M29 (EOS)

The M29 quick start guide provides guidance for initial deployment, verifying connectivity, and next steps to take after the appliance is connected to your network.

The M29 appliance has reached EOS (End-of-Sale). Please see the appliance EOS / EOL policy for additional details.

Introduction

An M-Series appliance is used in place of a virtual appliance for Vectra Stream deployment. This document is intended to help customers or partners with the initial configuration.

One of the below guides should be the starting point for your overall Vectra deployment:

Full details on firewall requirements for your entire Vectra deployment are available in those guides or in firewall requirements.

After you have completed the initial deployment of your M-Series (Stream) appliance following this guide, you can move on to paring Stream with your Brain appliance. From a pairing perspective, Stream functions similarly to other Vectra physical Sensors. The Stream Deployment Guide covers full deployment details for Vectra Stream. Pairing for all Vectra appliances is also covered in pairing appliances.

Guide for other appliances are located in NDR physical appliances and NDR virtual / cloud appliances.

Package Contents

1 M29 system
1 Rail kit
2 Power supply cords (matching requested type)
1 Vectra bezel
SFPs (matching details of your order)
- See supported SFPs, and QSFPs for details on options.

Physical Connections

X29 pictures are used below (X29 and M29 are identical hardware with different software loads).

Physical Connections Added Guidance

Only the MGT1 port 1 is used for M29 deployment. The M29 does not capture traffic. The M29 receives metadata from the Brain, coverts it to Zeek format, and forwards it to the customer’s data lake or SIEM.
Due to supply chain fluctuations, shipped M29 models with a 4 port ethernet card in place of the 2 port ethernet card shown in the port diagram above.
- These ports were only used for capture and are therefore irrelevant for M29 use since the M29 only performs Stream functionality and does not perform and Sensor functions.
Disks removed from any M29 model can't be read outside of the system they were removed from because of the use of encryption that is specific to each system.
If you have questions about rail installation, watch this video:
- https://www.youtube.com/watch?v=JfOTnRMeE5w

Minimum Connections

Power
- The M29 has two redundant power supplies. It is recommended to connect both.
MGT1 - 1 GbE copper RJ45 (default) or SFP+ 10 GbE
- Either of these ports will need to be configured with an IP address in your network.
- The M47 can be configured by the customer to allow the port labeled as eth0 (10 Gbps SFP+) on the back of the appliance to function as the MGT1 port.
  - See the 10 Gbps MGT1 option below if fiber is required)

10 Gbps MGT1 Option

The M29 can be configured by the customer to allow the port labeled as eth0 (10 Gbps SFP+) on the back of the appliance to function as the MGT1 port. This will not give any performance benefit and is intended for use by customers who do not have any 1 Gbps copper interfaces available for use as the MGT1 interface in the location in which they will deploy the M29 appliance.

Please expand for details if you wish to enable this option:

Please note the following:

It is recommended to use KVM, serial console, MGT2, or iDRAC/IPMI to connect to the appliance command line to make the change because unlike a SSH session, these will be unaffected by the change. See Accessing the CLI for details.
For example, if you were connected to MGT1 in a staging area to make the change before moving into your data center where the 10 Gbps SFP+ was required, when the change is made your session would break and you would need to login again to configure a static address for the new MGT1 port.
After making the change, physical port labels on the back of the appliance would no longer match how Vectra software displays the ports.
- The port physically labeled as MGT1 changes to being unused by the Vectra software.
- The port physically labeled as eth0 becomes MGT1.
- What is physically labeled eth1 becomes eth0, eth2 becomes eth1, and eth3 becomes eth2.
  - These ports are unused in the M29 configuration (there is no traffic capture).
The show interface command at the CLI can be used to show the actual negotiated speed and state of MGT interfaces.

CLI commands to show configured MGT1 interface speed setting and change speed setting:

show management
set management <default|sfp>

Examples:
vscli > show management
Management interface is set to default. See `show interface` for more information.

vscli > set management sfp
vscli > show management
Management interface is set to sfp. See `show interface` for more information.

Accessing the CLI

The Command Line Interface (CLI) of a physical Vectra appliance is accessible in multiple ways. All appliances will not always have all methods available. See physical connections to see the options available for your specific model.

KVM or “crash cart”
Direct connection to "Support" (MGT2) port
iDRAC/IPMI - not all appliance types will have iDRAC/IPMI
MGT1 port once configured
Serial console - only supported officially on S1, S2 (EOL), X29/M29, and the X80 (EOL) appliances.

Once you have connected to the CLI login prompt on the appliance, use the default credentials to login.

Username: vectra and password: changethispassword
- Please change the password immediately after logging in using the set password command.

KVM or “crash cart”

If your appliance has USB and VGA ports, a KVM (Keyboard, Video, Mouse) switch or “crash cart” can be used to connect to the appliance console.

Direct Connection to "Support" (MGT2) Port

A direct connection to the MGT2 port on your appliance.

If you can physically connect to your MGT2 port, then you can direct connect to the MGT2 port via SSH to do the initial configuration.
The appliance MGT2 port is factory configured with a 169.254.0.10/16 (255.255.0.0) address.
Configure your host’s IP to 169.254.0.11 with subnet mask of 255.255.0.0.
Use SSH to connect to the appliance from your host using the default credentials from above.

iDRAC/IPMI

If your appliance has a built in Dell iDRAC / IPMI interface you can access the CLI through it.

Vectra strongly recommends that customers configure iDRAC / IPMI access permanently for all platforms supporting this interface.

Benefits:

Easier access in case of network connectivity issues or DHCP mishaps.
Simpler remote IP address changes.
Reduced resolution time during Vectra support engagements requiring console access.

Please expand for iDRAC/IPMI configuration details:

The default username / password for iDRAC/IPMI is vectra / changethispassword.

To access the interface, point your web browser to http://your_iDRAC_IP

Initially, your iDRAC interface will default to DHCP.

At the login screen enter your credentials:

Click on the Virtual Console:

And you will be presented with a login prompt for the CLI:

To set a static IP for iDRAC you must 1^st be logged in to the CLI of the Sensor as the vectra user:

Command:
show ipmi_interface
 
Example Output:
Gateway: 10.2.0.1
Ip: 10.2.2.32
Mac: d0:94:66:48:0a:ad
Mode: static
Netmask: 255.255.0.0

To set the IPMI / iDRAC interface the command syntax and an example are shown below:

Syntax example:
set ipmi_interface -h
Usage: set ipmi_interface [OPTIONS] [dhcp|static] [IP_ADDRESS] [SUBNET_MASK] [GATEWAY_ADDRESS]
 
Set the ipmi interface config
 
Options:
-h, --help Show this message and exit.
 
Command Example (Static Addressing):
set ipmi_interface static 10.2.2.34 255.255.248.0 10.2.0.1
IPMI Interface Change: success
 
Command Example (DHCP):
set ipmi_interace dhcp
IPMI Interface Change: Success

Serial Console

Serial console is only supported on S1, S2 (EOL), X29/M29, and X80 (EOL) appliances.

If supported on your appliance model, the serial settings should be 115,200, 8, N, 1

115,200 baud data rate
8 data bits
No parity bit
1 stop bit
Do not enable flow control

Initial Network Configuration

DHCP

The appliance can obtain its network configuration from a DHCP server in your network. The MGT1 port functions as a DHCP client by default.

Connect the management port (MGT1) of the appliance to the network switch.
Find the IP address that was assigned to MGT1 from your DHCP server logs.
You can also find the IP address at the CLI of your appliance if you can access it another way .
- Use the show interface command to display the address that was assigned to MGT1 via DHCP once you are logged onto the appliance.
- See Accessing the Command Line Interface (CLI) of the Appliance above for instructions on how to log on).

Static Addressing

Configuration Checklist for Static Addressing

Below is a list of information needed for the initial configuration:

IP address to be used for the MGT1 interface
Default gateway IP address
DNS nameserver IP addresses
- DNS servers for the Sensor must be configured at the CLI if you are not using DHCP. This cannot be done in your Brain.

Setting a Static MGT1 IP Address

Once logged in to the appliance you can view the syntax for the "set interface" command:

set interface -h
Usage: set interface [OPTIONS] {mgt1|mgt2} {dhcp|static} [IP] [SUBNET_MASK]
                     [GATEWAY_ADDRESS]
 
  Sets network interfaces to either dhcp or static ip configuration
 
Options:
  -h, --help  Show this message and exit.

Setting the IP address example:

set interface mgt1 static 10.50.10.10 255.255.255.0 10.50.10.1

IPv6 Support:

IPv6 is supported for the MGT1 and MGT2 interfaces. For full details, including information regarding dual stack support, please IPv6 Management Support for Vectra Appliances on the Vectra support portal. Below we will show how to enable IPv6 support (its off by default) and the syntax to use when setting an IPv6 address.

To enable/disable IPv6 support:

# show ipv6 enabled
IPv6 is disabled
 
# set ipv6 enabled
Response: ok
 
# show ipv6 enabled
IPv6 is enabled
 
# set ipv6 disabled
Response: ok

Setting IPv4 and IPv6 syntax examples:

Execute the following command to set the MGT1 or MGT2 (a gateway address cannot be configured for MGT2, the gateway on MGT1 will be used) interface to the desired static IP address:

IPv4 Syntax:
set interface mgt1 static x.x.x.x y.y.y.y z.z.z.z
set interface mgt2 static x.x.x.x y.y.y.y
 
Where:
x.x.x.x is the desired interface IP address
y.y.y.y is the desired interface network mask
z.z.z.z is the desired gateway
 
IPv6 Syntax:
set interface mgt1 static [IPv6 IP] [Subnet Mask] [Gateway]
 
Example:
set interface mgt1 static 2001:0db8:0:f101::25 64 2001:0db8:0:f101::1

Configuring DNS for the appliance:

Command syntax to set DNS (up to 3 nameservers are supported):

set dns [nameserver1 <ip>] [nameserver2 <ip>] [nameserver3 <ip>]

Configuring DNS Example:

set dns 10.50.10.101 10.50.10.102

Verifying DNS Configuration:

show dns

Verifying your Connectivity:

Once you have configured an IP statically or via DHCP you can verify connectivity by pinging known IPs in your environment from the CLI with the debug ping command.

If your Stream appliance is already configured with an IP, it is recommended to ping the Brain IP to verify reachability before attempting pairing. Stream must have port 22 and 443 open from the applaince to your Brain for successful pairing and ongoing communication. Connectivity can be tested with the debug connectivity command.

For more detail, please see Checking brain or sensor network connectivity.

Example:

vscli > debug connectivity -h
Usage: debug connectivity [OPTIONS] HOST PORT
 
Test TCP connectivity to destination host or IP through proxy if configured
 
Options:
--bypass-proxy / --dont-bypass-proxy
Bypass proxy while testing connectivity if
proxy is configured
--ssl / --no-ssl Test connectivity to host using SSL
--timeout FLOAT Seconds to attempt a connection to host and
proxy if configured [default: 5]
-h, --help Show this message and exit.
 
vscli > debug connectivity yourbrainIP.customernetwork.com 443 –no-ssl
Connectivity: Success
Proxy: False
SSL: False

Next Steps

Brain and Stream Communications Requirements

A Stream appliance can pair with any Vectra Brain type. For example, the Brain can be a physical appliance, a Brain deployed in a IaaS cloud, or a Brain deployed in a traditional hypervisor environment on customer premises.

Stream must be able to reach the Brain over the below ports. It is recommended to enable these ports bidirectionally to aid in troubleshooting.

TCP/443 (HTTPS) - Used for Stream discovery and initial pairing connection.
TCP/22 (SSH) - Used for Paired Stream connections.

Additionally, for online pairing (physical Stream only), both Stream and the Brain must be able to communicate with:

update2.vectranetworks.com or 54.200.156.238 over TCP/443 (HTTPS)

Please work with your security and networking contacts to ensure that Stream will be able to initiate a connection to the Brain. Stream only communicates with the Vectra Brain (and configured downstream data lake or SIEM) and does not need to communicate to Vectra directly. Software updates for Stream will come from the Brain.

For full details on all potential firewall requirements in Vectra deployments, please see firewall requirements.

Pairing Stream to the Brain

After base configuration, it is suggested to pair Stream with your Brain appliance.

Pairing appliances covers pairing of all physical Vectra appliances.

Worldwide Support Contact Information

Support portal: https://support.vectra.ai
Email: [email protected] (preferred contact method)
Additional information: https://www.vectra.ai/support

PreviousM47 NextNDR virtual / cloud appliances

Last updated 12 days ago

Was this helpful?

Good evening

hashtagIntroduction

hashtagPackage Contents

hashtagPhysical Connections

hashtagPhysical Connections Added Guidance

hashtagMinimum Connections

hashtag10 Gbps MGT1 Option

hashtagAccessing the CLI

hashtagKVM or “crash cart”

hashtagDirect Connection to "Support" (MGT2) Port

hashtagiDRAC/IPMI

hashtagSerial Console

hashtagInitial Network Configuration

hashtagDHCP

hashtagStatic Addressing

hashtagConfiguration Checklist for Static Addressing

hashtagSetting a Static MGT1 IP Address

hashtagIPv6 Support:

hashtagConfiguring DNS for the appliance:

hashtagVerifying your Connectivity:

hashtagNext Steps

hashtagBrain and Stream Communications Requirements

hashtagPairing Stream to the Brain

hashtagWorldwide Support Contact Information