Juniper Networks IDP8200, IDP250, IDP 800, IDP75 Normal State, NIC Bypass State, NIC State Options

Page 25

Chapter 2: Hardware Overview

Table 4: NIC State Options

ACM

 

 

 

Settings

Modes

Availability

Description

 

 

 

 

NIC bypass

Transparent

„ Sensor failure

While sensor is active, it does not pass

 

mode only

„ Graceful

NSRP packets unless Layer 2 bypass is

 

 

enabled.

 

 

shutdown

 

 

 

 

 

 

When sensor becomes unavailable, ports

 

 

 

mechanically join in a crossover. Traffic

 

 

 

continues to flow, but sensor does not

 

 

 

examine traffic.

 

 

 

 

External

Transparent

Sensor failure only

While sensor is active, it passes NSRP

bypass unit

mode only

 

packets even if Layer 2 bypass is disabled.

 

 

 

On failure, external bypass unit passes

 

 

 

traffic around the sensor.

 

 

 

Note: This is a global setting. If set for any

 

 

 

NIC, NSRP packets are allowed for all NICs.

 

 

 

 

NICS off

All inline

„ Sensor failure

While sensor is active, it does not pass

 

modes

„ Graceful

NSRP packets unless Layer 2 bypass is

 

 

enabled for transparent mode.

 

 

shutdown

 

 

 

 

 

 

When sensor fails or when the sensor

 

 

 

software is shut down, NICs turn off even if

 

 

 

sensor still has power.

 

 

 

 

Normal State

When the IDP is active and NICs are in the normal state, NICs only pass Layer 2 traffic if in transparent mode and if Layer 2 bypass is enabled. NSRP packets are not passed, so external bypass units do not behave correctly.

NIC Bypass State

Ethernet copper ports on the IDP 75, 250, 800, and 8200 sensors all have built-in port bypass with crossover. Port bypass only works if the sensor is configured for transparent mode. If a sensor fails or is shut down while in transparent mode, the pair of copper ports will automatically fail into a crossover “connected” state, and traffic will flow through them to and from the rest of the network without being analyzed.

NIC bypass works using a watchdog timer. Each port pair has a timer. The sensor sends each timer a reset signal every second. If a timer does not receive a reset signal for three seconds (or the configured time period), the bypass is activated. After the bypass is activated, the timer continues listening for a reset signal. When IDP becomes active again, it sends a reset signal. When the timer receives the reset signal, the bypass deactivates automatically and the sensor goes back to normal operation.

When NICs are in NIC bypass state prior to shutdown or failure, they only pass Layer 2 traffic if in transparent mode and if Layer 2 bypass is enabled. NSRP packets are not passed.

Traffic Ports (Forwarding Interfaces) „ 11

Page 24 Page 26
Image 25
Page 24 Page 26
Contents Releases 4.1r2a April Copyright Notice Table of Contents Chapter Adding the Sensor to NSM Index Page List of Figures Sniffer Mode PassivePage List of Tables Page Audience About This GuideConventions Icon Meaning DescriptionDocumentation Web Access for DocumentationRequesting Technical Support Opening a Case with Jtac Self-Help Online Tools and ResourcesPage Installation Roadmap Planning an InstallationIDP Sensor Placement IDP Configuration BasicsIDP Sensor Deployment Mode Sniffer Mode Passive Transparent Mode Inline Active Advantages and Disadvantages of Sniffer Mode PassiveNetScreen-Security Manager Page IDP Sensors Hardware Overview IDP 250 Sensor IDP 75 Sensor IDP 800 Sensor IDP 800 Front Panel IDP 8200 SensorTraffic Ports Forwarding Interfaces Configurable NIC StatesNormal State Settings Modes Availability DescriptionNIC Bypass State NIC State OptionsExternal Bypass Unit State NIC Bypass and Cable ChoicesNICs Off State Management Ports Power SuppliesConsole Serial Port Management PortIDP Sensor LEDs IDP Sensor Power SuppliesSystem Status LEDs Management and High Availability Port LEDsHard Drive LEDs on Front Panel Traffic Port LEDsPower Supply LED Definitions Back Panel LED Description Power Supply LEDs on Back PanelHard Drive LED Definitions Front Panel LED Description General Installation Guidelines Installing the SensorRack Mounting the IDP Sensor Mounting Using Device Rack RailsRequired Tools Rail with Hinged Rear Bracket Mounting Using Midmount BracketsRU Device IDP 75 Midmount Bracket Connecting PowerInitial Configuration Options Configuring the IDP SensorSimple Configuration Simple Configuration SettingsAdvanced Configuration Simple Configuration ValuesConnecting to the Sensor Using the Console Serial Port to Configure the SensorType an IP address and press Enter Following text appears Connecting Directly Using the Management Port Using the Management Port to Configure the SensorSimple or Advanced Configuration Using the Management Port Connecting Remotely Using the Management PortACM Advanced Configuration QuickStart Simple ConfigurationManager Administrator’s Guide Connecting the High Availability Port Connecting Forwarding InterfacesVerifying Traffic Flow Adding Your Sensor to NSM Adding the Sensor to NSMSelect Device is Reachable default Add Device Wizard Connection Settings Type ssh-keygen -l -f sshhostdsakey and press Enter Add Device Wizard Importing the Device Checking the Status of Your SensorPage Updating Software on the Sensor Updating IDP Sensor Software Using NSM Firmware ManagerLoading a Sensor Image into NSM Updating IDP Sensor Software Without NSM Upgrading Sensor SoftwareReimaging the IDP Sensor Page Remove a Power Supply Replacing a Power Supply IDP 800, and 8200 OnlyServicing the Device Replacing a Hard Drive IDP 800 and 8200 Only Install a Power SupplyRemove a Hard Drive Hard Drive Latch in Closed Position Install a Hard DrivePage Bridge Mode Advanced ConfigurationAdvanced Deployment Modes Advantages and Disadvantages of Bridge Mode Bridge ModeAdvantages and Disadvantages of Router Mode Router ModeAdvantages and Disadvantages of Proxy-ARP Mode Proxy-ARP ModeIDP High Availability Deployment Modes Specifications Physical Specifications Value IDP 75 Technical SpecificationsAC Power Specifications Nominal Value Acceptable Range Power Cord Specifications CountryEnvironmental Specifications IDP 250 Technical SpecificationsSpecification Value IDP 800 Technical Specifications IDP 8200 Technical Specifications EMI Compliance Safety ComplianceImmunity ACM IndexIDP 75, 250, 800, and 8200 Installation Guide 54 „ Index
Related manuals
Manual 84 pages 43.14 Kb
Top Page Image Contents