반응형

GigaSALES Certification Test

The "FM" in GigaVUE-FM  stands for______________
Facility Maintenance
Functional Module
Fabric Manager
Frequency Modulation

What solution from Use Case 8: Network Detection and Response would solve a customer's pain of being unable to investigate incidents quickly  enough due to excessive alert fatigue and false positives/negatives?
Intelligent visibility nodes (H Series)
V Series for OpenStack
Gigamon Insight (v)

Who manages the Deal Registration approval process at Gigamon?
Channel Account Manager (CAM)
Regional Vice President (RVP)
Business Development Representative (BDR)
Regional Sales Director (RSD) (v)

All support renewal quotes to the active partner who sold the original purchase or the last renewal will reflect the deal registration discount automatically.
True

In situations where Gigamon has identified an opportunity before it has been registered by a Gigamon Partner (Channel Assist Situations), Gigamon will attempt to award the deal to the incumbent partner.
True

Accelerated threat hunting, investigation, and response is a value driver for Enterprise Security Operations which ___________ Mean Time to Detect (MTTD) and ____________ Mean Time to Respond (MTTR).
Increases, increases
Reduces, increases
Reduces, reduces (v)

To properly identify solid opportunites, we must have a solid understanding of a customer's____________.
Priorities
Budget
Business Problems
Current Environment
Organizational Structure

How long are registrations valid after original approval?
3 months (v)
6 months
9 months
1 year

The Gigamon model can be summarized by the phrase, "See, Secure, and Empower"
True

Which of the following is NOT one of the most expressed customer challenges, or "I want to's"?
I want to maintain security during infrastructure transformation
I want to enhance service provider infrastructure visibility
I want to gain visibility across my entire infrastructure
None of the above (v)

Channel Assist Deal Registration: A deal registration where the partner has identified a viable deal and submitted via the Gigamon Partner Portal for review before Gigamon was aware of the opportunity.
False

Deal Registration may not be combined with other discount or promotions.
True

A Chief Information Officer and a Network Architect would both be primary target prospects of what customer buyer persona?
Enterprise Network and IT Operations (v)
Enterprise Security Operations
Service Provider Network Operations

Some of the major long term consequences posed by ad hoc deployment of security tools include lost time, contention for traffic,  and added complexity.
True

The Gigamon Visibility Platform's benefits can be categorized based on challenges faces by specific teams. Which of the following is NOT one of these teams?
Cloud Operations
Administrative Operations (v)
Enterprise Network IT Operations
Enterprise Security Operations

Which of the following is NOT a defensible differentiator of Gigamon solutions?
One complete platform for access to data anywhere
No interoperability permitted between Gigamon and security vendors (v)
Tangible and prompt return on investment
Market leader in network visibility solutions

What is the target SLA for Deal Registration approvals?
24 hours
1 calendar week
2 business days (v)
5 business days

A prospective Enterprise Network Operations customer claims that low-risk, high-volume traffic is hogging their limited tool capacity leading to reduced visibility and detection. Which use case would this customer pain fall under?
Use Case 4: Encrypted Traffic Management (TLS Decryption)
Use Case 6: Extract network Metadata to Optimize SIEMs
Use Case 7: Leverage Application Intelligence to Optimize Tool Stack

What Catalyst partner levels qualify to register deals? Select all that apply
Elemental
Silver (v)
Gold (v)
Platinum (v)

Which of the following are the characteristics of an ideal Gigamon customer?
Looking to modernize their IT environment (v)
Going through new data center build-outs or network upgrades (v)
Looking to simplify their approach to accessing, controlling, and securing data (v)
Unconcerned about their ability to grow operating budgets in line with the complexity of their environments
Wanting to exploit a new market
Integrating new executive management members

Categorizing an ideal buyer as one of the customer personas is a useful step in qualifying opportunities.
True

In situations where Gigamon has identified an opportunity before any partner has submitted it via the partner portal and Gigamon then brings the deal to a parter - the partner should still submit a Deal Registration.
False

Which of the following are reasons that customers choose Gigamon?
Unique approach to visibility (v)
#1 market share leader in network visibility (v)
Trusted in the most demanding organizations (v)
Technology alliance partner ecosystem (v)
Channel Strategy

Which of the following are major concerns with today's corporate network infrastructure? (Select 3)
Applications distributed across sites (v)
Well-defined boundaries
Unmanaged devices (v)
Rise of digital transformation projects (v)

The most effective way to use the use cases is to identify specific customer needs and focus early conversations on the subset of use cases that can address those needs.
True

 

 

반응형
반응형

Could you please share us the below listed information to proceed further on this case.

“show diag detail” output.
Sysdump
Log files upload all

How to collect Sysdump:
Example :
FreeUser-10-4 [default: master] # debug generate dump
Generated dump sysdump-FreeUser-10-4-20190410-060522.tgz.gpg

MSWMN14GLBS102 (config) # show file debug-dump
sysdump-MSWMN14GLBS102-20120412-123916.tgz.gpg
sysdump-FreeUser-10-4-20190410-060522.tgz.gpg

MSWMN14GLBS102 (config) # file debug-dump upload sysdump-FreeUser-10-4-20190410-060522.tgz.gpg scp://root:mypass@10.126.44.95/mydebug.tgz.gpg

How to collect “log files”:
MSWMN14GLBS102 (config) # log files upload all scp://root:mypass@10.126.44.95/mydebug.tgz.gpg

 

 

반응형
반응형

To set up GRIP successfully, it is advised that you check the inline functions of each HC2 separately.

https://gigamoncp.force.com/partnercommunity/s/article/HC2-GRIP-Configuration-example#loaded

A. Set up Primary without GRIP
a. ensure secondary is wire only (i.e physical bypass = enable)
b. take primary out of bypass, configure all ports and forward inline traffic to inline tool

On secondary: inline-network alias default_inline_net_1_1_4 physical-bypass en

On primary:
port 1/1/x23..x24 params admin enable
port 1/1/x8..x9 type inline-tool
port 1/1/x8..x9 params ad en

inline-network alias default_inline_net_1_1_4 traffic-path to-inline-tool

inline-tool alias IT-01 pair tool-a 1/1/x8 and tool-b 1/1/x9
inline-tool alias IT-01 failover-action tool-bypass
inline-tool alias IT-01 enable
c. Forward traffic to the inline tool for inspection:
map-passall alias IL-to-tool-Grip
from default_inline_net_1_1_4
to IT-01
exit

inline-network alias default_inline_net_1_1_4 physical-bypass disable

Confirm set up on primary using show port params and show port stats

B. Set up Secondary without GRIP
a. Set primary as wire only (i.e physical bypass = enable)
On primary: inline-network alias default_inline_net_1_1_4 physical-bypass en

On secondary:
port 1/1/x23..x24 params admin enable
inline-network alias default_inline_net_1_1_4 traffic-path to-inline-tool

port 1/1/x2..x3 type inline-tool
port 1/1/x2..x3 params ad en
inline-tool alias IT-02 pair tool-a 1/1/x2 and tool-b 1/1/x3
inline-tool alias IT-02 failover-action tool-bypass
inline-tool alias IT-02 enable

map-passall alias IL-to-tool-GripSecondary
from default_inline_net_1_1_4
to IT-02
exit

inline-network alias default_inline_net_1_1_4 physical-bypass disable

Again, confirm configuration by using show port params and show port stats

C. Configure redundancy profiles and signal links.

i. Enable bypass on both
[primary] inline-network alias default_inline_net_1_1_4 physical-bypass en
[secondary] inline-network alias default_inline_net_1_1_4 physical-bypass en

ii. Configure GRIP Redundancy profiles and check signal link
Note: signal link on primary is 1/x7, on secondary, it is x4

Primary:
port 1/1/x7 type stack
port 1/1/x7 params admin en

redundancy-profile alias RP-01
protection-role primary
signaling-port 1/1/x7
exit

Secondary:
port 1/1/x4 type stack
port 1/1/x4 params admin en

redundancy-profile alias RP-02
protection-role secondary
signaling-port 1/1/x4
exit

D. Turn off LFP, Assign Redundancy Profile (RP) to Inline Network ports on both chassis
[primary]
no inline-network alias default_inline_net_1_4_4 lfp en
inline-network alias default_inline_net_1_1_4 physical-bypass disable
inline-network alias default_inline_net_1_1_4 redundancy-profile RP-01
[secondary]
no inline-network alias default_inline_net_1_4_4 lfp en
inline-network alias default_inline_net_1_1_4 physical-bypass disable
inline-network alias default_inline_net_1_1_4 redundancy-profile RP-02
ADDITIONAL NOTES
Once the redundancy profile has been applied, the physical bypass state is controlled by software

Commands for checking status;
[Primary]
show inline-network alias default_inline_net_1_1_4
show port stats p 1/1/x23,1/1/x8,1/1/x9,1/1/x24
show port params p 1/1/x23,1/1/x8,1/1/x9,1/1/x24

[Secondary]
show inline-network alias default_inline_net_1_1_4
show port params p 1/1/x23,1/1/x2,1/1/x3,1/1/x24
show port stats p 1/1/x23,1/1/x2,1/1/x3,1/1/x24

Note: Note that in this example, link fail propagation (LFP) is disabled to reduce inlinennetwork recovery time after failover.
When GRIP is deployed with high availability networks where a second path is present, it is a best practice to leave LFP enabled.

 

 

반응형
반응형

ASF (Buffered) Email Attachment Content-Disposition 1000byte & (Unbuffered) Yahoo MSG

hc2-1 (config) # show run
##

Running database "initial"

Generated at 2019/06/19 05:51:13 +0900

Software version on which this output was taken: GigaVUE-OS 5.4.00 98411 2018-07-24 02:03:59

Hostname: hc2-1

##

Note: If you are not an admin user some command invocations may be omitted

because you do not have permissions to see them.

##

##

Network interface configuration

##
interface eth0
create
no dhcp
ip address 192.168.44.71 /24
no shutdown
no zeroconf
exit

##

Routing configuration

##
ip default-gateway 192.168.44.1 eth0

##

Other IP configuration

##
hostname hc2-1
ip domain-list learn.local
ip name-server 192.168.44.4

##

Other IPv6 configuration

##
no ipv6 enable

##

Logging configuration

##
logging 192.168.44.60
logging 192.168.44.60 trap warning

##

Local user account configuration

##
username admin password 7 $1$o0F.tl2T$BR6jW4rLWr1rN/oJ7kkb1.

##

AAA remote server configuration

##

ldap bind-password ****

radius-server key ****

tacacs-server key ****

##

Chassis level configurations

##
chassis box-id 1 serial-num CD607 type hc2 gdp disable

##

Card level configurations

##
card slot 1/1 product-code 132-00BD
card slot 1/2 product-code 132-00B3
card slot 1/3 product-code 132-00BE
card slot 1/4 product-code 132-00BQ
card slot 1/5 product-code 132-00AT
card slot 1/cc1 product-code 132-00AN

##

Port level configurations

##
port 1/1/x1 type network
port 1/1/x1 params admin enable
port 1/1/x2 type network
port 1/1/x2 params admin enable
port 1/1/x3 type network
port 1/1/x3 params admin enable
port 1/1/x4 type network
port 1/1/x4 params admin enable
port 1/1/x5 type tool
port 1/1/x5 params admin enable
port 1/1/x6 type tool
port 1/1/x6 params admin enable
port 1/1/x7 type tool
port 1/1/x7 params admin enable
port 1/1/x8 type tool
port 1/1/x8 params admin enable
port 1/1/x9 type tool
port 1/1/x9 params admin enable
port 1/1/x10 type network
port 1/1/x10 params admin enable
port 1/1/x11 type network
port 1/1/x11 params admin enable
port 1/1/x12 type network
port 1/1/x12 params admin enable
port 1/1/x13 type network
port 1/1/x13 params admin enable discovery all gdp enable
port 1/1/x14 type network
port 1/1/x14 params admin enable discovery all gdp enable
port 1/1/x15 type tool
port 1/1/x15 alias CEM-WebTool
port 1/1/x15 params admin enable
port 1/1/x16 type tool
port 1/1/x16 params admin enable
port 1/1/x17 type tool
port 1/1/x17 params admin enable
port 1/1/x18 type tool
port 1/1/x18 params admin enable
port 1/1/x19 type tool
port 1/1/x19 params admin enable
port 1/1/x20 type network
port 1/1/x20 params admin enable
port 1/1/x21 type network
port 1/1/x21 params admin enable
port 1/1/x22 type network
port 1/1/x22 params admin enable
port 1/1/x23 type network
port 1/1/x23 params admin enable
port 1/1/x24 type network
port 1/1/x24 params admin enable
port 1/2/g1 type network
port 1/2/g1 params taptx passive
port 1/2/g2 type network
port 1/2/g2 params taptx passive
port 1/2/g3 type network
port 1/2/g3 params taptx passive
port 1/2/g4 type network
port 1/2/g4 params taptx passive
port 1/2/g5 type network
port 1/2/g5 params taptx passive
port 1/2/g6 type network
port 1/2/g6 params taptx passive
port 1/2/g7 type network
port 1/2/g7 params taptx passive
port 1/2/g8 type network
port 1/2/g8 params taptx passive
port 1/2/g9 type network
port 1/2/g9 params taptx passive
port 1/2/g10 type network
port 1/2/g10 params taptx passive
port 1/2/g11 type network
port 1/2/g11 params taptx passive
port 1/2/g12 type network
port 1/2/g12 params taptx passive
port 1/2/g13 type network
port 1/2/g13 params taptx passive
port 1/2/g14 type network
port 1/2/g14 params taptx passive
port 1/2/g15 type network
port 1/2/g15 params taptx passive
port 1/2/g16 type network
port 1/2/g16 params taptx passive
port 1/2/g17 type network
port 1/2/g17 params taptx passive
port 1/2/g18 type network
port 1/2/g18 params taptx passive
port 1/2/g19 type network
port 1/2/g19 params taptx passive
port 1/2/g20 type network
port 1/2/g20 params taptx passive
port 1/2/g21 type network
port 1/2/g21 params taptx passive
port 1/2/g22 type network
port 1/2/g22 params taptx passive
port 1/2/g23 type network
port 1/2/g23 params taptx passive
port 1/2/g24 type network
port 1/2/g24 params taptx passive
port 1/3/q1 type network
port 1/3/q2 type network
port 1/3/q3 type network
port 1/3/q4 type network
port 1/3/q5 type network
port 1/3/q6 type network
port 1/4/x1 type network
port 1/4/x2 type network
port 1/4/x3 type network
port 1/4/x4 type network
port 1/4/x5 type network
port 1/4/x6 type network
port 1/4/x7 type network
port 1/4/x8 type network
port 1/4/x9 type network
port 1/4/x10 type network
port 1/4/x11 type network
port 1/4/x12 type network
port 1/4/x13 type network
port 1/4/x14 type network
port 1/4/x15 type network
port 1/4/x16 type network
port 1/4/x17 type inline-net
port 1/4/x18 type inline-net
port 1/4/x19 type inline-net
port 1/4/x20 type inline-net
port 1/4/x21 type inline-net
port 1/4/x22 type inline-net
port 1/4/x23 type inline-net
port 1/4/x24 type inline-net

##

Gigastream hash configurations

##
gigastream advanced-hash slot 1/cc1 default

##

SAPF configurations

##
apps asf alias sessions-20p-2
bi-directional enable
buffer enable
buffer-count-before-match 20
packet-count disable
protocol tcp
sess-field add ipv4-5tuple outer
timeout 15
exit
apps asf alias sessions-unbuffered-2
bi-directional enable
buffer disable
buffer-count-before-match 3
packet-count disable
protocol tcp
sess-field add ipv4-protocol outer
sess-field add ipv4-src outer
timeout 15
exit

##

Gsgroup configurations

##
gsgroup alias GS51 port-list 1/5/e1

##

Gs params configurations

##
gsparams gsgroup GS51
cpu utilization type total rising 80
dedup-action drop
dedup-ip-tclass include
dedup-ip-tos include
dedup-tcp-seq include
dedup-timer 50000
dedup-vlan ignore
eng-watchdog-timer 60
erspan3-timestamp format none
flow-mask disable
flow-sampling-rate 5
flow-sampling-timeout 1
flow-sampling-type device-ip
generic-session-timeout 5
gtp-control-sample enable
gtp-flow timeout 48
gtp-persistence disable
gtp-persistence file-age-timeout 30
gtp-persistence interval 10
gtp-persistence restart-age-time 30
ip-frag forward enable
ip-frag frag-timeout 10
ip-frag head-session-timeout 30
lb failover disable
lb failover-thres lt-bw 80
lb failover-thres lt-pkt-rate 1000
lb replicate-gtp-c disable
lb use-link-spd-wt disable
resource buffer-asf 2
resource cpu overload-threshold 90
resource hsm-ssl buffer disable
resource hsm-ssl packet-buffer 1000
resource packet-buffer overload-threshold 80
resource xpkt-pmatch num-flows 0
sip-media timeout 30
sip-session timeout 30
sip-tcp-idle-timeout 20
ssl-decrypt decrypt-fail-action drop
ssl-decrypt enable
ssl-decrypt hsm-pkcs11 dynamic-object enable
ssl-decrypt hsm-pkcs11 load-sharing enable
ssl-decrypt hsm-timeout 1000
ssl-decrypt key-cache-timeout 10800
ssl-decrypt non-ssl-traffic drop
ssl-decrypt pending-session-timeout 60
ssl-decrypt session-timeout 300
ssl-decrypt tcp-syn-timeout 20
ssl-decrypt ticket-cache-timeout 10800
tunnel-arp-timeout 600
tunnel-health-check action pass
tunnel-health-check disable
tunnel-health-check dstport 54321
tunnel-health-check interval 600
tunnel-health-check protocol icmp
tunnel-health-check rcvport 54321
tunnel-health-check retries 5
tunnel-health-check roundtriptime 1
tunnel-health-check srcport 54321
tunnel-ndp-timeout 600
xpkt-pmatch disable
exit

##

Gsop configurations

##
gsop alias ASF-buffered-2 apf set asf sessions-20p-2 port-list GS51
gsop alias ASF-unbuffered-2 apf set asf sessions-unbuffered-2 port-list GS51

##

Vport configurations

##
vport alias vp51-2 gsgroup GS51
vport alias vp51-2 failover-action vport-bypass

##

Inline-network configurations

##
inline-network alias default_inline_net_1_4_1
pair net-a 1/4/x17 and net-b 1/4/x18
physical-bypass enable
traffic-path bypass
exit
inline-network alias default_inline_net_1_4_2
pair net-a 1/4/x19 and net-b 1/4/x20
physical-bypass enable
traffic-path bypass
exit
inline-network alias default_inline_net_1_4_3
pair net-a 1/4/x21 and net-b 1/4/x22
physical-bypass enable
traffic-path bypass
exit
inline-network alias default_inline_net_1_4_4
pair net-a 1/4/x23 and net-b 1/4/x24
physical-bypass enable
traffic-path bypass
exit

##

Traffic map connection configurations

##
map alias map-email-2
type firstLevel byRule
roles replace admin to owner_roles
rule add pass portdst 25 bidir
to vp51-2
from 1/1/x11
exit
map alias map-IPv4-2
type firstLevel byRule
roles replace admin to owner_roles
rule add pass ipver 4
to vp51-2
from 1/1/x11
exit
map alias email-attachments-2
type secondLevel byRule
roles replace admin to owner_roles
use gsop ASF-buffered-2
gsrule add pass pmatch string Content-Disposition 0..1000
to 1/1/x15
from vp51-2
exit
map alias yahooMsg-2
type secondLevel byRule
roles replace admin to owner_roles
use gsop ASF-unbuffered-2
gsrule add pass pmatch string ymsg}ypns}yahoo 34..1000
to 1/1/x17
from vp51-2
exit
map-scollector alias vp51-collector-2
roles replace admin to owner_roles
from vp51-2
collector 1/1/x16
exit

##

Notifications

##

notifications target ip 192.168.44.60 port 5672 non-secure username admin password **

##

SNMP configuration

##
no snmp-server host 192.168.44.60 disable
snmp-server host 192.168.44.60 traps port 162 version 2c public

##

X.509 certificates configuration

##
#

Certificate name system-self-signed, ID 16a1327fbd87a1006edb042febc21e03f011810a

(public-cert config omitted since private-key config is hidden)

ASF (Buffered) Email Attachment Content-Disposition 1000byte + (unbuffered) Yahoo Msg

##

Web configuration

##

web proxy auth basic password ****

##

Time/NTP configuration

##
clock timezone Asia Southeast Seoul

##

Flat Panel Display configuration

##

lcd password ****

##

E-mail configuration

##

email auth password ****

email autosupport auth password ****

##

Miscellaneous other settings

##
internal set modify - /gv/notf/config/chassis/C7823 value string C7823
internal set modify - /gv/notf/config/chassis/C8B76 value string C8B76
hc2-1 (config) #

 

 

반응형
반응형

Gigamon Policy (Active Visibility)

gigamon-0200fd (config policy alias test3) # condition add ?
< condition > Add a condition to the policy
GsCpuUtilHigh
GsCpuUtilLow
GsHbStatusDown
GsHbStatusUp
GsPktBufThHigh
GsPktBufThLow
GsPktDropRateHigh
GsPktDropRateLow
GsRxPktErrorHigh
GsRxPktErrorLow
GsRxPktRateHigh
GsRxPktRateLow
InlineToolDown
InlineToolReady
InlineToolUp
PortDown
PortRxBufferHigh
PortRxBufferLow
PortRxDiscardsHigh
PortRxDiscardsLow
PortRxDropsHigh
PortRxDropsLow
PortRxErrorsHigh
PortRxErrorsLow
PortRxUtilHigh
PortRxUtilLow
PortTxBufferHigh
PortTxBufferLow
PortTxDiscardsHigh
PortTxDiscardsLow
PortTxDropsHigh
PortTxDropsLow
PortTxErrorsHigh
PortTxErrorsLow
PortTxUtilHigh
PortTxUtilLow
PortUp
TimeFriday
TimeMonday
TimeOfDay
TimeSaturday
TimeSunday
TimeThursday
TimeTuesday
TimeWednesday
TimeWeekday
TimeWeekend

gigamon-0200fd (config policy alias test3) # action add ?
< action > Add an action to the policy.
FlexInlineOOBAdd
FlexInlineOOBDelete
InlineNetTrafficPath
InlineToolDisable
InlineToolEnable
InlineToolRecover
MapDisable
MapEnable
MapGsRuleAdd
MapGsRuleDelete
MapRuleAdd
MapRuleDelete
PhysicalByPassDisable
PhysicalByPassEnable
PolicyDisable
PolicyEnable
PortDisable
PortEnable
PortFilterAdd
PortFilterDelete
PortFilterDeleteAll
WriteMemory

 

 

반응형
반응형

Controlled GigaStream Configuration

To configure a controlled tool GigaStream, specify hash size and hash bucket ID, using the prefix mode. Refer to the following example:

Step

Description

Command

  1. Configure ports using type tool for controlled GigaStream.

(config) # port 1/3/q4..q6 type tool

  1. Configure a controlled GigaStream. This uses the prefix mode to configure all parameters.

(config) # gigastream alias stream2
(config gigastream alias stream2) # hash-size 12
(config gigastream alias stream2) # hash-bucket-id 1..3 port 1/3/q4..q6
(config gigastream alias stream2) # comment “controlled gigastream”
(config gigastream alias stream2) # exit
(config) #

  1. Display the configuration for this example.

(config) # show gigastream

 

반응형
반응형

IP Tunnel Receiving End Configuration

port 1/1/x1 type network

port 1/1/x5 type tool

gsgroup alias GS51 port-list 1/5/e1

tunneled-port 1/1/x1 ip 192.168.51.80/24 gateway 192.168.51.1 mtu 9600 port-list GS51

gsop alias Remote2HQtunnel tunnel-recap type grip portdst 8001 port-list GS51

map alias FieldCallCtrDB

# comment "Field Call Center database traffic received at HQ"
# use gsop Remote2HQTunnel
# rule add pass ipsrc 172.16.10.88
# from 1/1/x1
# to 1/1/x5
# exit

 

 

반응형
반응형

IP Tunnel Sending End Configuration

port 1/1/x1 type network

port 1/1/x5 type tool

gsgroup alias GS51 port-list 1/5/e1

tunneled-port 1/1/x5 ip 172.16.10.88/24 gateway 172.16.10.1 mtu 9600 port-list GS51

gsop alias Chicago2HQ tunnel-uncap type gmip porters 8000 protest 8001 ipdst 192.168.51.80 port-list GS51

map alias ChicagoDBtoHQ

# comment "Chicago Call Center Database traffic sent to HQ"
# use gsop Chcago2HQ
# rule add pass porters 1521 bidir
# from 1/1/x1
# to 1/1/x5
# exit

 

 

반응형

+ Recent posts