Vectra X29 Appliance

Quick Start Guide

Vectra X29 Appliance

Quick Start Guide
Version: March 12, 2025

Table of Contents
Introduction ...........................................................................................................................................2
Package Contents .................................................................................................................................2
Physical Connections (and disk numbering) ...................................................................................2
Connections Required for Initial Configuration of MGT1 Port ................................................................ 3
Additional Cabling/Racking Notes of Interest ............................................................................................ 3
X29 Initial Configuration ......................................................................................................................4
Accessing the Command Line Interface (CLI) of the X29 Appliance...................................................... 4
KVM or “crash cart” ....................................................................................................................................................... 4
Serial Console ............................................................................................................................................................... 4
Support (MGT2) Port ..................................................................................................................................................... 4
MGT1 Port Once Configured ........................................................................................................................................ 4
iDRAC/IPMI.................................................................................................................................................................... 4
DHCP Quick Start ........................................................................................................................................... 6
10 Gbps MGT1 Option .................................................................................................................................... 6
Static Addressing Quick Start ...................................................................................................................... 7
Configuration Checklist for Static Addressing .............................................................................................................. 7
Setting a Static MGT1 IP Address ................................................................................................................................ 7
Proxy Support ................................................................................................................................................. 8
Verifying your Connectivity: ...............................................................................................................9
Logging in to the GUI (not available in Sensor mode) ................................................................ 10
Next Steps ........................................................................................................................................... 10
Worldwide Support Contact Information ....................................................................................... 10

© 2022 Vectra AI, Inc. All rights reserved.

 Vectra X29 Appliance
Quick Start Guide

Introduction

This document is intended to help customers or partners with the initial configuration of Vectra X29 appliances. This
is limited to basic network connectivity. The X29 appliance can be used in Vectra AI Platform deployments that use
either the Respond UX or the Quadrant UX. The Respond UX is served from Vectra’s cloud and the Quadrant UX is
served locally from the Brain appliance. For more detail on Respond UX vs Quadrant UX please see Vectra Analyst
User Experiences (Respond vs Quadrant).
The X29 appliance can be deployed in 3 modes (Brain, Sensor, or Mixed). Modes are discussed further in the
deployment guide for your chosen UX. The initial setup of the networking connectivity for the X29 will be nearly
identical for all 3 modes. The only difference will be that for an X29 in Sensor mode, the DNS settings can only be
configured at the command line. For Brain or Mixed mode deployment, DNS can be configured at the command line
or in the GUI. One of the below guides should be the starting point for your overall Vectra deployment:
 Vectra Respond UX Deployment Guide
 Vectra Quadrant UX Deployment Guide

Either of the above guides cover basic firewall rules needed for the deployment and initial platform settings. Virtual
Sensor (VMware, Hyper-V, KVM, AWS, Amazon, and GCP) configuration and pairing and covered in their respective
guides. Physical appliance pairing is covered in the Vectra Physical Appliance Pairing Guide. Please see the Vectra
Product Documentation Index on the Vectra support site for additional documentation including deployment guides for
CDR for M365 / IDR for Azure AD and CDR for AWS.

Package Contents
 1 X29 system
 1 Rail kit
 2 Power supply cords (matching requested type)
 1 Vectra bezel
 SFPs (matching details of your order)

Physical Connections (and disk numbering)

© 2022 Vectra AI, Inc. All rights reserved.

 Vectra X29 Appliance
Quick Start Guide

Connections Required for Initial Configuration of MGT1 Port

 Power
o The X29 has two redundant power supplies. It is recommended to connect both.
 MGT1 - RJ-45 ethernet (1 Gbps copper)
o This is the port that will need to be configured with an IP address in your network.
 MGT1 - SFP+ 10 Gbps
o The X29 can be configured by the customer to allow the port labeled as eth0 (10 Gbps SFP+) on the
back of the appliance to function as the MGT1 port.
o To make this modification, you must be logged in to the appliance via one of the methods below.
o Please see 10 Gbps MGT1 Option below for details on how to enable this.
 One of the following to configure MGT1:
o KVM or Crash Cart using USB Keyboard / VGA Monitor
o Serial console cable with 115,200 baud, 8 data bits, no parity bit, one stop bit and no flow control
o Host directly connected with ethernet cable to MGT2
o iDRAC/IPMI console access
o DHCP

Additional Notes of Interest

 Due to supply chain fluctuations, Vectra has begun to ship X29 models with a 4 port ethernet card in place of
the 2 port ethernet card shown in the port diagram above.
o Both 2 port and 4 port capture cards perform identically from a performance perspective.
o For customers with 4 port capture cards, the left two ports are unused, and the right two ports are
eth3, and eth2 (from left to right).
 Disks removed from any X29 model can't be read outside of the system they were removed from because of
the use of encryption that is specific to each system.
 If you have questions about rail installation, watch this video:
o https://www.youtube.com/watch?v=JfOTnRMeE5w
 If an X29 is used in Mixed mode or Sensor mode, the capture ports are supported for out of band deployment
only. There is no inline mode for X29 hardware.
o Traffic will generally be forwarded to the X29 via SPAN/COPY/MIRROR, network taps, or packet
brokers.
 If deployed in Sensor mode, once paired to your Brain, traffic seen on the capture ports will be converted to
metadata that will be forwarded to the Brain for processing.
o If capture ports are connected before pairing is completed, the Sensor will not buffer any traffic for
processing.
 For additional guidance regarding SPAN/COPY/MIRROR, network tap, or packet broker use, please see the
following article on the Vectra support site:
o Asymmetry concerns in Vectra sensor feeds

© 2022 Vectra AI, Inc. All rights reserved.

 Vectra X29 Appliance
Quick Start Guide

X29 Initial Configuration

Accessing the Command Line Interface (CLI) of the X29 Appliance

 !! Please note that it can take 10-15 minutes for the X29 appliance to fully boot.
 !! Please note that if the CLI does not come up immediately using one of the methods below, it may be
necessary to press Ctrl + Alt + F1-F7 to make the CLI appear.

The CLI of the X29 appliance is accessible in multiple ways

 KVM or “crash cart”
 Serial console
 Support (MGT2) port
 MGT (MGT1) port once configured
 iDRAC/IPMI

Once you have connected to the CLI login prompt on the appliance, use the default credentials to login.
 Username: “vectra” and password: “changethispassword”
o Please change the password immediately after logging in using the “set password” command.

KVM or “crash cart”

KVM (Keyboard, Video, Mouse) switches or “crash carts” using USB keyboard and VGA monitor can be used.

Serial Console
Use the terminal program of your choice with the serial port settings configured to 115200 baud, 8 data bits, no parity
bit, one stop bit, and no flow control.

Support (MGT2) Port

Use an ethernet cable connected directly between your computer and the X29 appliance.
 The X29 MGT2 port is factory configured with a 169.254.0.10/16 (255.255.0.0) address.
 Configure your host’s IP to 169.254.0.11 with subnet mask of 255.255.0.0.
 Use SSH to connect to the X29 from your host using the default credentials from above.

MGT1 Port Once Configured

After the MGT1 port has been configured with an IP address that is reachable in your environment, the CLI is
accessed via SSH using the “vectra” username and the password you have configured or the default password if
you have not changed it yet. If your X29 already has an IP from DHCP, you can change to static assignment using
the instructions further below in Static Addressing Quick Start.

iDRAC/IPMI
The X29 has a Dell iDRAC / IPMI interface. The default username / password is “vectra” / “changethispassword”.
Vectra strongly recommends that customers configure iDRAC / IPMI access permanently for all platforms supporting
this interface. Some benefits are:
 Easier access in case of network connectivity issues or DHCP mishaps.
 Simpler remote IP address changes.
 Reduced resolution time during Vectra support engagements requiring console access.
© 2022 Vectra AI, Inc. All rights reserved.
 Vectra X29 Appliance
Quick Start Guide

To access the interface, point your web browser to http://you_iDRAC_IP.

 Initially, your iDRAC interface will default to DHCP. To set a static IP, see the instructions further below.

At the login screen enter your credentials: Click on the “Virtual Console”:

And you will be presented with a login prompt:

To set a static IP for iDRAC you must 1st be logged in to the CLI of the X29 as the “vectra” user:
Command:
show ipmi_interface

Example Output:
Gateway: 10.2.0.1
Ip: 10.2.2.32
Mac: d0:94:66:48:0a:ad
Mode: static
Netmask: 255.255.0.0
To set the IPMI / iDRAC interface the command syntax and an example are shown below:
Syntax Example:
set ipmi_interface -h
Usage: set ipmi_interface [OPTIONS] [dhcp|static] [IP_ADDRESS] [SUBNET_MASK] [GATEWAY_ADDRESS]

Set the ipmi interface config

Options:
-h, --help Show this message and exit.

Command Example (Static Addressing):

set ipmi_interface static 10.2.2.34 255.255.248.0 10.2.0.1
IPMI Interface Change: success

Command Example (DHCP):

set ipmi_interace dhcp
IPMI Interface Change: Success
© 2022 Vectra AI, Inc. All rights reserved.
 Vectra X29 Appliance
Quick Start Guide

DHCP Quick Start

The X29 appliance can obtain its network configuration from a DHCP server in your network. The MGT1 port
functions as a DHCP client by default.

 Connect the management port (MGT1) of the appliance to the network switch.
 You can find the IP address that was assigned to MGT1 from your DHCP server logs.
 You can also sse the "show interface" command to display the address that was assigned via DHCP once
you are logged onto the appliance (see “Accessing the Command Line Interface (CLI) of the X29 Appliance”
above for instructions on how to log on).
 You can also find the IP address by logging into the Brain, navigating to Manage > Sensors, selecting your
X29 appliance and making note of the IP that the Brain is seeing it available for pairing from.

10 Gbps MGT1 Option

The X29 can be configured by the customer to allow the port labeled as eth0 (10 Gbps SFP+) on the back of the
appliance to function as the MGT1 port. This will not give any performance benefit and is intended for use by
customers who do not have any 1 Gbps copper interfaces available for use as the MGT1 interface in the location in
which they will deploy the X29 appliance. Please note the following:
 Making this change will reduce the number of capture ports on the X29 appliance to 3 (1x10 Gbps SFP+ and
2x1 Gbps copper interfaces) because one of the 10 Gbps SFP+ ports is now used for MGT1.
 It is recommended to use KVM, serial console, MGT2, or iDRAC/IPMI to connect to the appliance command
line to make the change because these will be unaffected by the change. For example, if you were
connected to MGT1 in a staging area to make the change before moving into your data center where the 10
Gbps SFP+ was required, when the change is made your session would break and you would need to login
again to configure a static address for the new MGT1 port.
 After making the change, physical port labels on the back of the appliance would no longer match how Vectra
software displays the ports.
o The port physically labeled as MGT1 changes to being unused by the Vectra software.
o The port physically labeled as eth0 becomes MGT1.
o What is physically labeled eth1 becomes eth0, eth2 becomes eth1, and eth3 becomes eth2.
 The “show interface” can be used to show the actual negotiated speed and state of MGT interfaces.

Commands to show configured MGT1 interface speed setting and change speed setting:

show management
set management <default|sfp>

Examples:
vscli > show management
Management interface is set to default. See `show interface` for more information.
vscli > set management sfp
vscli > show management
Management interface is set to sfp. See `show interface` for more information.

 Please note that after the change is made it will take up to a minute for the cli command “show traffic
stats” to accurately reflect the reduced number of capture ports and the new eth numbering assignments.
 It will take the GUI around 5 minutes to accurately reflect the reduced number of capture ports and the new
eth numbering assignments.
© 2022 Vectra AI, Inc. All rights reserved.
 Vectra X29 Appliance
Quick Start Guide

Static Addressing Quick Start

Configuration Checklist for Static Addressing

Below is a list of information needed for the initial configuration:
 IP address of the Sensor
 Default gateway address
 DNS nameserver(s)
o If the X29 is deployed in Brain or Mixed mode, DNS can be set at the command line or in the GUI.
When deployed as a Sensor, DNS must be set at the command line only.

Setting a Static MGT1 IP Address

Once logged in to the appliance you can view the syntax for the "set interface" command:
set interface -h
Usage: set interface [OPTIONS] [mgt1] [dhcp|static] [IP] [SUBNET_MASK]
[GATEWAY_ADDRESS]

Sets mgt1 to either dhcp or static ip configuration

Options:
-h, --help Show this message and exit.

Setting the IP address example:

set interface mgt1 static 10.50.10.10 255.255.255.0 10.50.10.1

IPv6 Support
In v8.5 and higher of Vectra software, IPv6 is supported for the MGT1 and MGT2 interfaces. For full details, including
information regarding dual stack support, please IPv6 Management Support for Vectra Appliances on the Vectra
support portal. Below we will show how to enable IPv6 support (its off by default) and the syntax to use when setting
an IPv6 address.

To enable/disable IPv6 support

# show ipv6 enabled
IPv6 is disabled

# set ipv6 enabled

Response: ok

# show ipv6 enabled

IPv6 is enabled

# set ipv6 disabled

Response: ok

Setting IPv4 and IPv6 syntax examples:

Execute the following command to set the MGT1 or MGT2 (a gateway address cannot be configured for MGT2, the
gateway on MGT1 will be used) interface to the desired static IP address:
© 2022 Vectra AI, Inc. All rights reserved.
 Vectra X29 Appliance
Quick Start Guide

IPv4 Syntax:
set interface mgt1 static x.x.x.x y.y.y.y z.z.z.z
set interface mgt2 static x.x.x.x y.y.y.y

Where:
x.x.x.x is the desired interface IP address
y.y.y.y is the desired interface network mask
z.z.z.z is the desired gateway

IPv6 Syntax:
set interface mgt1 static [IPv6 IP] [Subnet Mask] [Gateway]

Example:
set interface mgt1 static 2001:0db8:0:f101::25 64 2001:0db8:0:f101::1

Configuring DNS for the appliance:

Command syntax to set DNS (up to 3 nameservers are supported):
set dns [nameserver1 <ip>] [nameserver2 <ip>] [nameserver3 <ip>]

Configuring DNS Example:

set dns 10.50.10.101 10.50.10.102

Verifying DNS Configuration:

show dns

 Instructions for configuring the DNS settings using the management GUI can be found in Vectra Respond UX
Deployment Guide or Vectra Quadrant UX Deployment Guide.

Proxy Support
If a proxy is required in your environment to communicate with Vectra when deployed in Brain or Mix mode, in
versions 7.9 and above, this can be set at the CLI of your Brain. When used as a Sensor, if a proxy is required in
your environment to reach Vectra’s Updater service (update2.vectranetworks.com or 54.200.156.238), you will need
to manually set the Brain IP or hostname when attempting pairing with your Brain because setting a proxy is not
supported on Sensor appliances. Instructions for pairing, including setting the Brain IP or hostname are in the
Physical Appliance Pairing Guide.
Login to your Brain’s CLI is done using the “vectra” user account. The default password is
“changethispassword” for a newly deployed Brain. For Brains deployed in IaaS clouds (AWS, Azure), part of the
deployment process includes creating an SSH key pair for login as the “vectra” user. The deployment guides for
Brains in IaaS clouds include instructions for how to create and use those key pairs to log in to the Brain’s CLI.
 Proxy commands (v7.9+)
o “show proxy”
o “set proxy config [IP or Hostname] [port] [USERNAME] [PASSWORD]”
o “set proxy enable [on|off]”
o Any of these with “-h” option will show command help with syntax.

© 2022 Vectra AI, Inc. All rights reserved.

 Vectra X29 Appliance
Quick Start Guide

Examples:
vscli > set proxy config 1.1.1.1 80 testuser testpass
Saving proxy config...
Proxy config updated

vscli > show proxy

Enabled: True
Host: 1.1.1.1
Port: 80
Authentication:
Authentication enabled: True
User: testuser
Password: **********
Method: basic

vscli > set proxy enable on

Updating proxy config...
Proxy enabled

Verifying your Connectivity:

Once you have configured an IP statically or via DHCP you can verify connectivity by pinging known IPs in your
environment from the CLI (use the “debug ping” command). If your Brain is already configured with an IP, it is
recommended to ping the Brain IP to verify reachability before attempting pairing. Sensors must have port 22 and
443 open from the Sensor to your Brain for successful pairing and ongoing communication. It is recommended to
make this rule bidirectional in case Vectra support ever needs to reach your Sensor from the Brain for
troubleshooting.
 To validate that you can connect to Vectra services, it is also recommended to use the “debug
connectivity” command at your Brain’s CLI to check connectivity to the following endpoints (additional
detail can be found in your deployment guide):
o update2.vectranetworks.com
o api.vectranetworks.com
o Vectra Cloud Gateways that correspond to the region your tenant is deployed in when using the
Respond UX (see the Vectra Respond UX Deployment Guide for more details)
o rp.vectranetworks.com
o rs.vectranetworks.com
vscli > debug connectivity -h
Usage: debug connectivity [OPTIONS] HOST PORT

Test TCP connectivity to destination host or IP through proxy if configured

Options:
--bypass-proxy / --dont-bypass-proxy
Bypass proxy while testing connectivity if
proxy is configured
--ssl / --no-ssl Test connectivity to host using SSL
--timeout FLOAT Seconds to attempt a connection to host and
proxy if configured [default: 5]
-h, --help Show this message and exit.

vscli > debug connectivity api.vectranetworks.com 443 --ssl

Connectivity: Success
Proxy: False
SSL: True

© 2022 Vectra AI, Inc. All rights reserved.

 Vectra X29 Appliance
Quick Start Guide

Logging in to the GUI (not available in Sensor mode)

Quadrant UX Only:
Once an IP has been configured for the MGT1 interface of your Brain, you can access it using a modern browser
such as Edge, Chrome, or Safari at https://configured_IP or the hostname if you have configured a hostname in your
DNS for the Brain. The GUI can also be accessed via MGT2 at https://169.254.0.10 via direct connection. The
default username is “admin” and the default password is “changethispassword” .
Please note that by default, Vectra uses a self-signed certificate to secure the user interface. As a result, the
certificate causes SSL warning in most web browsers. Instructions for how to replace this with a customer-provided
signed certificate can be found in the following Vectra support portal article:

Applies to both the Respond UX and the Quadrant UX:

After logging in to the GUI (for the Respond UX you will login to your Vectra tenant you received a welcome letter for),
it is recommended to immediately change the “admin” password.
 Navigate to “My Profile” on the left-hand side of the screen
 Click on “Change Password” in the username/password area, fill in and save the form
 Password requirements - must be at least 8 characters long and contain at least
o 1 digit (0-9), 1 upper case letter (A-Z), 1 lower case letter (a-z)
o One symbol (~!@#$%^&*_-+=`| \ ( ){ }[ ]:;”’<>,.?/)

Next Steps
 Sensors do not have a GUI interface.
o Most management of Sensors is done via the GUI (Respond UX or Quadrant UX).
▪ Except for setting DNS, which is done at the CLI of the Sensor.
 You may need to configure additional Sensors, or you may want to move on to pairing your Sensor with your
Brain
o The Vectra Physical Appliance Pairing Guide covers pairing of all physical Vectra appliances.
 Once pairing is completed, you can direct traffic to the capture interfaces to begin supplying your platform the
network metadata required for processing.
o The “show traffic stats” command, available at the Sensor’s CLI, may be useful to see if your
traffic capture is successful before you can see the traffic graphs in your GUI.
▪ Traffic Graph showing no traffic (0 Mbps)
o Some guidance on what traffic you should capture is available in this Vectra Support article:
▪ Vectra AI Platform Deployment Traffic Recommendations

Worldwide Support Contact Information

 Support portal: https://support.vectra.ai
 Email: support@vectra.ai (preferred contact method)
 Additional information: https://www.vectra.ai/support

© 2022 Vectra AI, Inc. All rights reserved.