected to your SS-22xx-10G Fiber Network Tap. Hit the Enter key twice in succession (i.e., Enter, Enter.)

Step 8. To display the Command shell prompt, type ? and press the Enter key to see a list of available commands.

Step 9. Set the IP address by typing SET IP xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx corresponds to a valid IP address for your network. Press the Enter key to continue. Step 10. Set the default gateway (if needed) by typing SET GATEWAY xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx corresponds to your network's default gateway. Press the Enter key to continue. Step 11. Set the subnet mask by typing SET SUBNET xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx corresponds to your network's subnet mask. Press the Enter key to continue.

24 SS-22xx-10G Fiber Network Taps

Step 12. Type EXIT to save the network address changes and press the Enter key to end the connection session indicated by 'Connection closed' response.

Step 13. Hit the Enter key twice in succession (i.e., Enter, Enter) to establish another connection session with the SS-22xx-10G Fiber Network Tap, type SHOW and press the Enter key to review the network address settings. Verify that the settings are correct.

Step 14. Type EXIT and press the Enter key to end the connection session indicated by 'Connection closed' response. Then close the HyperTerminal window responding 'Yes' to the "You are currently connect. Are you sure you want to disconnect now?' prompt. Step 15. Disconnect the DRL512-2M-R serial cable from your SS-22xx-10G Fiber Network Tap. Step 16. Proceed to install the SS-22xx-10G Fiber Network Tap in your chosen network location.

Hardware Installation 25

5 Hardware Installation

This section explains how to install the SS-22xx-10G Fiber Network Tap. 5.1 Stand-Alone Installation This section will focus on a simple configuration which describes the typical SS-22xx-10G Fiber Network Tap hardware installation at the network location of your choice. 5.1.1 Power Connection This section will focus on power at the installation network location of the SS-22xx-10G Fiber Network Tap.

Step 1. Using the supplied AC Line Cords, plug the SS-22xx-10G Fiber Network Tap into different circuit external power sources.Although only one power supply is required to power the SS-22xx-10G, use of a second independent power source is strongly recommended to assure uninterrupted monitoring. Furthermore, connecting the second AC power socket to a different external power source circuit than the first AC power source eliminates power as a single point of failure.

The AC POWER switch is a rocker style switch. The AC power switch circle icon depressed is OFF . The AC power switch bar icon depressed is ON.

Step 2. Power ON the SS-22xx-10G by depressing the AC power switch bar icon. The powered ON SS-22xx-10G is indicated by the illuminated green POWER 1 and POWER 2 LEDs on the front panel.

26 SS-22xx-10G Fiber Network Taps

5.1.2 Network Ports This section will focus on the NETWORK PORT connection of the typical SS-22xx-10G Fiber Network Tap hardware installation.

WARNING: The fiber taps in each NETWORK PORT are directional devices. The Rx/Tx connector pair orientation of the fibers connecting to the NETWORK PORT must match the connection diagrams or no data will be visible out the COMMON PORTS to the tools.

Step 1. Connect one of the fiber network cables to a NETWORK PORT socket.

Step 2. Connect the other fiber network cable to the other NETWORK PORT socket.

Step 3. Continue repeating Step 1. and Step 2. for any remaining NETWORK PORT you want to connect from the SS-22xx-10G Fiber Network Tap.

Hardware Installation 27

5.1.3 Network Copies This section will focus on the NETWORK COPIES connection of the typical SS-2222-10G Fiber 10 Gigabit Network Tap hardware installation.

Step 1. Connect one of the fiber network cables to a NETWORK COPIES socket.

Step 2. Connect the other fiber network cable to the other NETWORK COPIES socket.

Step 3. Continue repeating Step 1. and Step 2. for any remaining NETWORK COPIES you want to connect from the SS-22xx-10G Fiber Network Tap.

28 SS-22xx-10G Fiber Network Taps

5.1.4 Common Ports

This section will focus on the COMMON PORT connection of the typical SS-22xx-10G Fiber Network Tap hardware installation.

WARNING: The Rx/Tx connector pair orientation of the fibers connecting to the COMMON PORT must match the connection diagrams or no data will be visible out the COMMON PORT to the tool.

Step 1. Connect one side of a monitoring cable to a COMMON PORT socket and the other side of this monitoring cable to the monitoring tool NIC port. For example, a fiber cable is connected from A1 to the Analyzer monitoring tool NIC. This supplies one half of the monitored network conversation to the monitoring tool.

Step 2. Connect another monitoring cable (i.e. A2) to the other COMMON PORT socket and the other side of this monitoring cable to the other monitoring tool NIC port. For this example, a fiber cable is connected from A2 to the Analyzer monitoring tool NIC. This completes the network conversation to the monitoring tool by supply the remaining half of the monitored network conversation to the monitoring tool.

Step 3. Repeat Step 1. and Step 2. for COMMON PORT B.

Hardware Installation 29

5.1.5 Management Port This section will focus on the MANAGEMENT PORT 100 Mbs Full-Duplex connection of the typical SS-22xx-10G Fiber Network Tap hardware installation.

Step 1. Connect a network cable to the MANAGEMENT port RJ45 socket. The MANAGEMENT port RJ45 left LED illuminates green when link has been established with the network. The MANAGEMENT port right LED illuminates green when passing data. 5.2 Daisy-Chain Installation The daisy-chain configuration is similar for both the SS-2212 and SS-2222 Fiber Network Taps. This section will focus on a simple daisy-chain configuration describing the typical hardware daisy- chain installation of four SS-22xx-10G Fiber 10 10 Gigabit Network Taps.

NOTE: You can daisy-chain a maximum of eight SS-22xx-10G Network Taps. 5.2.1 Network, Common Connection

NOTE: Only the first SS-22xx-10G Fiber Network Taps in the daisy-chain must have its IP Address configured prior to installation in the daisy-chain. Refer to the 'IP Address in the Installation' section.

30 SS-22xx-10G Fiber Network Taps

NOTE: The SS-22xx-10G Fiber Network Tap label 0 in the diagram is the first switch in the daisy- chain, 1 is the second switch in the daisy-chain, 2 is the third switch in the daisy-chain and 3 is the forth switch in the daisy-chain. NOTE: All daisy-chained switches are managed through the first switch in the daisy-chain.

Step 1. Refer to 'Power' under the 'Hardware Installation' section for the directions to connect each switch in the daisy-chain to a power source. Step 2. Refer to 'Network Connection' under the 'Hardware Installation' section for the directions to connect each NETWORK PORT socket in the daisy-chain to a network. Step 3. Refer to "Management Connection' under the 'Hardware Installation' section for the directions to connect the MANAGEMENT port socket in the daisy-chain to a remote management network. 5.2.2 Serial-Link, Management Connection

NOTE: All daisy-chained switches are managed through the first switch in the daisy-chain.

Step 1. For two switches daisy-chained, connect a DRL512-2M-R cable, DB9 M/F straight thru cable, to the SERIAL 2 DB9 socket of the first switch (switch 0) to the SERIAL 1 DB9 socket of the second switch (switch 1).

Hardware Installation 31

Step 2. If three switches are daisy-chained, continue. Connect a DRL512-2M-R cable, DB9 M/F straight thru cable, to the SERIAL 2 DB9 socket of the second switch (switch 1) to the SERIAL 1 DB9 socket of the third switch (switch 2).

Step 3. If four switches are daisy-chained, continue. Connect a DRL512-2M-R cable, DB9 M/F straight thru cable, to the SERIAL 2 DB9 socket of the third switch (switch 2) to the SERIAL 1 DB9 socket of the fourth switch (switch 3).

Step 4. Up to eight switches can be daisy-chained. Continue connecting a DRL512-2M-R cable, DB9 M/F straight thru cable, to the SERIAL 2 DB9 socket of any remaining switches to the SERIAL 1 DB9 socket of the next switch in the series until all daisy-chained switches are connected.

(This page intentionally blank)

Management Connection 33

6 Management Connection

Once installation of the SS-22xx-10G Fiber Network Tap and SS-22xx-10G Fiber Network Tap has been completed in your chosen network location, management connection may be initiated over ™ the network via either STREAMLITE , TELNET or SSH as explained in the following section.

This section focus is the MANAGEMENT PORT 10/100/1000 Mbs Full-Duplex connection of the typical SS-22xx-10G Fiber Network Tap and SS-22xx-10G Fiber Network Tap hardware installation.

™ Browsers supported for STREAMLITE are Microsoft Internet Explorer 9.0, Mozilla Firefox 15 ™ and Safari 5. STREAMLITE supports only encrypted (HTTPS) web sessions, unencrypted (HTTP) web sessions are NOT supported.

The first section, 6.1.1, describes an 'Initial Login and Quick Start' session and the sections that follow the 'Initial Login and Quick Start' section will serve as a guide to the application specific SS- 22xx-10G Fiber Network Tap and SS-22xx-10G Fiber Network Tap simple and intuitive visual ™ Graphical User Interface (GUI) STREAMLITE . It will include the following functions: Setup Control Status Help

34 SS-22xx-10G Fiber Network Taps

6.1.1 Initial Login and Quick Start Users may access the GUI through the browser with the following address: https://

Users will be prompted with the login screen. Users can login with the Username 'Administrator' and default password 'admin'.

The Setup - Management Configuration window is the first screen upon successful User login.

With an active browser connection Logout automatically occurs after 5 minutes [default setting which can be change under Setup > System > Interface Timeouts] of inactivity.

In the following Quick Start Session the User will setup 2 Network (1 and 2) Ports and 2 Monitor ( 4 and 5) Ports. The Network (1 and 2) Ports will be sent to the Monitor (4 and 5)

Management Connection 35

The Network, Copies and Common Ports settings are configured under Setup - Port Settings by double clicking the Logical Port # to be configured. which opens the Port Settings window.

In this example session enter Name: Network_1 (no spaces allowed), Port Type: Network, Media: Fiber, Speed: 10G and click Save

Port Type: {Network, Copies, Common}: Is selected as appropriate NETWORK - Any port connected to a live data network in order to transmit or receive data. Normally, port outputs will be traffic generated by an Active Monitor device. COPIES - Any port with a monitoring device attached sends th data to a monitoring device, but disallows that monitoring device from injecting data back into the product. COMMON - Any port with a monitoring device attached sends th data to a monitoring device, but disallows that monitoring device from injecting data back into the product. INTERCONNECT - Any port which allows bi-directional data as a normal occurrence. The main purpose for this type of port is to provide interconnection (“daisy”) connections between stacked boxes. Warning: All the units in a stack must be the same firmware version. Note: However, it can also be used as a network connection for which the Active Monitor may want to disrupt.

Media: Fiber

Speed: Is available as appropriate for Fiber - 10G, 1000X-MANUAL or 1000X-AUTO

Negotiated Speed: If link is established negotiated speed is displayed, otherwise No Link

36 SS-22xx-10G Fiber Network Taps

After Network_1, Network_2, Monitor_1 and Monitor_2 Ports have been configured, the browser screen may have to be manually refreshed to observe the configurations just completed.

The Network and Monitor Ports steering to the Monitor (4 and 5) Ports are configured under Control - Port Steering by double clicking the Logical Port # to be configured, in this case Logical Port # 4 (Monitor_1). which opens the Port Settings window.

Management Connection 37

For Monitor_1, under the Forwarding To window uncheck all the Port (1 through 12) Numbers, Under the Receiving From window uncheck the Port (3 through 12) Numbers, leave Port 1 and 2 checked, Click the Apply button to accept the Monitor_1 Port Steering Configuration.

For Monitor_2, under the Forwarding To window uncheck all the Port (1 through 12) Numbers, Under the Receiving From window uncheck the Port (3 through 12) Numbers, leave Port 1 and 2 checked, Click the Apply button to accept the Monitor_2 Port Steering Configuration.

38 SS-22xx-10G Fiber Network Taps

(This page intentionally blank)

6.1.2 Setup The Setup - Management Configuration window is the first screen upon successful User login.

With an active browser connection Logout automatically occurs after 5 minutes [default setting which can be change under Setup > System > Interface Timeouts] of inactivity.

40 SS-22xx-10G Fiber Network Taps

The top main menu provides access to the following operation options: • Setup • Status • Control • Help

The main menu Setup option provides access to the following submenu selections: • Management Configuration • Stacking • Users • System • Port Settings

6.1.2.1 Management Configuration

The Setup - Management Configuration form provides current information and input to: • Management Port • Management Services

IMPORTANT: If the SS-22xx-10G series default (192.168.1.1) configuration is accessible through the Local Area Network (LAN) the default configuration may be changed to suit the LAN requirements. Otherwise, if you expect to remotely connect to the SS-22xx-10G series, you must change the IP Address, Subnet Mask and Gateway to match your LAN. See the Initial Network IP Address Configuration 19 section to change from the default (192.168.1.1) configuration.

Management Connection 41

6.1.2.2 Users The Setup - Users form provides current information and input to: • User Information • Security Rights

42 SS-22xx-10G Fiber Network Taps

6.1.2.3 Port Settings The Setup - Port Settings form provides current information and input to: • Logical Port # • Name • Box/Port # • Description • Port Type {Network, Monitor, Active Monitor, Interconnect} Port Type {Network, Monitor, Active Monitor, Interconnect}: Network - Any port connected to a live data network in order to transmit or receive data. Normally, port outputs will be traffic generated by an Active Monitor device. Monitor - Any port to which a monitoring device is attached sends its data to the monitoring device, but disallows that monitoring device from injecting data back into the product. Interconnect - Any port which allows bi-directional data as a normal occurrence. The main purpose for this type of port is to provide interconnection (“daisy”) connections between stacked boxes. Warning: All the units in a stack must be the same firmware version. Note: However, it can also be used as a network connection for which the Active Monitor may want to disrupt.

Management Connection 43

6.1.2.4 Stacking

™ The Setup - Port Stacking function is not supported in this release of STREAMLITE .

6.1.2.5 System The Setup - System form provides current information and input to: • Real Time Clock • Firmware • System Backup • Reboot • Interface Timeouts • Reset to Factory Defaults • System Restore

6.1.3 Control The main menu Control option provides access to the following submenu selections: • Port Steering

44 SS-22xx-10G Fiber Network Taps

6.1.3.1 Port Steering The Control - Port Steering form provides current information and input to: • Logical Port # • Name • Box/Port # • Description • Port Type {Network, Monitor, Active Monitor, Interconnect} Port Type {Network, Monitor, Active Monitor, Interconnect}: Network - Any port connected to a live data network in order to transmit or receive data. Normally, port outputs will be traffic generated by an Active Monitor device. Monitor - Any port to which a monitoring device is attached sends its data to the monitoring device, but disallows that monitoring device from injecting data back into the product. Interconnect - Any port which allows bi-directional data as a normal occurrence. The main purpose for this type of port is to provide interconnection (“daisy”) connections between stacked boxes. Warning: All the units in a stack must be the same firmware version. Note: However, it can also be used as a network connection for which the Active Monitor may want to disrupt.

Management Connection 45

6.1.4 Status The main menu Status option provides access to the following submenu selections: • Counters • System Health • Logs

46 SS-22xx-10G Fiber Network Taps

6.1.4.1 Counters

™ The Status - Counters function is not supported in this release of STREAMLITE .

6.1.4.2 System Health The Status - System Health form provides current information to: • System Health • Power Supply Status

6.1.4.3 Logs

™ The Status - Logs function is not supported in this release of STREAMLITE .

Management Connection 47

6.1.5 Help The main menu Help option provides access to the following submenu selections: Help

The Help - Help provides a web link to current support documentation:

48 SS-22xx-10G Fiber Network Taps

6.2 TELNET Most network equipment and operating systems with a TCP/IP stack also support some kind of TELNET service server for remote connection. Security-related shortcomings have limited TELNET (TErminaL NETwork) usage, although TELNET is still widely used when diagnosing problems, manually "talking" to other services without specialized client software, and administration of network elements such as integration and maintenance of core network elements.

IMPORTANT: For hostname, if initial IP Address HAS BEEN configured, as shown below, use the Local Area Network address setting input during initial IP Address configuration. Otherwise, if initial IP Address HAS NOT BEEN configured, a direct-connect cross-over cable to PC and custom configured computer IP and Subnet must be set in order to use the factory default 192.168.1.1 address. TELNET using MANAGEMENT RJ45 - software configuration of the hardware At the Windows command prompt enter: telnet At the Microsoft Telnet> prompt enter: o nnn.nnn.nnn.nnn (open hostname) [i.e., o Local Area Network IP] After completing review of the Command Line Interface (CLI) section, detailed CLI configuration can be found in the Basic Commands 52 section.

Step 1. Open the Command Prompt on your PC by selecting START > All Programs > Accessories > Command Prompt

Step 2. In the Command Prompt window, at the prompt, enter TELNET and hit the Enter key. (To see a list of available Microsoft Telnet Client Commands, at the prompt, enter ? and hit the Enter key. Supported commands will be displayed.)

Management Connection 49

Step 3. At the Command Prompt window prompt, enter "o Local Area Network IP" (o = Telnet "open") and hit the Enter key.

Step 4. You are now connected at the Enter Username: prompt. Usernames and passwords are case-sensitive. Type Administrator (default value) and press the Enter key. At the Enter Password: prompt, type admin (default value) and press the Enter key to display the command line > prompt. To see a list of available commands, at the > command line prompt, type ? and press the Enter key .

Step 5. Type Exit and press the Enter key to end the connection session as indicated in a few seconds by the Windows informational message balloon pop-up icon "Local Area Connection - A network cable is unplugged."

Step 6. Close TELNET. 6.3 SSH Secure Shell (SSH ) is a network protocol that uses public key cryptography that allows secure network services to be exchanged over an insecure network between two networked devices. SSH Secure Shell with its array of unmatched security features is an essential tool in today's network environment. It is a powerful guardian against the numerous security hazards that nowadays threaten network communications.

Several different versions of the Secure Shell client and server exist. Please note that the different versions may use different implementations of the SSH protocol, and therefore you may not be able to connect to an SSH1 server using SSH2 client software, or vice versa.

Restrictions for Secure Shell Version 2 Support: Execution Shell and remote command execution are the only applications supported. Compression is not supported.

The following instructions illustrate a "typical" PuTTy SSH client configuration. This example was prepared using PuTTy version 0.60. PuTTy.

50 SS-22xx-10G Fiber Network Taps

Step 1. When you start PuTTy, you see the dialog box that allows you to control everything PuTTy can do. You don't need to change most of the configuration options. To start the simplest kind of session, all you need to do is to enter a few basic parameters.

Step 2. In the Host Name (or IP address) box, enter the host name or IP address of the SSH Server you want to connect to. Once you have filled in the Host Name (or IP address), Connection type: [default: SSH] and possibly Port [default: 22] settings, you are ready to connect.

Management Connection 51

Step 3. Press the Open button at the bottom of the dialog box, and PuTTy will begin trying to connect you to the server. If you are using SSH to connect to the SSH Server for the first time, you will probably see a message looking something like this:

This is a feature of the SSH protocol. It is designed to protect against a network attack known as spoofing: redirecting your connection to a different computer, so that you send your password to the wrong machine. To prevent this attack, each SSH Server has a unique identifying code, called a host key. So if you connect to a SSH Server and it sends you a different host key from the one you were expecting, you will have the chance to abandon your connection before you type any private information (such as a password) into it. So the warning message above asks you whether you want to trust this host key or not.

Whether or not to trust the host key is your choice. If you are connecting within a company network, you might feel that all the network users are on the same side and spoofing attacks are unlikely, so you might choose to trust the key without checking it. If you are connecting across a hostile network (such as the Internet) you should check with your system administrator, perhaps by telephone or in person.

Step 4. After you have connected, you will be asked to login as:, using a username and a password. Type the username Administrator (default value) and press the Enter key. At the Administrator@hostname (or IP address)'s password: prompt, type admin (default value) and press the Enter key to display the command line > prompt. To see a list of available commands, at the > command line prompt, type ? and press the Enter key .

Step 5. Type Exit and press the Enter key to end the connection session which is indicated by logout followed by PuTTy Fatal Error message that Server unexpectedly closed network connection. Acknowledge the PuTTy Fatal Error message by clicking the OK button.

Step 6. Close PuTTy.

52 SS-22xx-10G Fiber Network Taps

6.4 Command Line Interface (CLI) The Command Line Interface (CLI ) is used to: set IP address (default 192.168.1.1), Subnet Mask (default 255.255.0.0) and Gateway (default 192.168.1.0) set Management Port Any-to-Any port speeds and duplex enables the user to select which ports or groups of ports receive the data stream copies Please review the entire Initial Configuration section before proceeding with installation. 6.4.1 Basic Functionality Window Size Functionality: The CLI window has a limited number of character spaces available (80 characters per line). If more data than can fit on one line, the line will wrap to the next line.

Character Handling: Printable characters (ASCII codes 32-126) and non-printable codes noted below: Non-Printable Character Description Executes command; places command in history buffer Erases previous character entry; removes history buffer entry

Connectivity/Authentication Functionality: Connectivity to this product is made through the Management RJ45 or Serial DB9 port and authentication is required.

Base Prompt: This is the text presented to the user logging in to use the CLI (default values shown). All Usernames and passwords are case-sensitive.

Enter Username: Administrator Enter Password: admin > 6.4.2 Basic Commands This section shows the long form of the basic command with the shortcut input noted in parenthesis. After the topic heading, a brief overview of the command display function is given followed by an example (Example: >) command input. All commands, either the exact long form or the shortcut form, are entered after the prompt (default >) at the cursor. No auto-fill mode is available.

6.4.2.1 HELP (HE) or (?) This command displays a list of commands, shortcut inputs, and a short description. Refer to the detailed command description within this section. A brief display of the HELP data is shown: Example: > ? Available commands HELP HELP / ? Show Help

Management Connection 53

EXIT EX Exit Shell POWER STATUS PO ST Show Current Power Status SHOW SH Show All Current Configurable Values SHOW CURRENT USER SH CU US Show Current Login User SHOW SYS NAME SH SY NA Show System Name SHOW SYS DESC SH SY DE Show System Description SHOW MANAGEMENT SH MA Show Management Configuration SHOW PORT CONFIG SH PO CO Show (All) Port Configuration SHOW PORT NAME SH PO NA Show Port Name [ALL or Port Number] SHOW PORT STATS SH PO ST Show Port Stats [Port Number, A or B] SHOW PORT DESC SH PO DE Show Port Description [ALL or Port Number] SHOW SWITCH PORT SH SW PO Show Switch Port SHOW PRODUCT SH PR Show Product Name and Serial Number SHOW SERIAL SH SE Show Serial Port Configuration SHOW SERVICE STATUS SH SV ST Show Service Status SHOW TIME SH TI Show System Date and Time SHOW SESSION TIMEOUT SH SE TI Show Session Timeout value SHOW STACK SH ST Display Stack Addresses SHOW SNMP SH SN Display SNMP Configuration SHOW SNMPV3 USERS SH VW US Show SNMPV3 Users SHOW SNMPV3 TRAP DESTINATION SH V3 TR DE Show SNMPV3 Trap Destination SHOW NSMPV2C READCOMMUNITY SH V2 RC Show SNMPV2C readcommunity SHOW NSMPV2C WRITECOMMUNITY SH V2 WC Show SNMPV2C writecommunity SHOW SNMPV2C TRAP DESTINATION SH V2 TR DE Show SNMPV2C Trap Destination SHOW USERS SH US Display Users ADD USER AD US Add User EDIT USER ED US Change Username / Password DELETE USER DE US Delete Us REBOOT Reboots unit SET SYS NAME SE SY NA Set System Name (Max 64 characters)

54 SS-22xx-10G Fiber Network Taps

SET SYS DESC SE SY DE Set System Description (Max 512 characters) SET PROMPT SE PR Set text prior to prompt symbol > SET DATE SE DA Set System Date SET SESSION TIMEOUT SE SE TI Set Session Timeout value SET TIME SE TI Set System Time SET MANAGEMENT PORT SE MA PO Set Management Port Configuration SET IP SE IP Set IP SET AUTO ADDRESS SE AU AD Set Daisy-Chain Auto Address SET SUBNET SE SU Set Subnet Mask SET GATEWAY SE GA Set Default Gateway SET TCP PORT SE TC PO Set TCP Port SET SWITCH PORT SE SW PO Set Switch Port [A or B] [Port Number] SET PORT NAME SE PO NA Set Port Name [Port Number TO portname] SET PORT DESC SE PO DE Set Port Description [Port Number TO description] DEL PORT NAME DE PO NA Delete Port Name [Port Number] DEL PORT DESC DE PO DE Delete Port Description [Port Number] SET PORT SPEED SE PO SP Set Port Speed [Port Number, A or B] [Speed] where Speed equals: "1000X-Manual" "1000X-Auto" "100G"

SET PING SE PI Set Ping Enable [ON / OFF] SET TELNET SE TE Set TELNET Enable [ON / OFF] SET SSH SE SS Set Secure Shell Enable [ON / OFF] ADD RADIUS AD RA Add Radius Configuration ip[:Port] [Secret} port 1645 default DELETE RADIUS DE RA Delete Radius Configuration ip[: Port] port 1645 default SET RADIUS SECRET SE RA SE Set Radius Secret ip[:Port] [Secret] port 1645 default SET RADIUS TIMEOUT SE RA TI Set Radius Timeout ip[:Port]

Management Connection 55

[timeout] port 1645 default SHOW RADIUS SH RA Show Radius Configuration ADD TACACS LOGIN AD TA LO Add TACACS Login ip[:Port] [Secret} port 49 default ADD TACACS RIGHTS AD TA RI Add TACACS rights ip[:Port] [Secret} [Service] port 49 default DELETE TACACS LOGIN DE TA LO Delete TACACS login ip[:Port] port 49 default DELETE TACACS RIGHTS DE TA RI Delete TACACS rights ip[:Port] port 49 default SET TACACS LOGIN SECRET SE TA LO SE Set TACACS login Secret ip[:Port] [Secret} port 49 default SET TACACS RIGHTS SECRET SE TA RI SE Set TACACS rights secret ip[:Port] [Secret} port 49 default SET TACACS RIGHTS SERVICE SE TA RI SV Set TACACS rights service ip[: Port] [secvice} port 49 default SET TACACS TIMEOUT SE TA TI Set TACACS timeout [timeout] SHOW TACACS SH TA Show TACACS Configuration SET AUTHENTICATION ORDER SE AU OR Set Authentication Order primary [secondary] = RA(DIUS), TA (CACS) or LO(CAL) SHOW AUTHENTICATION ORDER SH AU OR Show Authentication Order Configuration SET SNMPV3 SUPERSUSER SE V3 SU Set SNMPV3 Superuser ,name auth authPass priv privPass> where: name - SNMP principal auth - MD5/SHA authPass - AUTH pass phrase (at least 12 characters) priv - DES/AES privPass - PRIV pass phrase (at least 12 characters)

SET SNMPV3 MONITORUSER SE V3 MU Set SNMPV3 monitoruser ,name auth authPass priv privPass> where: name - SNMP principal auth - MD5/SHA authPass - AUTH pass phrase (at least 12 characters)

56 SS-22xx-10G Fiber Network Taps

priv - DES/AES privPass - PRIV pass phrase (at least 12 characters) DELETE SNMPV3 USER DE V3 US Delete SNMPV3 user SET SNMPV3 TRAP DESTINATION SE V3 TR DE Set SNMPV3 Trap Destination where: security level = noAuthNoPriv, authNoPriv, or authPriv DELETE SNMPV3 TRAP DESTINATION DE V3 TR DE Delete SNMPV3 Trap Destination , Trap Dest IP Address> where: security level = noAuthNoPriv, authNoPriv, or authPriv SET SNMPV2C READCOMMUNITY SE V2 RC Set SNMPV2C readcommunity DELETE SNMPV2C READCOMMUNITY DE V2 RC Delete SNMPV2C readcommunity SET SNMPV2C WRITECOMMUNITY SE V2 WC Set SNMPV2C writecommunity DELETE SNMPV2C DE V2 WC Delete SNMPV2C writecommunity WRITECOMMUNITY SET SNMPV2C TRAP DESTINATION SE V2 TR DE Set SNMPV2C Trap Destination DELETE SNMPV2C TRAP DE V2 TR DE Delete SNMPV2C Trap DESTINATION Destination SET SNMP SE SN ON/ Enable/Disable the SNMP protocol OFF RESET SNMP DEFAULTS RE SN DE Reset SNMP Configuration to Defaults RESTART WEB SERVER RE WE SE Restart StresmLite Web Server

Management Connection 57

6.4.2.2 EXIT (EX) This command exits the Command Line Interface shell. It is entered and displays data as shown: EXIT (EX) Example: > EX Exiting . . . Press [ENTER] Twice to activate this console ...... Connection to host lost. Press any key to continue . . .

6.4.2.3 POWER STATUS (PO ST) This command displays current power status information. It is entered and displays data as shown:

POWER STATUS (PO ST) Example: > PO ST Power Supply 1: Seated: Yes AC Fault: No DC Fault: No Fan Fault: No Temperature Fault: No Power Supply 2: Seated: Yes AC Fault: No DC Fault: No Fan Fault: No Temperature Fault: No >

6.4.2.4 SHOW (SH) This command displays product general information. It is entered and displays data as shown:

SHOW (SH)

Example: > SH Date/Time: 11/15/2011 12:05:31 Product: SS-22xx-10G Serial Number: 9326023 Release Version: 1.0.0.3

58 SS-22xx-10G Fiber Network Taps

MAC Address:00-14-E2-0C-0D-0E Current IP Settings: IP: 192.168.1.1 Subnet Mask: 255.255.0.0 Gateway: 192.168.0.0 TCP Port: 2370 Serial 0 Speed: 115200 Serial 1 Speed: 115200 SSH Process is ON. Telnet Process is ON. Ping Process is ON. >

6.4.2.5 SHOW CURRENT USER (SH CU US) This command displays current login user information. It is entered and displays data as shown:

SHOW CURRENT USER (SH CU US)

Example: > SH CU US Current User: Administrator >

6.4.2.6 SHOW SYS NAME (SH SY NA) This command displays current system name information. It is entered and displays data as shown:

SHOW SYS NAME (SH SY NA)

Example: > SH SY NA System Name: Global Trade Center >

6.4.2.7 SHOW SYS DESC (SH SY DE) This command displays current system description information. It is entered and displays data as shown:

SHOW SYS DESC (SH SY DE)

Example: > SH SY DE System Desc: International Feed >

Management Connection 59

6.4.2.8 SHOW MANAGEMENT (SH MA) This command displays Management RJ45 port information. It is entered and displays data as shown:

SHOW MANAGEMENT (SH MA)

Example: > SH MA MAC Address: 00-14-E2-00-23-9F Current IP Settings: IP Address: 192.168.1.1 IP Subnet Mask: 255.255.0.0 IP Gateway: 192.168.0.0 TCP Port: 2370 >

6.4.2.9 SHOW PORT CONFIG (SH PO CO) This command displays all port configuration information. It is entered and displays data as shown: SHOW PORT CONFIG (SH PO CO) [port number} Example:

> SH PO CO Port 1 Name = Lambda Desc = 45 Omicron Cfg. Speed = 10G Act. Speed = Link Down

listing continues until all ports are displayed >

6.4.2.10 SHOW PORT NAME (SH PO NA) This command displays All or Port Number Name information. It is entered and displays data as shown: SHOW PORT NAME [ALL or x] (SH PO NA) Example: > SH PO NA ALL Logical Port No. 1 = Channel_1 Logical Port No. 2 = Channel_2 Logical Port No. 3 = Channel_3 Logical Port No. 4 = Channel_4

60 SS-22xx-10G Fiber Network Taps

Logical Port No. 5 = Channel_5 Logical Port No. 6 = Channel_6 Logical Port No. 7 = Channel_7 Logical Port No. 8 = Channel_8 ...... until all displayed >

6.4.2.11 SHOW PORT STATS (SH PO ST) This command displays Port Status information. It is entered and displays data as shown: SHOW PORT STATUS (SH PO ST) [portnumber] Example: > SH PO ST 12 Port Name: P12 Vendor: Unknown PN: Unknown Media: Unknown Cfg: Unknown Link @: No Link >

6.4.2.12 SHOW PORT DESC (SH PO DE) This command displays the Port description. It is entered and displays data as shown: NOTE: Displays text entered in SET PORT DESC (SE PO DE) command. SHOW PORT DESC (SH PO DE) [port number} Example: > SH PO DE 5 This port monitors outbound traffic <-- (max 512 character limit) >

6.4.2.13 SHOW SWITCH PORT (SH SW PO) This command displays the current switch routing configuration. It is entered and displays data as shown:

SHOW SWITCH PORT (SH SW PO)

Example: > SH SW PO Monitor A Set to: 3 >

Management Connection 61

6.4.2.14 SHOW PRODUCT (SH PR) This command displays the name, serial number, and firmware version of the product as shown: SHOW PRODUCT (SH PR) Example: > SH PR Product: SS-2224 Serial Number: 9326023 Release Version: 1976 >

6.4.2.15 SHOW SERIAL (SH SE) This command displays the Serial Port. It is entered and displays data as shown: > SHOW SERIAL (SH SE) Example: > SH SE Serial 1 Speed: 115200 Serial 2 Speed: 115200 >

6.4.2.16 SHOW SERVICE STATUS (SH SV ST) This command displays the Service Status. It is entered and displays data as shown: > SHOW SERVICE STATUS (SH SV ST) Example: > SH SV ST SSH Service is ON Telnet Service is ON Ping Service is ON >

6.4.2.17 SHOW TIME (SH TI) This command displays the set date and time for the product, it is entered as shown: > SHOW TIME (SH TI) Example: > SH TI Date/Time: 10-09-2007 12:40:25 >

62 SS-22xx-10G Fiber Network Taps

6.4.2.18 SHOW SESSION TIMEOUT (SH SE TI) This command displays Session Timer value. It is entered and displays data as shown: > SHOW SESSION TIMEOUT (SH SE TI) Example 1: > SH SE TI Session Timer: 15 Minutes >

6.4.2.19 SHOW STACK (SH ST) This command displays current stack information. It is entered and displays data as shown:

Warning: All the units in a stack must be the same firmware version.

SHOW STACK (SH ST)

Example: (For a stacked configuration consisting of 3 units)

> SH ST Address <0> Present: Model: SS-2212-SR-10G735 Build Version: 2474 Serial No: 12.74 MAC Address: 00:14:E2:00:1B:16 Number of Ports: 10 Address <1> Present: Model: SS-2212-SR-10G735 Build Version: 2474 Serial No: 12.75 MAC Address: 00:14:E2:00:1B:17 Number of Ports: 10 Address <2> Present: Model: SS-2212-SR-10G735 Build Version: 2474 Serial No: 12.76 MAC Address: 00:14:E2:00:1B:18 Number of Ports: 10 >

Management Connection 63

6.4.2.20 SHOW SNMP (SH SN) This command displays the SNMP configuration. It is entered and displays data as shown: > SHOW SNMP (SH SN) Example: > SH SN SNMP is ON SNMPv2c community configuration: SNMPv2c READCOMMUNITY: 'public' SNMPv2c WRITECOMMUNITY: 'private' SNMPv2c trap configuration: 192.17.1.8 162 'public' SNMPv3 user configuration: monitorusername monitorGroup username adminGroup SNMPv3 trap configuration: 192.17.1.8 162 monitorusername authPriv >

6.4.2.21 SHOW SNMPV3 USERS (SH V3 US) This command displays the SNMPV3 Users. It is entered and displays data as shown: > SHOW SNMPV3 USERS (SH V3 US) Example: > SH V3 US No V3 Users... >

6.4.2.22 SHOW SNMPV3 TRAP DESTINATION (SH V3 TR DE) This command displays the SNMPV3 Trap Destination. It is entered and displays data as shown: > SHOW SNMPV3 TRAP DESTINATION (SH V3 TR DE) Example: > SH V3 TR DE No V3 Trap Destinations are set >

64 SS-22xx-10G Fiber Network Taps

6.4.2.23 SHOW SNMPV2C READCOMMUNITY (SH V2 RC) This command displays the SNMPV2 readcommunity. It is entered and displays data as shown: > SHOW SNMPV2 READCOMMUNITY (SH V2 RC) Example: > SH V2 RC SNMPv2c READCOMMUNITY: '' >

6.4.2.24 SHOW SNMPV2C WRITECOMMUNITY (SH V2 WC) This command displays the SNMPV2 writecommunity. It is entered and displays data as shown: > SHOW SNMPV2 WRITECOMMUNITY (SH V2 WC) Example: > SH V2 WC SNMPv2c WRITECOMMUNITY: '' >

6.4.2.25 SHOW SNMPV2C TRAP DESTINATION (SH V2 TR DE) This command displays the SNMPV2 Trap Destination. It is entered and displays data as shown: > SHOW SNMPV2 TRAP DESTINATION (SH V2 TR DE) Example: > SH V2 TR DE No V2c Trap Destinations are set' >

6.4.2.26 SHOW USERS (SH US) This command displays users (other than Administrator) for the configurable product as shown: SHOW USERS (SH US) Example: > SH US < users listed other than Administrator, nothing listed for Administrator Done >

Management Connection 65

6.4.2.27 ADD USER (AD US) This command is used to add users to the configurable product as shown: ADD USER (AD US) Example 1: > AD US Enter User Name: newuser Enter Password: new Re-Enter Password: new Select Permissions: Administrative User? (Y/N): Y User Added >

Example 2: > AD US Enter New Username: newuser Enter Password: new Re-Enter Password: new Select Permissions: Administrative User? (Y/N): N User Setup? (W/R/N): N Port Setup? (W/R/N): N IP Config? (W/R/N): N Date/Time? (W/R/N): N Firmware Upgrades? (W/R/N): N User Added

66 SS-22xx-10G Fiber Network Taps

6.4.2.28 EDIT USER (ED US) This command is used to edit Usernames/Passwords. It is entered and displays data as shown: EDIT USER (ED US) user name Example: >ED US Enter New Username: edituser Enter Password: **** Confirm Password: **** User edituser has been saved # Enter New Username: newuser Enter Password: new Re-Enter Password: new Select Permissions: Administrative User? (Y/N): N User Setup? (W/R/N): N Port Setup? (W/R/N): Y IP Config? (W/R/N): N Date/Time? (W/R/N): Y Firmware Upgrades? (W/R/N): N User Added

6.4.2.29 DELETE USER (DE US) This command is used to delete users of the configurable product as shown: DELETE USER (USERNAME) Example: > DE US Enter User Name: newuser User deleted: newuser >

6.4.2.30 REBOOT This command is used to reboot the product. It is entered and displays data as shown: REBOOT Example: > REBOOT Product booting sequence scrolls about 40 seconds until prompt: Please press Enter to activate this console.

Management Connection 67

6.4.2.31 SET SYS NAME (SE SY NA) This command, followed by the entered system name (up to 64 characters), assigns that name to the system properties. It is entered and displays data as shown: SET SYS NAME (SE SY NA) [name text] NOTE: max 64 characters Example: > SE SY NA Global Trade Center System Name: Global Trade Center >

6.4.2.32 SET SYS DESC (SE SY DE) This command, followed by the entered system description (up to 512 characters), assigns that description to the system properties. It is entered and displays data as shown: SET SYS DESC (SE SY DE) [description text] NOTE: max 512 characters Example: > SE SY DE International Feed System Desc: International Feed >

6.4.2.33 SET PROMPT (SE PR) This command, followed by the new prompt [new prompt] sets the prompt as shown: SET PROMPT (SE PR) [new prompt] Example: > SE PR [new prompt] Prompt Set: The new prompt will be applied after typing EXIT >

6.4.2.34 SET DATE (SE DA) This command, followed by the date (MMDDYY), sets the real time clock date as shown: SET DATE (MMDDYY) Example: > SE DA 102710 Wed Oct 27 16:01:26 EDT 2010 Date Set >

68 SS-22xx-10G Fiber Network Taps

6.4.2.35 SET SESSION TIMEOUT (SE SE TI) This command sets the Session Timeout parameter. It is entered and displays data as shown: > SET SESSION TIMEOUT (SE SE TI) [valid range is 1 Minute to 60 Minutes] Example: > SE SE TI 20 Session Timeout Set to 20 Minute. The new timeout will take effect on next login. >

6.4.2.36 SET TIME (SE TI) This command sets the real time clock time with the time HHMMSS [24-hour EDT] as shown: SET TIME (HHMMSS) Example: > SE TI 160200 Time Set >

6.4.2.37 SET MANAGEMENT PORT (SE MA PO) This command turns the Ethernet Management Port ON (default) or OFF as shown: SET MANAGEMENT PORT (SE MA PO) [OFF or ON] Example 1: > SE MA PO OFF Management Port Disabled. Changes will be applied after typing EXIT >

6.4.2.38 SET IP (SE IP) This command configures the IP address (default 192.168.1.1) parameter as shown: NOTE: Recommend using the direct serial connection with any terminal emulation application. > SET IP (SE IP) [nnn.nnn.nnn.nnn] Example: > SE IP 172.169.50.134 Device IP Address: Changes will be applied after typing EXIT >

Management Connection 69

6.4.2.39 SET AUTO ADDRESS (SE AU AD) This command configures the stack unit addresses. Addresses range from 0 to n where “n” is the number of “slave” units (eg: number of units stacked to a single master unit). Warning: All the units in a stack must be the same firmware version. The master is always address 0. The first stacked (slave) unit is address 1, the second is address 2 etc. NOTE: Recommend using the direct serial connection with any terminal emulation application. > SET AUTO ADDRESS (SE AU AD) The parameter that is required is the TOTAL number of units that are stacked. For example, if three units are connected in a stacked configuration, their address would be set by typing: Example: > SE AU AD 3 Box 0 present Box 1 present Box 2 present >

6.4.2.40 SET SUBNET (SE SU) This command configures the Subnet Mask (default 255.255.0.0) parameter.as shown: NOTE: Recommend using the direct serial connection with any terminal emulation application. > SET SUBNET (SE SU) [nnn.nnn.nnn.nnn] Example: > SE SU 255.255.255.0 Device Subnet Set: Changes will be applied after typing EXIT >

6.4.2.41 SET GATEWAY (SE GA) This command configures the Gateway (default 192.168.1.0) parameter as shown: NOTE: Recommend using the direct serial connection with any terminal emulation application. > SET GATEWAY (SE GA) [nnn.nnn.nnn.nnn] Example: > SE GA 172.169.50.1 Device Gateway Set: Changes will be applied after typing EXIT >

70 SS-22xx-10G Fiber Network Taps

6.4.2.42 SET TCP PORT (SE TC PO) This command configures the TCP Port (default 2370) parameter as shown: ™ NOTE: Use of the Graphical User Interface (GUI) STREAMLITE is highly recommended for firmware upgrades using the Setup - System 43 Firmware function, but this port may be used for firmware upgrades communication using the Datacom Systems FLASHutils (http://www. datacomsystems.com/support/downloads.asp) utility.

> SET TCP PORT (SE TC PO) [nnnnn] Example: > SE TC PO 17216 Device TCP/IP Port Number Set: Changes will be applied after typing EXIT >

6.4.2.43 SET SWITCH PORT (SE SW PO)

Enter topic text here.

6.4.2.44 SET PORT NAME (SE PO NA) This command, followed by the port number, a command separator (TO), then the name text (up to 64 characters), assigns the new name text entered. It is entered and displays data as shown: SET PORT NAME (SE PO NA) [portnumber TO name text] Example: > SE PO NA 4 TO Port 4 Portname is set >

6.4.2.45 SET PORT DESC (SE PO DE) This command, followed by the port number, a command separator (TO), then the description text (up to 512 characters), assigns the description text entered. It is entered and displays data as shown: SET PORT DESC (SE PO DE) [portnumber TO description text] NOTE: max 512 characters Example: > SE PO DE 5 TO This port monitors outbound traffic port description is set >

Management Connection 71

6.4.2.46 DEL PORT NAME (DE PO NA) This command, followed by the port number, deletes the port name of the port number given. It is entered and displays data as shown: DEL PORT NAME (DE PO NA) [portnumber] Example: > DE PO NA 4 Port Name deleted for port 4 >

6.4.2.47 DEL PORT DESC (DE PO DE) This command, followed by the port number, deletes the port description of the port number given. It is entered and displays data as shown: DEL PORT DESC (DE PO DE) [portnumber] Example: > DE PO DE 4 Port Description deleted for port 4 >

6.4.2.48 SET PORT SPEED (SE PO SP) This command, followed by the port number and speed assigns the specified speed characteristic to the specified port. It is entered and displays data as shown: SET PORT SPEED (SE PO SP) [port number] [speed] where speed equals: 1000x-Manual 1000x-Auto 10G

NOTE: To verify port speed, use the SHOW PORT STATS 60 or SHOW PORT CONFIG 59 command. Example: > SE PO SP 14 10G Port 14 Speed Set to: 10G > GENERAL NOTES ON SPEED COMMANDS: SE PO SP (port number) 1000x-Manual is used in conjunction with another fiber port configured as 1G without auto-negotiation enabled. This mode should be used for a 1G fiber port monitoring traffic through a passive splitter.

72 SS-22xx-10G Fiber Network Taps

SE PO SP (port number) 1000x-Auto is used in conjunction with another fiber port supporting the 1G fiber auto-negotiation process linked to another full duplex transceiver. SE PO SP (port number) 10G is used to set the port to 10G fiber.

6.4.2.49 SET PING (SE PI) ON/OFF This command enables or disables PING (default ENABLED) service process as shown: SET PING (SE PI) [OFF or ON] Example 1: > SE PI OFF Ping Replies OFF > Example 2: > SE PI ON Ping Replies ON >

6.4.2.50 SET TELNET (SE TE) ON/OFF This command enables or disables TELNET (default ON) service process as shown: SET TELNET (SE TE) [OFF or ON] Example 1: > SE TE OFF Telnet OFF > Example 2: > SE TE ON Telnet ON >

6.4.2.51 SET SSH (SE SS) ON/OFF This command enables or disables SSH (default ENABLED) service process as shown: SET SSH (SE SS) [OFF or ON] Example 1: > SE SS OFF SSH OFF >

Management Connection 73

Example 2: > SE SS ON SSH ON >

6.4.2.52 ADD RADIUS (AD RA) This command adds a Radius Server using one of the known Radius IP addresses and configured TCP port (1645 default) number and the shared secret set up on the Radius Server client for your IP. It is entered and displays data as shown:. ADD RADIUS (AD RA) ip[:port] Secret Example: > AD RA 197.16.0.118:1645 myRadiusSecret Radius Server 197.16.0.118:1645 myRadiusSecret Added Successfully! >

6.4.2.53 DELETE RADIUS (DE RA) This command deletes a Radius Server. It is entered and displays data as shown: DELETE RADIUS (AD RA) ip[:port] Example: > DE RA 197.16.0.118 Radius Server 197.16.0.118:1645 myRadiusSecret Deleted Successfully! >

6.4.2.54 SET RADIUS SECRET (SE RA SE) This command sets Radius Server Secret using one of the known Radius IP addresses and configured TCP port (1645 default) number and the shared secret set up on the Radius Server client for your IP. It is entered and displays data as shown:. SET RADIUS SECRET (SE RA SE) ip[:port] Secret Example: > SE RA SE 197.16.0.118 yourRadiusSecret Server 197.16.0.118 Secret changed to yourRadiusSecret >

6.4.2.55 SET RADIUS TIMEOUT (SE RA TI) This command sets the Radius Server timeout (3 second default) session using one of the known Radius IP addresses and configured TCP port (1645 default) number on the Radius Server client for your IP. The time must be between 1 and 60 seconds. It is entered and displays data as shown:. SET RADIUS TIMEOUT (SE RA TI) ip[:port] timeout (must be between 1 and 60 seconds)

74 SS-22xx-10G Fiber Network Taps

Example: > SE RA TI 197.16.0.118 15 Server 197.16.0.118 Timeout changed to 15 >

6.4.2.56 SHOW RADIUS (SH RA) This command shows the Radius Server IP address, configured TCP port number, Secret and Timeout for the Radius Server client for your IP. It is entered and displays data as shown:. SHOW RADIUS (SH RA) Example: > SH RA Radius Server List: IP: 197.16.0.118 Port: 1645 Secret: myRadiusSecret Timeout: 15 (s) >

6.4.2.57 ADD TACACS LOGIN (AD TA LO) This command adds a TACACS Server using one of the known TACACS IP addresses and configured TCP port (49 default) number and the shared secret set up on the TACACS Server client for your IP. It is entered and displays data as shown:. ADD TACACS LOGIN (AD TA LO) ip[:port] Secret Example: > AD TA LO 197.16.0.118:1645 +secret Tacacs Authentication (Login) Server 197.16.0.118:49 +secret Added Successfully!! >

6.4.2.58 ADD TACACS RIGHTS (AD TA RI) This command adds TACACS rights Server using one of the known TACACS IP addresses, configured TCP port (49 default) number, the shared secret and Authorization Service set up on the TACACS Server client for your IP. It is entered and displays data as shown:. ADD TACACS RIGHTS (AD TA RI) ip[:port] Secret Authorization Service Example: > AD TA RI 197.16.0.118:1645 +secret DSI-SL Tacacs Authorization (Rights) Server 197.16.0.118:49 +secret DSI-SL Added Successfully! >

Management Connection 75

6.4.2.59 DELETE TACACS LOGIN (DE TA LO) This command deletes a TACACS Server for your IP. It is entered and displays data as shown:. DELETE TACACS LOGIN (DE TA LO) ip[:port] Example: > DE TA LO 197.16.0.118 Tacacs Authentication (Login) Server 197.16.0.118:49 Deleted Successfully! >

6.4.2.60 DELETE TACACS RIGHTS (DE TA RI) This command deletes TACACS Rights for your IP. It is entered and displays data as shown:. DELETE TACACS RIGHTS (DE TA RI) ip[:port] Example: > DE TA RI 197.16.0.118 Tacacs Authorization (Rights) Server 197.16.0.118:49 Deleted Successfully! >

6.4.2.61 SET TACACS LOGIN SECRET (SE TA LO SE) This command sets TACACS Server Secret using one of the known TACACS IP addresses and configured TCP port (1645 default) number and the shared secret set up on the TACACS Server client for your IP. It is entered and displays data as shown:. SET TACACS LOGIN SECRET (SE RA SE) ip[:port] Secret Example: > SE TA LO SE 197.16.0.118 +secret Authentication (Login) Server 197.16.0.118:49 Secret changed to +secret >

6.4.2.62 SET TACACS RIGHTS SECRET (SE TA RI SE) This command sets TACACS Rights Secret using one of the known TACACS IP addresses and configured TCP port (49 default) number and the shared secret set up on the Radius Server client for your IP. It is entered and displays data as shown:. SET TACACS RIGHTS SECRET (SE TA RI SE) ip[:port] Secret Example: > SE TA RI SE 197.16.0.118 +secret Authorization (Rights) Server 197.16.0.118:49 Secret changed to +secret >

76 SS-22xx-10G Fiber Network Taps

6.4.2.63 SET TACACS RIGHTS SERVICE (SE TA RI SV) This command sets TACACS Rights Service using one of the known TACACS IP addresses and configured TCP port (49 default) number and the shared secret set up on the Radius Server client for your IP. It is entered and displays data as shown:. SET TACACS RIGHTS SERVICE (SE TA RI Sv) ip[:port] Service Example: > SE TA RI SV 197.16.0.118 DSI-SL Authorization (Rights) Server 197.16.0.118:49 Service changed to DSI-SL >

6.4.2.64 SET TACACS TIMEOUT (SE TA TI) This command sets the TACACS Server timeout (60 second default) session. The time must be between 1 and 60 seconds. It is entered and displays data as shown:. SET TACACS TIMEOUT (SE TA TI) (must be between 1 and 60 seconds) Example: > SE TA TI 45 Tacacs Timeout changed to 45 >

6.4.2.65 SHOW TACACS (SH TA) This command shows the Radius Server IP address, configured TCP port number, Secret and Timeout for the Radius Server client for your IP. It is entered and displays data as shown:. SHOW TACACS (SH TA) Example: > SH TA Tacacs Configuration Parameters: Timeout: 34 Tacacs Authentication (Login) Server List: IP: 197.16.0.118 Port: 49 Secret: +secret Tacacs Authorization (Rights) Server List: IP: 197.16.0.118 Port: 49 Secret: +secret Authorization Service: DSI-SL >

Management Connection 77

6.4.2.66 SET AUTHENTICATION ORDER (SE AU OR) This command sets the TACACS Radius, TACACS and LOCAL authentication primary and secondary order. It is entered and displays data as shown:. NOTE: An authentication server must have been previously specified.

SET AUTHENTICATION ORDER (SE AU OR) primary(secondary) Where primary/secondary = RA(DIUS), TA(CACS) or LO(CAL) Example: > SE AU OR RA LO Authentication: radius,local >

6.4.2.67 SHOW AUTHENTICATION ORDER (SH AU OR)

This command shows the authentication order.It is entered and displays data as shown:. SHOW RADIUS (SH RA) Example: > SH AU OR Authentication Order: 1: radius 197.16.0.118 / 1645 2: local >

6.4.2.68 SET SNMPV3 SUPERUSER (SE V3 SU) This command is required to create an SNMP V3 user. There MUST be at least one SNMP user for the feature to work. It is entered as shown: SET SNMPV3 SUPERUSER (SE V3 SU) where: name SNMP principal [maximum of 32 characters] auth MD5/SHA [authorization encryption type] authPass authorization password - at least 12 characters priv DES/AES [privilege encryption type] privPass privilege password - at least 12 characters Example: > SE V3 SU username MD5 12characters DES characters12 SNMPv3 User Added to non-volatile storage >

78 SS-22xx-10G Fiber Network Taps

6.4.2.69 SET SNMPV3 MONITORUSER (SE VS MU) This command is required to create an SNMP V3 monitoruser. It is entered as shown: SET SNMPV3 MONITOR (SE V3 MU) where: name SNMP monitor [maximum of 32 characters] auth MD5/SHA [authorization encryption type] authPass authorization password - at least 12 characters priv DES/AES [privilege encryption type] privPass privilege password - at least 12 characters Example: > SE V3 MU monitorusername MD5 12characters DES characters12 SNMPv3 User Added to non-volatile storage >

6.4.2.70 DELETE SNMPV3 USER (DE V3 US) This command is used to delete an SNMP V3 user. It is entered as shown: DELETE SNMPV3 USER (DE V3 US) Example: > DE V3 US username User Deleted >

6.4.2.71 DELETE SNMPV3 TRAP DESTINATION (DE V3 TR DE) This command is used to delete an SNMPV3 trap destination.It is entered as shown: DELETE SNMPV3 TRAP DESTINATION (DE V3 TR DE) where: ip address trap destination ip address port trap destination port username SNMPV3 username security level noAuthNoPriv, authNoPriv or authPriv Example: > DE V3 TR DE 197.17.1.8 162 monitorusername authPriv SNMPv3 Trap Destination successfully deleted from non-volatile storage >

Management Connection 79

6.4.2.72 SET SNMPV2C READCOMMUNITY (SE V2 RC) This command is used to set SNMPV2C readcommunity. It is entered as shown: SET SNMPV2C READCOMMUNITY (SE V2 RC) Example: > SE V2 RC public Read Community String Added >

6.4.2.73 DELETE SNMPV2C READCOMMUNITY (DE V2 RC) This command is used to delete SNMPV2C readcommunity. It is entered as shown: DELETE SNMPV2C READCOMMUNITY (DE V2 RC) Example: > DE V2 RC SNMPv2c Read Community String successfully deleted from non-volatile storage >

6.4.2.74 SET SNMPV3 TRAP DESTINATION (SE V3 TR DE) This command is used to set an SNMPV3 trap destination.It is entered as shown: NOTE: SNMPv3 User must first be configured SET SNMPV3 TRAP DESTINATION (SE V3 TR DE) where: ip address trap destination ip address port trap destination port username SNMPV3 username security level noAuthNoPriv, authNoPriv or authPriv Example: > SE V3 TR DE 192.17.1.8 162 monitorusername authPriv SNMPv3 Trap Destination successfully added to non-volatile storage >

6.4.2.75 SET SNMPV2C WRITECOMMUNITY (SE V2 WC) This command is used to set SNMPV2C writecommunity. It is entered as shown: SET SNMPV2C WRITECOMMUNITY (SE V2 WC) Example: > SE V2 WC private SNMPv2c Write Community String Added >

80 SS-22xx-10G Fiber Network Taps

6.4.2.76 DELETE SNMPV2C WRITECOMMUNITY (DE V2 WC) This command is used to delete SNMPV2C writecommunity. It is entered as shown: DELETE SNMPV2C WRITECOMMUNITY (DE V2 WC) Example: > DE V2 WC SNMPv2c Write Community String successfully deleted from non-volatile storage >

6.4.2.77 SET SNMPV2C TRAP DESTINATION (SE V2 TR DE) This command is used to set an SNMPV2C trap destination.It is entered as shown: NOTE: Community String must first be configured SET SNMPV2C TRAP DESTINATION (SE V2 TR DE) where: ip address trap destination ip address port trap destination port community string string Example: > SE V2 TR DE 192.17.1.8 162 public SNMPv3 Trap Destination successfully added to non-volatile storage >

6.4.2.78 DELETE SNMPV2C TRAP DESTINATION (DE V2 TR DE) This command is used to set an SNMPV2C trap destination.It is entered as shown: SET SNMPV2C TRAP DESTINATION (SE V2 TR DE) where: ip address trap destination ip address port trap destination port community string SNMPV3 username

Example: > SE V2 TR DE 192.17.1.8 162 public SNMPv2c Trap Destination successfully added to non-volatile storage >

Management Connection 81

6.4.2.79 SET SNMP (SE SN) ON/OFF This command sets the SNMP service (default DISABLED) process. It is entered as shown: SET SNMP (SE SN) [OFF or ON] Example 1: > SE SN OFF SNMP Disabled. >

Example 2: > SE SN ON SNMP Enabled. >

6.4.2.80 RESET SNMP DEFAULTS (RE SN DE) This command resets the SNMP service to default configuration. It is entered as shown:

NOTE: The SNMP Protocol must be disabled prior to using this command. SE RESET SNMP DEFAULTS (RE SN DE) Example: > RE SN DE SNMP configuration successfully reverted to factory defaults. >

FACTORY DEFAULTS: SNMP is OFF SNMPv2c community configuration: SNMPv2c READCOMMUNITY: '' SNMPv2c WRITECOMMUNITY: '' SNMPv2c trap configuration: SNMPv3 user configuration: SNMPv3 trap configuration

6.4.2.81 RESTART WEB SERVER ((SE WE SE)

™ This command restarts the STREAMLITE Web Server service process as shown: RESTART WEB SERVER Example: > RE WE S3E

(This page intentionally blank)

Customer Service 83

7 Customer Service

Datacom Customer Service is available via telephone and Internet. Please leave a voice or internet message and our Customer Service Staff will return your inquiry as soon as possible. You may also find the assistance you need at our website: http://www.datacomsystems.com

Telephone: +1 315 463-9541 Internet website: http://www.datacomsystems.com 7.1 World Wide Web You can obtain additional information about Datacom Systems, Inc. and its products and services from the World Wide Web at:

http://www.datacomsystems.com 7.2 Warranty

See http://www.datacomsystems.com for warranty detailed information. 7.3 Limits of Liability See http://www.datacomsystems.com for Limits of Liability detailed information.

84 SS-22xx-10G Fiber Network Taps

Da ta com System s Inc. 9 Adler Drive • East Syracuse, NY 13057 TEL: +1 315 463 9541 • FAX: +1 315 463 9557 http://w w w .datacomsystems.com