Installing and Configuring External Storage
This section describes how to manually prepare your external iSCSI storage information to work with Packet Analyzer. It contains the following topics:
Configuring the iSCSI Array
Use your vendor's user guide to ensure you have properly configured the iSCSI array. The Packet Analyzer is independent of most array settings, but some are important for accessibility and performance.
Step 1 To configure the Logical Unit Numbers (LUNs) on the array, there is often a Segment Size setting. Larger segment sizes can improve write speeds. Configure the Segment Size setting to use the largest possible segment size (up to 512KB).
Multiple LUNs can be configured on a single array.
Step 2 Map the LUNs to iSCSI Qualified Names (IQNs) on the array. Each IQN represents a different list of LUNs for hosts (such as the Packet Analyzer) to access.
Step 3 The Packet Analyzer supports up to 32 LUNs between all protocols. Multiple LUNs can be mapped to one IQN.
Step 4 The Packet Analyzer also has an IQN, which represents the host side of an iSCSI session. Be sure you map each Packet Analyzer’s IQN to the LUNs for host read-write access. Most storage arrays require this for security reasons, to ensure that only certain hosts can access the LUNs. Each Packet Analyzer has a unique IQN, so perform this step for each Packet Analyzer that requires access and for each target LUN that is to be accessed. For more details about which CLI command to use, see Locating the Packet Analyzer IQN.
Step 5 Set the IP path to the Packet Analyzer management port. For details, see Connecting the Storage Array.
Locating the Packet Analyzer IQN
To find the Packet Analyzer IQN, use the remote-storage iscsi local-iqn CLI command:
root@secpa.domain# remote-storage iscsi local-iqn
Local iSCSI Qualified Name: iqn.1967-04.com.cisco:SEC-PA-2400-K9.00:19:55:07:15:9A
Connecting the Storage Array
After you configure the iSCSI storage arrays, be sure that it has an IP path to the Packet Analyzer management port. The array can be connected while the Packet Analyzer is running.
Some arrays come with multiple storage controller modules. As a security feature, module ownership must often be mapped to each LUN.
The Packet Analyzer logs into the storage to start an iSCSI session using the IP address and IQN(s) of the storage array. To connect the storage array using the user interface, follow these steps:
Step 1 Log into the Packet Analyzer web interface. To access the Data Storage page, select Capture > Packet Capture/Decode > Data Storage.
Step 2 Click the iSCSI Login button and enter the target IP and IQN.
The storage table refreshes with the newly discovered LUNs.
If the LUNs do not appear:
a. Check remote-storage iscsi list to verify the iSCSI session was properly started.
The follow example shows how to verify the iSCSI session.
root@secpa.domain# remote-storage iscsi list
Target IQN: iqn.2015-04:celermas.target18
tcp: [8] 172.20.10.82:3260,1 iqn.2015-04:celermas.target18
The LUN number (in the above example, LUN 4) can help you identify one LUN from others of the same IQN. This number is unique to each IQN, meaning two LUNs from different IQNs can have the same number.
b. If the iSCSI session was properly started, check the storage array configuration to verify that:
- The LUNs are mapped to the target IQN, and
- The Packet Analyzer IQN has been given Read/Write access to the LUNs.
c. If you make any configuration changes, logout of the iSCSI session and login again. To logout, use the CLI remote-storage iscsi logout. If the LUNs appear on the user interface, you can select one of them and click iSCSI Logout. All LUNs mapped to that target IQN will be disconnected.
You can now use the iSCSI external storage from within the Packet Analyzer. For more information, see the Cisco Security Packet Analyzer Software User Guide.