NEOX NETWORKS NEOXPacketRaven 10 Solution Provider for Network Monitoring and Security Solutions User Guide

NEOX NETWORKS NEOXPacketRaven 10 Solution Provider for Network Monitoring

and Security Solutions

Product Information

The NEOXPacketRaven 10/100/1000Base-T Copper TAPs are a network device that provides unidirectional communication to ensure data traffic flows in only one direction. This feature makes it ideal for providing information security or protecting critical digital systems such as industrial control systems or production networks from cyber-attacks. The TAPs work like a diode and do not allow access to the network via the monitoring ports. This product also features Power over Ethernet (PoE) function, which allows for TAP power supply via PoE.

• Copper TAPs are active decoupling elements for the secure and reliable tapping of network data in copper-based networks. These TAPs are looped into the network line to be monitored and route out all data traffic while maintaining data integrity, without interruption and without packet loss.
• Our copper TAPs have redundant power supplies, but also allow power supply via PoE or 12-48V DC, which guarantees a high level of fail-safety.
• They do not have a MAC or IP address, but work on OSI Layer 1, and are therefore undetectable in the network without expensive measuring equipment. Hackers and other attackers therefore have no chance, and since the integrity of the outgoing data remains unaltered due to this tapping method, Network TAPs are increasingly used in the areas of network forensics, security and monitoring.
• Using conventional SPAN ports, on the other hand, can falsify the result because this technique operates in store-and-forward mode and discards FCS/CRC errors at the OSI Layer 2 level instead of outputting them on the mirror port.
• In contrast, TAPs pass out these critical CRC errors without affecting the original data.
• Furthermore, a copper Network TAP works like a Data Diode and does not allow access to the network via the monitoring ports for security reasons. Therefore, professional network analysis can only be guaranteed by using TAPs.
• PacketRaven10/100/1000Base-T Network TAPs are designed as portable TAPs, but can also be installed in a 19“ mounting frame in data centers using a mounting kit, or on a DIN rails using a DIN rail clip, and support 10Base-T, 100Base-TX and 1000Base-T media types.

More Highlights

• Plug-n-Play, no complex configuration necessary
• Data diode function, does not allow access to the network via the monitoring ports
• Our portable Network TAPs support MDI/MDIX auto-determination.
• This means you can use both straight-through/patch cables and crossover cables.
• Support for up to 16k Jumbo Frames
• Support for PoE/PoE+ IEEE802.3af passthrough and power supply via PoE IEEE802.3af
• Mirrors 100% of the data traffic including FCS/CRC erroneous packets that may be discarded by SPANs
• Can be powered by redundant AC/DC power supplies (5V)
• Designed, assembled, certified and tested in Germany

Data Diode Function

Data diodes guarantee unidirectional communication and ensure that data traffic can only flow in one direction.

• Unidirectional network devices are typically used to provide information security or protection of critical digital systems, such as industrial control systems or production networks from cyber-attacks.
• Our TAPs work like a diode and, for security reasons, do not allow access to the network via the monitoring ports.
• By adding this further security layer, it is thus not possible to compromise the network connection and the productive network.

PoE – Power over Ethernet Functions

The TAP supports both passive PoE and active PoE for passing through the power supply to a PoE-capable device:

• PoE/PoE+ pass-through according to IEEE802.af – the maximum power consumption that an end device can draw via the TAP is 12.95W
• Power supply of the TAP via PoE according to IEEE802.af (active/passive)

TAP Power Supply via PoE
To connect the TAP to a PoE port according to IEEE802.af, please follow the installation steps below:

• First connect the TAP to the PSE (Power Sourcing Equipment) device and make sure that the PoE+ LED lights up.
• As soon as this lights up, the PSE and the TAP have negotiated the power supply and you can now connect your PoE end device to the TAP.
• This sequence must be followed so that the TAP can properly establish power supply via a PSE device per IEEE802.af.
• All other power supply inputs on the TAP can still be used; the PoE power supply increases the redundancy in this case.

Front View – Ports and LEDs

• (A) Power over Ethernet (PoE+) LED If PoE voltage is fed in via the connected network device, this LED lights up.
• (B) Link Loss Detection (LLD) LED (see section 4.1): LLD detects a non-existent link on one of its network ports and then shuts down the other network port. This state is indicated by the LLD LED lighting up.
• (C) RJ45 Network port and status LEDs (see section 4.1)
• (D) 2 power LEDs for AC/DC 5V (see section 5.) It is possible to connect up to 2 power supply units to ensure power supply redundancy.
• (E) RJ45 or SFP Monitoring port and status LEDs (see section 4.1)
• (F) DC power LED for 12-48V DC (see section 5.) If power is supplied via the 12-48V DC connection or via PoE, this LED lights up.
• (G) Aggregation mode LED (see section 6.2) If the Aggregation mode is activated instead of the standard Breakout mode, this LED lights up.

Front View – Meaning of the LEDs

• Depending on the configuration of the TAP speed (see section 6.3), the LEDs light up in different combinations.
• For the copper TAP with RJ45 monitoring port, it must be ensured that all devices connected to the NETWORK port have the same network speed set when configuring the TAP speed.
• As soon as the TAP displays the desired or configured link speed via the LEDs, proper operation of the TAP is ensured.
• On the copper TAP with SFP monitoring port, however, the network speed on the monitoring port is always 1000M or 1G.

RJ45/RJ45 TAP – Breakout/Regeneration mode:

RJ45/RJ45 TAP – Aggregation mode:

RJ45/SFP TAP – Breakout/Aggregation /Regeneration mode:

Back View

• (A) DIP switch for LLD on/off, TAP mode and speed (see section 6.)
• (B) Connection for 12-48V DC voltage. The polarity at the DC connection does not matter, as the TAP automatically detects the live line and passes the power supply to the TAP accordingly in the required form!
• (C) Redundant connections for AC/DC power supplies (5V) For reasons of compatibility and EMC protection, our TAPS may only be operated with the supplied power supplies certified together with the TAP. If the TAP is nevertheless operated with power supplies other than those supplied, any warranty claim granted for the TAP will be voided!

Configuration via DIP switch

• As shown in the illustration on the left, the first switch is used as the LLD on/off switch, the second and third are used to select the operating mode, and the fourth and fifth are used to select the speed.
• The switches numbered 6, 7 and 8 are ignored and left for future use.
• The desired configuration should be set before plugging in the mains cable. If an invalid configuration has been selected, all LEDs on the unit light up and the relay switches will not be activated. In this case, switch off the unit and check the DIP switches.
• When changing the configuration via DIP switches, it is always necessary to perform a restart by disconnecting the power supply so that the new settings are activated!

Link Loss Detection (LLD)
Link Loss Detection is a function that checks whether the link has failed on either network port A or network port B. If the link has failed on network port A when LLD is activated, the TAP also shuts down the link on network port B, and vice versa. When the LLD function is selected (switch 1), the configuration is as follows:

Operating Mode Configuration (may not be modifiable in the case of fixed pre-configured models!)
When selecting the operating mode (switches 2 & 3), the configuration is as follows:

• Breakout: Each Ethernet packet transmitted via the network line is mirrored separately in this mode while maintaining data integrity in the TAP. The send and receive directions are output separately on the two monitoring ports so that the network traffic can be analysed per data direction in this case. Another great advantage of the Breakout mode is the visibility of the network traffic even with a fully loaded network connection. In this mode, the set network speed is transferred to the monitoring ports.
  For example , if the TAP is configured for 100Base-T, then both monitoring ports will also communicate on 100Base-T accordingly. Switch value

• Aggregation: In this mode, the data streams are bundled and output aggregated on both of the monitoring ports. This allows you to evaluate the network data of a full duplex line simultaneously with a single network interface on your analyzer. Due to the aggregation in hardware (FPGA), faulty packet sequences during recording are a thing of the past in this mode. For example, you can analyse the entire data traffic aggregated in 100Base-Tx lines without loss.
  The monitoring ports will always boot the link with 1000Base-TX, no matter what is negotiated on the network side. Switch value 01

• Regeneration: Regeneration is used to capture 100% full duplex traffic that can be sent to multiple monitoring devices (up to 3 in this case) for analysis of your network. In this mode, the network speed settings are synchronised as in Breakout mode and the setting on the DIP switch is applied to all ports. Switch value 10

Fail-Safe Mode: Since Network TAPs are usually installed in critical network lines, it must be ensured that TAPs do not affect the line in any way. By means of fail-safe, the TAP behaves like a cable bridge in the event of a failure or arbitrary deactivation and ensures that the active network connection is not interrupted or at least continues to function without the TAP function and thus does not negatively affect the active line.

Speed Configuration
The following constellation results for the speed selection (switches 4 & 5 ):

Technical Specifications

TAP Models & Accessories

ACCESSORIES

PRODUCT OVERVIEW

NEOX NETWORKS GmbH
Monzastr. 4 · 63225 Langen · Germany
+49 6103 / 37 215 910
[email protected]
www.neox-networks.com

References

• NEOX NETWORKS - Solution Provider für Netzwerk-Monitoring & -Security Lösungen

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>