McAfee IIP-S03K-NA-100I Product Guide - Page 36

McAfee® IntruShield® IPS 4.1

Attaching cables to the I-3000 Sensor

IntruShield Sensor 3000 Product Guide

Cabling for SPAN mode

Using fail-open hardware

The Gigabit Fail-Open kit (sold separately) minimizes the potential risks of in-line

IntruShield sensor failure on critical network links. Both Copper and Optical versions

of the Kit are available.

The Gigabit Ethernet (GE) Monitoring ports on IntruShield sensors are configured to

fail close by default; thus, if the sensor is deployed in-line, a hardware failure results

in network downtime.

Fail-open operation for GE ports requires the use of the

optional external Bypass Switch provided in the Kit.

With the Bypass Switch in place, normal sensor operation supplies power to the

switch via a control cable. While the sensor is operating, the switch is “on” and

routes all traffic directly through the sensor. When the sensor fails, the switch

automatically shifts to a bypass state: in-line traffic continues to flow through the

network link, but is no longer routed through the sensor. Even after the sensor

comes back online, the ports configured as fail-open will remain in 'Bypass' mode

until the user manually puts them back to fail-open.

Caution 1:

Note that sensor outage breaks the link connecting the devices on

either side of the sensor for a brief moment and requires the renegotiation of the

network link between the two peer devices connected to the sensor.

Depending

on the network equipment, this disruption introduced by the renegotiation of the

link layer between the two peer devices may range from a couple of seconds to

more than a minute with certain vendors’ devices.

Caution 2:

A very brief link disruption may also occur while the links between the

sensor and each of the peer devices are renegotiated to place the sensor back in

in-line mode. This outage, again, varies depending on the device, and can range

from a few seconds to more than a minute.

Installation and troubleshooting instructions for the Kit can be found in the Quick

Guide that accompanies the kit. For more information on the Optical kit, see

Gigabit

Optical Fail-Open Bypass Kit Guide.

28

Section	Page
Preface	5
Introducing McAfee IntruShield IPS	5
About this guide	5
Contents of this guide	5
Audience	6
Conventions used in this guide	6
Related Documentation	7
Contacting Technical Support	8
An introduction to IntruShield sensors	9
What is an IntruShield sensor?	9
Sensor functionality	9
Sensor platforms	9
The IntruShield 3000 sensor	10
Ports on the I-3000	10
Front panel LEDs on the I-3000	11
Before you install	14
I-3000 sensor specifications	14
Sensor capacity for I-3000 sensor	15
Network topology considerations	16
Safety measures	17
Working with fiber-optic ports	17
Usage restrictions	18
Unpacking the sensor	18
Contents of sensor box	18
Setting up the I-3000 sensor prior to configuration	20
Setup overview	20
Positioning the I-3000	20
Installing the ears on the chassis	20
► To install the ears on the chassis, follow these steps:	21
Mounting the I-3000 sensor in a rack	21
Installing the I-3000 redundant power supply	22
Installing a power supply	22
► To install a power supply in the I-3000:	22
Removing a power supply	23
► To remove a power supply from the I-3000 (Optional—the power supplies are hot-swappable):	23
Installing SFP modules	24
Installing a SFP module	25
► To install a SFP module with a bail clasp, follow these steps:	25
Removing a SFP module	26
► If you are removing a SFP module with a bail clasp, follow these steps:	26
Connecting copper SFP for 10/100 Fast Ethernet ports	26
To connect a copper SFP	27
To remove a copper SFP	28
Cabling the sensor	28
Powering on the I-3000	28
Powering off the sensor	28
Attaching cables to the I-3000 Sensor	29
Cabling the Console port	29
Cabling the Auxiliary port	29
Cabling the Response ports	30
► To connect the Response port to a network device:	30
Cabling the Fail-Open Control ports	30
Cabling the Management port	31
► To connect the sensor to the ISM server:	31
Cabling the I-3000 Monitoring ports	31
Using peer ports for I-3000	31
Default Monitoring port speed settings for I-3000	32
Cable types for routers, switches, hubs, and PCs	33
Cabling for in-line mode	33
Cabling the I-3000 to monitor in in-line mode	33
► To connect the I-3000's SFP GBIC ports for in-line monitoring:	33
Cabling for Tap mode	34
Cabling the I-3000 SFP ports to monitor in external tap mode	34
► To connect the sensor to the devices you want to monitor in external tap mode:	34
Cabling for SPAN mode	34
Cabling the I-3000 sensor to monitor in SPAN or hub mode	34
► To connect an I-3000 sensor to a SPAN port or Hub:	34
Cabling the failover interconnection ports	34
Cabling I-3000 sensors for Failover	35
► To connect two I-3000s for failover:	35
Using fail-open hardware	36

McAfee IIP-S03K-NA-100I Product Guide - Page 36

Using fail-open hardware

Page 36 highlights