반응형

<load-configuration format="xml">
<configuration>
    <interfaces>
        <interface>
            <name>et-0/0/0</name>
            <unit>
                <name>0</name>
                <family>
                    <inet>
                        <filter>
                            <input>
                                <filter-name>fw_filter</filter-name>
                            </input>
                        </filter>
                    </inet>
                </family>
            </unit>
        </interface>
<interface>
            <name>et-0/0/10</name>
            <unit>
                <name>0</name>
                <family>
                    <inet>
                        <filter>
                            <input>
                                <filter-name>fw_filter</filter-name>
                            </input>
                        </filter>
                    </inet>
                </family>
            </unit>
        </interface>
        <interface>
            <name>et-0/0/20</name>
            <unit>
                <name>0</name>
                <family>
                    <inet>
                        <filter>
                            <input>
                                <filter-name>fw_filter</filter-name>
                            </input>
                        </filter>
                    </inet>
                </family>
            </unit>
        </interface>
    </interfaces>
    <forwarding-options>
        <port-mirroring>
            <instance>
                <name>tcp80</name>
                <family>
                    <inet>
                        <output>
                            <interface>
                                <name>et-0/0/30.0</name>
                                <next-hop>
                                    <name>200.0.10.2</name>
                                </next-hop>
                            </interface>
                        </output>
                    </inet>
                </family>
            </instance>
            <instance>
                <name>tcp443</name>
                <family>
                    <inet>
                        <output>
                            <interface>
                                <name>et-0/0/30.0</name>
                                <next-hop>
                                    <name>200.0.10.2</name>
                                </next-hop>
                            </interface>
                        </output>
                    </inet>
                </family>
            </instance>
            <instance>
                <name>udp123</name>
                <family>
                    <inet>
                        <output>
                            <interface>
                                <name>et-0/0/30.0</name>
                                <next-hop>
                                    <name>200.0.10.2</name>
                                </next-hop>
                            </interface>
                        </output>
                    </inet>
                </family>
            </instance>
        </port-mirroring>
    </forwarding-options>
    <firewall>
        <family>
            <inet>
                <filter>
                    <name>fw_filter</name>
                    <term>
                        <name>tcp80</name>
                        <from>
                            <destination-address>
                                <name>1.1.1.1/32</name>
                            </destination-address>
                            <protocol>tcp</protocol>
                            <destination-port>80</destination-port>
                        </from>
                        <then>
                            <port-mirror-instance>tcp80</port-mirror-instance>
                            <discard>
                            </discard>
                        </then>
                    </term>
                    <term>
                        <name>tcp443</name>
                        <from>
                            <destination-address>
                                <name>2.2.2.2/32</name>
                            </destination-address>
                            <protocol>tcp</protocol>
                            <destination-port>443</destination-port>
                        </from>
                        <then>
                            <port-mirror-instance>tcp443</port-mirror-instance>
                            <discard>
                            </discard>
                        </then>
                    </term>
                    <term>
                        <name>udp123</name>
                        <from>
                            <source-address>
                                <name>3.3.3.3/32</name>
                            </source-address>
                            <protocol>udp</protocol>
                            <source-port>123</source-port>
                        </from>
                        <then>
                            <port-mirror-instance>udp123</port-mirror-instance>
                            <discard>
                            </discard>
                        </then>
                    </term>
                    <term>
                        <name>default</name>
                        <then>
                            <accept/>
                        </then>
                    </term>
                </filter>
            </inet>
        </family>
    </firewall>
</configuration>
</load-configuration>
<commit/>

 

 

반응형
저작자표시

'업무이야기 > Network' 카테고리의 다른 글

Juniper EX2200 이중화  (1) 2023.05.02
Juniper Switch Virtual-Chassis (STACK)  (0) 2023.05.02
Juniper VRRP and Load Sharing  (0) 2021.06.14
Juniper show command (RSI : request support information)  (0) 2021.03.29
Juniper Troubleshooting Commands  (0) 2021.03.29
반응형

https://www.juniper.net/documentation/us/en/software/junos/high-availability/topics/example/VRRP-qfx-series-load-sharing.html

 

Example: Configuring VRRP for Load Sharing | High Availability User Guide | Juniper Networks TechLibrary

This example uses two VRRP groups, each of which has its own virtual IP address. Devices on the LAN use one of these virtual IP addresses as their default gateway. If one of the switches fails, the other switch takes over for it. In the topology shown in F

www.juniper.net

 

Example: Configuring VRRP for Load Sharing

date_range17-Feb-21

Product and Release Support

arrow_backward arrow_forward

If you do not want to dedicate a switch to be a VRRP backup (and therefore leave it idle unless the primary fails), you can create a load-sharing configuration in which each participating switch simultaneously acts as a primary and a backup.

One reason to use a load-sharing (active-active) configuration is that you are more likely to actively monitor and maintain both switches and notice if a problem occurs on either of them. If you use a configuration in which one switch is only a backup (an active-backup configuration), you might be less likely to pay attention to the backup switch while it is idle. In the worst case, this could lead to the backup switch developing an undetected problem and not being able to perform adequately when a failover occurs.

Requirements

This example uses the following hardware and software components:

  • Two switches
  • Junos OS Release 11.3 or later
  • Static routing or a dynamic routing protocol enabled on both switches.

Overview and Topology

This example uses two VRRP groups, each of which has its own virtual IP address. Devices on the LAN use one of these virtual IP addresses as their default gateway. If one of the switches fails, the other switch takes over for it. In the topology shown in Figure 1, for example, Switch A is the primary for VRRP group 100. If Switch A fails, Switch B takes over and forwards traffic that the end devices send to the default gateway address 10.1.1.1.

Figure 1: VRRP Load-Sharing Configuration

This example shows a simple configuration to illustrate the basic steps for configuring two switches running VRRP to back each other up.Table 1 lists VRRP settings for each switch.

Topology

Table 1: Settings for VRRP Load-Sharing ExampleSwitch ASwitch B

VRRP Group 100:
  • Interface address: 10.1.1.251
  • VIP: 10.1.1.1
  • Priority: 250
 VRRP Group 100:
  • Interface address: 10.1.1.252
  • VIP: 10.1.1.1
  • Priority: 200
VRRP Group 200:
  • Interface address: 10.1.1.251
  • VIP: 10.1.1.2
  • Priority: 200
 VRRP Group 200:
  • Interface address: 10.1.1.252
  • VIP: 10.1.1.2
  • Priority: 250

In addition to configuring the two switches as shown, you must configure your end devices so that some of them use one of the virtual IP addresses as their default gateway and the remaining end devices use the other virtual IP address as their default gateway.

Note that if a failover occurs, the remaining switch might be unable to handle all of the traffic, depending on the demand.

Configuring VRRP on Both Switches

Procedure

CLI Quick Configuration

Enter the following on Switch A:

content_copy zoom_out_map

[edit] set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 virtual-address 10.1.1.1 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 250 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 200 virtual-address 10.1.1.2 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 200 priority 200

Enter the following on Switch B:

content_copy zoom_out_map

[edit] set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 virtual-address 10.1.1.1 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 priority 200 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 200 virtual-address 10.1.1.2 set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 200 priority 250

Step-by-Step Procedure

Configure the VRRP groups and priorities on Switch A:

  1. Create VRRP group 100 on Switch A and configure the virtual IP address for the group:
  2. content_copy zoom_out_map
  3. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 virtual-address 10.1.1.1
  4. Assign the VRRP priority for this interface in this group:
  5. content_copy zoom_out_map
  6. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 250
  7. Create VRRP group 200 on Switch A and configure the virtual IP address for the group:
  8. content_copy zoom_out_map
  9. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 200 virtual-address 10.1.1.2
  10. Assign the VRRP priority for this interface in this group:
  11. content_copy zoom_out_map
  12. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 200

Step-by-Step Procedure

Configure the VRRP groups and priorities on Switch B:

  1. Create VRRP group 100 on Switch B and configure the virtual IP address for the group:
  2. content_copy zoom_out_map
  3. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 virtual-address 10.1.1.1
  4. Assign the VRRP priority for this interface in this group:Switch A remains the primary for group 100 because it has the highest priority for this group.
  5. content_copy zoom_out_map
  6. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 100 priority 200
  7. Create VRRP group 200 on Switch A and configure the virtual IP address for the group:
  8. content_copy zoom_out_map
  9. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.252/24 vrrp-group 200 virtual-address 10.1.1.2
  10. Assign the VRRP priority for this interface in this group:Switch B becomes the primary for group 200 because it has the highest priority for this group.
  11. content_copy zoom_out_map
  12. [edit] user@switch# set interfaces xe-0/0/0 unit 0 family inet address 10.1.1.251/24 vrrp-group 100 priority 250

Results

Display the results of the configuration on Switch A:

content_copy zoom_out_map

user@switch> show configuration interfaces { xe-0/0/0 { unit 0 { family inet { address 10.1.1.251 { vrrp-group 100 { virtual address 10.1.1.1 priority 250 } vrrp-group 200 { virtual address 10.1.1.2 priority 200 } } } } } }

Display the results of the configuration on Switch B:

content_copy zoom_out_map

user@switch> show configuration interfaces { xe-0/0/0 { unit 0 { family inet { address 10.1.1.252 { vrrp-group 100 { virtual address 10.1.1.1 priority 200 } vrrp-group 200 { virtual address 10.1.1.2 priority 250 } } } } } }

Verification

Verifying that VRRP Is Working on Switch A

Purpose

Verify that VRRP is active on Switch A and that the primary and backup roles are correct.

Action

Use the following command to verify that VRRP is active on Switch A and that the switch is primary for group 100 and backup for group 200.

content_copy zoom_out_map

user@switch> show vrrp Interface State Group VR state Timer Type Address xe-0/0/0.0 up 100 master A .0327 lcl 10.1.1.251 vip 10.1.1.1 xe-0/0/0.0 up 200 backup A .0327 lcl 10.1.1.251 vip 10.1.1.2

Meaning

The show vrrp command displays fundamental information about the VRRP configuration. This output shows that both VRRP groups are active and that this switch has assumed the correct primary and backup roles. The lcl address is the physical address of the interface and the vip address is the virtual address shared by both switches. The Timer value (A .0327) indicates the remaining time (in seconds) in which this switch expects to receive a VRRP advertisement from the other switch. If an advertisement for group 200 does not arrive before the timer expires, Switch A asserts itself as the primary for this group.

Verifying that VRRP Is Working on Switch B

Purpose

Verify that VRRP is active on Switch B and that the primary and backup roles are correct.

Action

Use the following command to verify that VRRP is active on Switch B and that the switch is backup for group 100 and primary for group 200.

content_copy zoom_out_map

user@switch> show vrrp Interface State Group VR state Timer Type Address xe-0/0/0.0 up 100 backup A .0327 lcl 10.1.1.252 vip 10.1.1.1 xe-0/0/0.0 up 200 master A .0327 lcl 10.1.1.252 vip 10.1.1.2

Meaning

The show vrrp command displays fundamental information about the VRRP configuration. This output shows that both VRRP groups are active and that this switch has assumed the correct primary and backup roles. The lcl address is the physical address of the interface and the vip address is the virtual address shared by both switches. The Timer value (A .0327) indicates the remaining time (in seconds) in which this switch expects to receive a VRRP advertisement from the other switch. If an advertisement for group 100 does not arrive before the timer expires, Switch B asserts itself as the primary for this group.

 

 

반응형
저작자표시

'업무이야기 > Network' 카테고리의 다른 글

Juniper Switch Virtual-Chassis (STACK)  (0) 2023.05.02
Juniper RestAPI Sample  (0) 2021.08.06
Juniper show command (RSI : request support information)  (0) 2021.03.29
Juniper Troubleshooting Commands  (0) 2021.03.29
Juniper request chassis cluster failover redundancy-group  (0) 2021.03.16
반응형

Cluster B 5.9.00

TA10 [1717: normal] (config) # show running-config 
##
## Running database "initial"
## Generated at 2021/04/28 16:50:40 +0900
## Software version on which this output was taken: GigaVUE-OS 5.9.00 172922 2020-04-01 08:04:02
## Hostname: TA10
##
## Note: If you are not an admin user some command invocations may be omitted
## because you do not have permissions to see them.
##

##
## Network interface configuration
##
interface inband
  create
  exit
interface eth0
  no dhcp
  ip address 10.11.11.221 /24
  exit
interface inband
  comment ""
  no dhcp
  display
  duplex auto
  mtu 1500
  no shutdown
  speed auto
  no zeroconf
  exit

##
## Network interface IPv6 configuration
##
interface inband
  no ipv6 address autoconfig
  ipv6 address autoconfig default
  no ipv6 address autoconfig privacy
  no ipv6 dhcp client enable
  ipv6 enable
  exit

##
## Routing configuration
##
ip default-gateway 10.11.11.254

##
## Other IP configuration
##
hostname TA10
ip name-server 8.8.8.8

##
## Other IPv6 configuration
##
no ipv6 enable

##
## Local user account configuration
##
username admin password 7 $1$h1kkZTiM$YG/C.yQme.xM/aIT/4MvB/
no username sbbaek disable
username sbbaek full-name ""
username sbbaek password 7 $1$/WFiHiD1$YDm2QkykG1hRcZFawhx6h1
username sbbaek roles replace admin
no username wins disable
username wins full-name "System Administrator"
username wins password 7 $1$Yo9pcPYJ$3LljDLRnhZ1wSlST6Sp8U1
username wins roles replace admin

##
## AAA remote server configuration
##
# ldap bind-password ********
# radius-server key ********
# tacacs-server key ********

##
## AAA configuration
##
aaa authentication login default tacacs+ local

##
## Chassis level configurations
##
chassis box-id 1 serial-num C1399 type hc2 gdp disable
chassis box-id 2 serial-num D0388 type ta10 gdp disable

##
## Card level configurations
##
card slot 1/1  product-code 132-00BQ
card slot 1/3  product-code 132-00BK
card slot 1/cc1  product-code 132-00AN
card slot 2/1  product-code 132-00CC mode 48x noconfirm

##
## Port level configurations
##
port 1/1/x1 type network
port 1/1/x2 type network
port 1/1/x3 type network
port 1/1/x4 type network
port 1/1/x5 type network
port 1/1/x6 type network
port 1/1/x7 type network
port 1/1/x8 type network
port 1/1/x9 type network
port 1/1/x10 type network
port 1/1/x11 type network
port 1/1/x12 type network
port 1/1/x13 type network
port 1/1/x14 type network
port 1/1/x15 type tool
port 1/1/x15 params admin enable
port 1/1/x16 type network
port 1/1/x17 type inline-net
port 1/1/x18 type inline-net
port 1/1/x19 type inline-net
port 1/1/x20 type inline-net
port 1/1/x21 type inline-net
port 1/1/x22 type inline-net
port 1/1/x23 type inline-net
port 1/1/x24 type inline-net
port 1/3/x1 type network
port 1/3/x2 type network
port 1/3/x3 type network
port 1/3/x4 type network
port 1/3/x4 params admin enable
port 1/3/x5 type stack
port 1/3/x5 params admin enable
port 1/3/x6 type stack
port 1/3/x6 params admin enable
port 1/3/x7 type stack
port 1/3/x7 params admin enable
port 1/3/x8 type stack
port 1/3/x8 params admin enable
port 1/3/x9 type network
port 1/3/x9 params admin enable
port 1/3/x10 type network
port 1/3/x11 type network
port 1/3/x12 type network
port 1/3/x13 type network
port 1/3/x13 params admin enable
port 1/3/x14 type network
port 1/3/x14 params admin enable
port 1/3/x15 type network
port 1/3/x15 params admin enable autoneg enable
port 1/3/x16 type network
port 1/3/x16 params admin enable autoneg enable
port 2/1/q1 type network
port 2/1/q2 type network
port 2/1/q3 type network
port 2/1/q4 type network
port 2/1/x1 type network
port 2/1/x2 type network
port 2/1/x3 type network
port 2/1/x4 type network
port 2/1/x5 type network
port 2/1/x6 type network
port 2/1/x7 type network
port 2/1/x8 type network
port 2/1/x9 type network
port 2/1/x10 type network
port 2/1/x11 type network
port 2/1/x12 type network
port 2/1/x13 type network
port 2/1/x14 type network
port 2/1/x15 type network
port 2/1/x16 type network
port 2/1/x17 type network
port 2/1/x18 type network
port 2/1/x19 type network
port 2/1/x20 type network
port 2/1/x21 type network
port 2/1/x22 type network
port 2/1/x23 type network
port 2/1/x24 type network
port 2/1/x25 type network
port 2/1/x25 params admin enable
port 2/1/x26 type network
port 2/1/x27 type network
port 2/1/x28 type network
port 2/1/x29 type network
port 2/1/x30 type network
port 2/1/x31 type network
port 2/1/x32 type network
port 2/1/x33 type network
port 2/1/x34 type network
port 2/1/x35 type network
port 2/1/x36 type network
port 2/1/x37 type tool
port 2/1/x37 params admin enable autoneg enable
port 2/1/x38 type tool
port 2/1/x38 params admin enable autoneg enable
port 2/1/x39 type network
port 2/1/x40 type network
port 2/1/x41 type network
port 2/1/x42 type network
port 2/1/x43 type network
port 2/1/x44 type network
port 2/1/x45 type stack
port 2/1/x45 params admin enable
port 2/1/x46 type stack
port 2/1/x46 params admin enable
port 2/1/x47 type stack
port 2/1/x47 params admin enable
port 2/1/x48 type stack
port 2/1/x48 params admin enable

##
## Gigastream hash configurations
##
gigastream advanced-hash slot 1/cc1 default
gigastream advanced-hash slot 2/1 default

##
## Gigastream configurations
##
gigastream alias GigaStream1
  port-list 1/3/x5,1/3/x6,1/3/x7,1/3/x8 params hash advanced
  exit
gigastream alias GigaStream2
  port-list 2/1/x45,2/1/x46,2/1/x47,2/1/x48 params hash advanced
  exit

##
## Stack Link configurations
##
stack-link alias st1 between gigastreams GigaStream1 and GigaStream2

##
## Inline-network configurations
##
inline-network alias default_inline_net_1_1_1
  pair net-a 1/1/x17 and net-b 1/1/x18
  physical-bypass enable
  traffic-path bypass
  exit
inline-network alias default_inline_net_1_1_2
  pair net-a 1/1/x19 and net-b 1/1/x20
  physical-bypass disable
  traffic-path bypass
  exit
inline-network alias default_inline_net_1_1_3
  pair net-a 1/1/x21 and net-b 1/1/x22
  physical-bypass enable
  traffic-path bypass
  exit
inline-network alias default_inline_net_1_1_4
  pair net-a 1/1/x23 and net-b 1/1/x24
  physical-bypass enable
  traffic-path bypass
  exit

##
## Port-pair connection configurations
##
port-pair alias Pair1 between 1/3/x13 and 1/3/x15 lfp enable
port-pair alias Pair2 between 1/3/x14 and 1/3/x16 lfp enable

##
## Traffic map connection configurations
##
map alias dedup
  type regular byRule
  roles replace admin to owner_roles
  rule add pass macdst 0000.0000.0000 0000.0000.0000 bidir
  to 2/1/x37
  from 2/1/x25
  exit
map-passall alias intooob
  roles replace admin to owner_roles
  to 1/1/x15
  from 1/1/x19,1/1/x20
  exit

##
## SNMP configuration
##
snmp-server community 9fa97e11de17 
no snmp-server host 10.10.10.164 disable
snmp-server host 10.10.10.164 traps port 162 version 2c 9fa97e11de17
snmp-server throttle event linkspeedstatuschange interval 60 report-threshold 1
snmp-server throttle event packetdrop interval 60 report-threshold 1
snmp-server throttle event rxtxerror interval 60 report-threshold 1
no snmp-server traps event inlinetoolrecovery
no snmp-server traps event process-cpu-threshold
no snmp-server traps event process-mem-threshold
no snmp-server traps event system-cpu-threshold
no snmp-server traps event system-mem-threshold

##
## Cluster configuration
##
cluster id 1717
cluster master address vip 10.11.11.222 /24
cluster name 1717
cluster shared-secret qwertyuiopasdfghjkl
cluster enable

##
## X.509 certificates configuration
##
#
# Certificate name system-self-signed, ID 1a0571fba61930520ea3c54d3ccf14cb75a86f54
# (public-cert config omitted since private-key config is hidden)


##
## Web configuration
##
# web proxy auth basic password ********

##
## Time/NTP configuration
##
clock timezone Asia Southeast Seoul

##
## E-mail configuration
##
# email auth password ********
# email autosupport auth password ********
TA10 [1717: normal] (config) #  

 

 

반응형
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon Basics: Configuring Ports  (0) 2022.06.13
Gigamon Basics: Setting up your HC appliance for the first time upon power-on  (0) 2022.06.13
Gigamon Clustering #1  (0) 2021.06.11
GigaSALES Certification Test  (0) 2021.03.29
Could you please share us the below listed information to proceed further on this case.  (0) 2021.01.25
반응형

Cluster A 5.9.00

wins-gigamon [1717: master] (config) # show running-config 
##
## Running database "20210428_backup"
## Generated at 2021/04/28 16:51:51 +0900
## Software version on which this output was taken: GigaVUE-OS 5.9.00 172922 2020-04-01 08:04:52
## Hostname: wins-gigamon
##
## Note: If you are not an admin user some command invocations may be omitted
## because you do not have permissions to see them.
##

##
## Network interface configuration
##
interface eth1
  create
  exit
interface inband
  create
  exit
interface eth0
  no dhcp
  ip address 10.11.11.220 /24
  exit
interface eth1
  comment ""
  dhcp
  display
  duplex auto
  mtu 1500
  no shutdown
  speed auto
  no zeroconf
  exit
interface eth2
  no zeroconf
  exit
interface inband
  comment ""
  no dhcp
  display
  duplex auto
  mtu 1500
  no shutdown
  speed auto
  zeroconf
  exit

##
## Network interface IPv6 configuration
##
interface eth0
  no ipv6 dhcp client enable
  exit
interface eth1
  no ipv6 address autoconfig
  ipv6 address autoconfig default
  no ipv6 address autoconfig privacy
  no ipv6 dhcp client enable
  ipv6 enable
  exit
interface inband
  no ipv6 address autoconfig
  ipv6 address autoconfig default
  no ipv6 address autoconfig privacy
  no ipv6 dhcp client enable
  ipv6 enable
  exit

##
## Routing configuration
##
ip default-gateway 10.11.11.254 eth0

##
## Other IP configuration
##
hostname wins-gigamon

##
## Other IPv6 configuration
##
no ipv6 enable

##
## Local user account configuration
##
username admin password 7 $1$h1kkZTiM$YG/C.yQme.xM/aIT/4MvB/
no username sbbaek disable
username sbbaek full-name ""
username sbbaek password 7 $1$/WFiHiD1$YDm2QkykG1hRcZFawhx6h1
username sbbaek roles replace admin
no username wins disable
username wins full-name "System Administrator"
username wins password 7 $1$Yo9pcPYJ$3LljDLRnhZ1wSlST6Sp8U1
username wins roles replace admin

##
## AAA remote server configuration
##
# ldap bind-password ********
# radius-server key ********
# tacacs-server key ********

##
## AAA configuration
##
aaa authentication login default tacacs+ local

##
## Chassis level configurations
##
chassis box-id 1 serial-num C1399 type hc2 gdp disable
chassis box-id 2 serial-num D0388 type ta10 gdp disable

##
## Card level configurations
##
card slot 1/1  product-code 132-00BQ
card slot 1/3  product-code 132-00BK
card slot 1/cc1  product-code 132-00AN
card slot 2/1  product-code 132-00CC mode 48x noconfirm

##
## Port level configurations
##
port 1/1/x1 type network
port 1/1/x2 type network
port 1/1/x3 type network
port 1/1/x4 type network
port 1/1/x5 type network
port 1/1/x6 type network
port 1/1/x7 type network
port 1/1/x8 type network
port 1/1/x9 type network
port 1/1/x10 type network
port 1/1/x11 type network
port 1/1/x12 type network
port 1/1/x13 type network
port 1/1/x14 type network
port 1/1/x15 type tool
port 1/1/x15 params admin enable
port 1/1/x16 type network
port 1/1/x17 type inline-net
port 1/1/x17 params speed 1000
port 1/1/x18 type inline-net
port 1/1/x18 params speed 1000
port 1/1/x19 type inline-net
port 1/1/x19 params admin enable speed 1000
port 1/1/x20 type inline-net
port 1/1/x20 params admin enable speed 1000
port 1/1/x21 type inline-net
port 1/1/x21 params speed 1000
port 1/1/x22 type inline-net
port 1/1/x22 params speed 1000
port 1/1/x23 type inline-net
port 1/1/x23 params admin enable speed 1000
port 1/1/x24 type inline-net
port 1/1/x24 params admin enable speed 1000
port 1/3/x1 type network
port 1/3/x2 type network
port 1/3/x3 type network
port 1/3/x4 type network
port 1/3/x4 params admin enable
port 1/3/x5 type stack
port 1/3/x5 params admin enable
port 1/3/x6 type stack
port 1/3/x6 params admin enable
port 1/3/x7 type stack
port 1/3/x7 params admin enable
port 1/3/x8 type stack
port 1/3/x8 params admin enable
port 1/3/x9 type network
port 1/3/x9 params admin enable
port 1/3/x10 type network
port 1/3/x11 type network
port 1/3/x12 type network
port 1/3/x13 type network
port 1/3/x13 params admin enable
port 1/3/x14 type network
port 1/3/x14 params admin enable
port 1/3/x15 type network
port 1/3/x15 params admin enable autoneg enable
port 1/3/x16 type network
port 1/3/x16 params admin enable autoneg enable
port 2/1/q1 type network
port 2/1/q2 type network
port 2/1/q3 type network
port 2/1/q4 type network
port 2/1/x1 type network
port 2/1/x2 type network
port 2/1/x3 type network
port 2/1/x4 type network
port 2/1/x5 type network
port 2/1/x6 type network
port 2/1/x7 type network
port 2/1/x8 type network
port 2/1/x9 type network
port 2/1/x10 type network
port 2/1/x11 type network
port 2/1/x12 type network
port 2/1/x13 type network
port 2/1/x14 type network
port 2/1/x15 type network
port 2/1/x16 type network
port 2/1/x17 type network
port 2/1/x18 type network
port 2/1/x19 type network
port 2/1/x20 type network
port 2/1/x21 type network
port 2/1/x22 type network
port 2/1/x23 type network
port 2/1/x24 type network
port 2/1/x25 type network
port 2/1/x25 params admin enable
port 2/1/x26 type network
port 2/1/x27 type network
port 2/1/x28 type network
port 2/1/x29 type network
port 2/1/x30 type network
port 2/1/x31 type network
port 2/1/x32 type network
port 2/1/x33 type network
port 2/1/x34 type network
port 2/1/x35 type network
port 2/1/x36 type network
port 2/1/x37 type tool
port 2/1/x37 params admin enable autoneg enable
port 2/1/x38 type tool
port 2/1/x38 params admin enable autoneg enable
port 2/1/x39 type network
port 2/1/x40 type network
port 2/1/x41 type network
port 2/1/x42 type network
port 2/1/x43 type network
port 2/1/x44 type network
port 2/1/x45 type stack
port 2/1/x45 params admin enable
port 2/1/x46 type stack
port 2/1/x46 params admin enable
port 2/1/x47 type stack
port 2/1/x47 params admin enable
port 2/1/x48 type stack
port 2/1/x48 params admin enable

##
## Gigastream hash configurations
##
gigastream advanced-hash slot 1/cc1 default
gigastream advanced-hash slot 2/1 default

##
## Gigastream configurations
##
gigastream alias GigaStream1
  port-list 1/3/x5,1/3/x6,1/3/x7,1/3/x8 params hash advanced
  exit
gigastream alias GigaStream2
  port-list 2/1/x45,2/1/x46,2/1/x47,2/1/x48 params hash advanced
  exit

##
## Stack Link configurations
##
stack-link alias st1 between gigastreams GigaStream1 and GigaStream2

##
## Gsgroup configurations
##
gsgroup alias GS1 port-list 1/3/e1

##
## Gs params configurations
##
gsparams gsgroup GS1
  3gpp-node-role disable
  5g-flow timeout 48
  cpu utilization type total rising 80
  dedup-action drop
  dedup-ip-tclass include
  dedup-ip-tos include
  dedup-tcp-seq include
  dedup-timer 50000
  dedup-vlan ignore
  diameter-packet timeout 2
  diameter-s6a-session limit 10000
  diameter-s6a-session timeout 30
  eng-watchdog-timer 60
  erspan3-timestamp format none
  flow-mask disable
  flow-sampling-rate 5
  flow-sampling-timeout 1
  flow-sampling-type device-ip
  generic-session-timeout 5
  gtp-control-sample enable
  gtp-flow timeout 48
  gtp-persistence disable
  gtp-persistence file-age-timeout 30
  gtp-persistence interval 10
  gtp-persistence restart-age-time 30
  gtp-randomsample disable
  gtp-randomsample interval 12
  ip-frag forward enable
  ip-frag frag-timeout 10
  ip-frag head-session-timeout 30
  lb failover disable
  lb failover-thres lt-bw 80
  lb failover-thres lt-pkt-rate 1000
  lb replicate-gtp-c disable
  lb use-link-spd-wt disable
  resource buffer-asf disable
  resource cpu overload-threshold 90
  resource hsm-ssl buffer disable
  resource hsm-ssl packet-buffer 1000
  resource inline-ssl standalone enable
  resource metadata disable
  resource packet-buffer overload-threshold 80
  resource xpkt-pmatch num-flows 0
  session logging level none
  sip-media timeout 30
  sip-nat disable
  sip-session timeout 30
  sip-tcp-idle-timeout 20
  ssl-decrypt decrypt-fail-action drop
  ssl-decrypt enable
  ssl-decrypt hsm-pkcs11 dynamic-object enable
  ssl-decrypt hsm-pkcs11 load-sharing enable
  ssl-decrypt hsm-timeout 1000
  ssl-decrypt key-cache-timeout 10800
  ssl-decrypt non-ssl-traffic drop
  ssl-decrypt pending-session-timeout 60
  ssl-decrypt session-timeout 300
  ssl-decrypt tcp-syn-timeout 20
  ssl-decrypt ticket-cache-timeout 10800
  tunnel-health-check action pass
  tunnel-health-check disable
  tunnel-health-check dstport 54321
  tunnel-health-check interval 600
  tunnel-health-check protocol icmp
  tunnel-health-check rcvport 54321
  tunnel-health-check retries 5
  tunnel-health-check roundtriptime 1
  tunnel-health-check srcport 54321
  xpkt-pmatch disable
  exit

##
## Gsop configurations
##
gsop alias Dedup dedup set port-list GS1

##
## Vport configurations
##
vport alias VP1 gsgroup GS1
vport alias VP1 failover-action vport-bypass
vport alias VP1 outer-traffic-path to-inline-tool
vport alias VP1 inner-traffic-path to-inline-tool
vport alias VP1 deferred-binding disable
vport alias VP1 mmon disable

##
## Inline-network configurations
##
inline-network alias default_inline_net_1_1_1
  pair net-a 1/1/x17 and net-b 1/1/x18
  physical-bypass enable
  traffic-path bypass
  exit
inline-network alias default_inline_net_1_1_2
  pair net-a 1/1/x19 and net-b 1/1/x20
  physical-bypass disable
  traffic-path bypass
  exit
inline-network alias default_inline_net_1_1_3
  pair net-a 1/1/x21 and net-b 1/1/x22
  physical-bypass enable
  traffic-path bypass
  exit
inline-network alias default_inline_net_1_1_4
  pair net-a 1/1/x23 and net-b 1/1/x24
  physical-bypass enable
  traffic-path bypass
  exit

##
## Port-pair connection configurations
##
port-pair alias Pair1 between 1/3/x13 and 1/3/x15 lfp enable
port-pair alias Pair2 between 1/3/x14 and 1/3/x16 lfp enable

##
## Traffic map connection configurations
##
map alias dedup
  type regular byRule
  roles replace admin to owner_roles
  use gsop Dedup
  rule add pass macdst 0000.0000.0000 0000.0000.0000 bidir
  to 2/1/x37
  from 2/1/x25
  exit
map-passall alias intooob
  roles replace admin to owner_roles
  to 1/1/x15
  from 1/1/x19,1/1/x20
  exit

##
## SNMP configuration
##
snmp-server community 9fa97e11de17 
no snmp-server host 10.10.10.164 disable
snmp-server host 10.10.10.164 traps port 162 version 2c 9fa97e11de17
snmp-server throttle event linkspeedstatuschange interval 60 report-threshold 1
snmp-server throttle event packetdrop interval 60 report-threshold 1
snmp-server throttle event rxtxerror interval 60 report-threshold 1
no snmp-server traps event inlinetoolrecovery
no snmp-server traps event process-cpu-threshold
no snmp-server traps event process-mem-threshold
no snmp-server traps event system-cpu-threshold
no snmp-server traps event system-mem-threshold

##
## Cluster configuration
##
cluster id 1717
cluster interface eth0
cluster master address primary ip 10.11.11.220 port 60102
cluster master address secondary ip 10.11.11.221 port 60102
cluster master address vip 10.11.11.222 /24
cluster master preference 90
cluster name 1717
cluster shared-secret qwertyuiopasdfghjkl
cluster enable

##
## X.509 certificates configuration
##
#
# Certificate name system-self-signed, ID 641af2864a5f06088b57a3bc49d4762dbcb108bb
# (public-cert config omitted since private-key config is hidden)


##
## Web configuration
##
# web proxy auth basic password ********

##
## Time/NTP configuration
##
clock timezone Asia Southeast Seoul

##
## E-mail configuration
##
# email auth password ********
# email autosupport auth password ********
wins-gigamon [1717: master] (config) #  

 

 

반응형
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon Basics: Setting up your HC appliance for the first time upon power-on  (0) 2022.06.13
Gigamon Clustering #2  (0) 2021.06.11
GigaSALES Certification Test  (0) 2021.03.29
Could you please share us the below listed information to proceed further on this case.  (0) 2021.01.25
To set up GRIP successfully, it is advised that you check the inline functions of each HC2 separately.  (0) 2021.01.25
반응형

DefensePro 장비 주로 쓰는 CLI
system logfile : 장비 LOG 확인
system cpu-temp : 장비 CPU 온도 확인
system config immediate : 장비 config 확인
system total-in-traffic-peak : 유입되는 최대 트래픽 확인(Mbps)
system os buffer : Memory 사용량 확인
system hardware temperature-show : DP장비 CPU온도확인(= system cpu-temp)
system internal fans : Fan 상태 확인
system internal port-stats : 가장 최근에 들어오는 트래픽 용량 확인(5초, 30초, 60초)
system sw-version : DP 버전 확인
system utilization cpu : CPU 사용량 확인
system inf-stats : 인터페이스에 들어오는 트래픽량 확인
system license application : DP 라이선스 키 및 MAC address 확인
system device-info : 장비 정보 확인
system date : DP 날짜 및 시간 확인
device static-forwarding-table : Inline 상태 확인
services ntp server-name : NTP 주소 확인
services ntp status : NTP 서버 상태 확인
manage web status : 웹 데몬 상태 확인
net arp table : ARP 테이블 확인
net l2-interface : 포트 링크 상태 확인
net l2-information : 포트 정보 확인
net physical-interface : 포트 Speed, Duplex, Autonego 확인
net route table : 매니지먼트 라우팅 테이블 확인
net ip-interface : 매니지먼터 IP 정보
shutdown : 장비 shutdown
reboot : 장비 rebooting
dp attack-database version : DP 시그니쳐 버전
Apsolute Vision CLI
net ip get : Vision 서버 IP 확인
system hadware status get : FAN 상태 및 온도 확인
system vision-server status : Vision 서버, Reporter 서버 데몬 상태 확인
system version : Vision 서버 버전 확인

 

 

반응형

'업무이야기 > Security' 카테고리의 다른 글

Juniper SRX Policy-Based IPSec VPN  (0) 2021.08.26
Juniper SRX Routed-Based IPSec VPN  (0) 2021.08.26
Juniper SRX request chassis cluster failover redundancy-group  (0) 2021.04.13
IPS (Sniper) 기본 Command  (3) 2021.03.29
Configuration Example – Site-to-site VPN between SRX and Cisco ASA (Policy-based VPN)  (0) 2021.03.16
반응형

Juniper SRX request chassis cluster failover redundancy-group

date_range22-Feb-21

arrow_backward arrow_forward

Syntax

content_copy zoom_out_map

request chassis cluster failover node node-number redundancy-group redundancy-group-number

Description

For chassis cluster configurations, initiate manual failover in a redundancy group from one node to the other, which becomes the primary node, and automatically reset the priority of the group to 255. The failover stays in effect until the new primary node becomes unavailable, the threshold of the redundancy group reaches 0, or you use the request chassis cluster failover reset command.

After a manual failover, you must use the request chassis cluster failover reset command before initiating another failover.

Options

  • node node-number—Number of the chassis cluster node to which the redundancy group fails over.
  • Range: 0 or 1
  • redundancy-group group-number—Number of the redundancy group on which to initiate manual failover. Redundancy group 0 is a special group consisting of the two Routing Engines in the chassis cluster.
  • Range: 0 through 255

Required Privilege Level

maintenance

Output Fields

When you enter this command, you are provided feedback on the status of your request.

Sample Output

request chassis cluster failover redundancy-group

content_copy zoom_out_map

user@host> request chassis cluster failover redundancy-group 0 node 1 {primary:node0} user@host> request chassis cluster failover redundancy-group 0 node 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Initiated manual failover for redundancy group 0

Release Information

Command introduced in Junos OS Release 9.0.

RELATED DOCUMENTATION

 

반응형
저작자표시

'업무이야기 > Security' 카테고리의 다른 글

Juniper SRX Routed-Based IPSec VPN  (0) 2021.08.26
DefensePro CLI  (0) 2021.04.26
IPS (Sniper) 기본 Command  (3) 2021.03.29
Configuration Example – Site-to-site VPN between SRX and Cisco ASA (Policy-based VPN)  (0) 2021.03.16
MonitorAPP 웹방화벽 동작 체크 방법  (0) 2021.01.29
반응형

GigaSALES Certification Test

The "FM" in GigaVUE-FM  stands for______________
Facility Maintenance
Functional Module
Fabric Manager
Frequency Modulation

What solution from Use Case 8: Network Detection and Response would solve a customer's pain of being unable to investigate incidents quickly  enough due to excessive alert fatigue and false positives/negatives?
Intelligent visibility nodes (H Series)
V Series for OpenStack
Gigamon Insight (v)

Who manages the Deal Registration approval process at Gigamon?
Channel Account Manager (CAM)
Regional Vice President (RVP)
Business Development Representative (BDR)
Regional Sales Director (RSD) (v)

All support renewal quotes to the active partner who sold the original purchase or the last renewal will reflect the deal registration discount automatically.
True

In situations where Gigamon has identified an opportunity before it has been registered by a Gigamon Partner (Channel Assist Situations), Gigamon will attempt to award the deal to the incumbent partner.
True

Accelerated threat hunting, investigation, and response is a value driver for Enterprise Security Operations which ___________ Mean Time to Detect (MTTD) and ____________ Mean Time to Respond (MTTR).
Increases, increases
Reduces, increases
Reduces, reduces (v)

To properly identify solid opportunites, we must have a solid understanding of a customer's____________.
Priorities
Budget
Business Problems
Current Environment
Organizational Structure

How long are registrations valid after original approval?
3 months (v)
6 months
9 months
1 year

The Gigamon model can be summarized by the phrase, "See, Secure, and Empower"
True

Which of the following is NOT one of the most expressed customer challenges, or "I want to's"?
I want to maintain security during infrastructure transformation
I want to enhance service provider infrastructure visibility
I want to gain visibility across my entire infrastructure
None of the above (v)

Channel Assist Deal Registration: A deal registration where the partner has identified a viable deal and submitted via the Gigamon Partner Portal for review before Gigamon was aware of the opportunity.
False

Deal Registration may not be combined with other discount or promotions.
True

A Chief Information Officer and a Network Architect would both be primary target prospects of what customer buyer persona?
Enterprise Network and IT Operations (v)
Enterprise Security Operations
Service Provider Network Operations

Some of the major long term consequences posed by ad hoc deployment of security tools include lost time, contention for traffic,  and added complexity.
True

The Gigamon Visibility Platform's benefits can be categorized based on challenges faces by specific teams. Which of the following is NOT one of these teams?
Cloud Operations
Administrative Operations (v)
Enterprise Network IT Operations
Enterprise Security Operations

Which of the following is NOT a defensible differentiator of Gigamon solutions?
One complete platform for access to data anywhere
No interoperability permitted between Gigamon and security vendors (v)
Tangible and prompt return on investment
Market leader in network visibility solutions

What is the target SLA for Deal Registration approvals?
24 hours
1 calendar week
2 business days (v)
5 business days

A prospective Enterprise Network Operations customer claims that low-risk, high-volume traffic is hogging their limited tool capacity leading to reduced visibility and detection. Which use case would this customer pain fall under?
Use Case 4: Encrypted Traffic Management (TLS Decryption)
Use Case 6: Extract network Metadata to Optimize SIEMs
Use Case 7: Leverage Application Intelligence to Optimize Tool Stack

What Catalyst partner levels qualify to register deals? Select all that apply
Elemental
Silver (v)
Gold (v)
Platinum (v)

Which of the following are the characteristics of an ideal Gigamon customer?
Looking to modernize their IT environment (v)
Going through new data center build-outs or network upgrades (v)
Looking to simplify their approach to accessing, controlling, and securing data (v)
Unconcerned about their ability to grow operating budgets in line with the complexity of their environments
Wanting to exploit a new market
Integrating new executive management members

Categorizing an ideal buyer as one of the customer personas is a useful step in qualifying opportunities.
True

In situations where Gigamon has identified an opportunity before any partner has submitted it via the partner portal and Gigamon then brings the deal to a parter - the partner should still submit a Deal Registration.
False

Which of the following are reasons that customers choose Gigamon?
Unique approach to visibility (v)
#1 market share leader in network visibility (v)
Trusted in the most demanding organizations (v)
Technology alliance partner ecosystem (v)
Channel Strategy

Which of the following are major concerns with today's corporate network infrastructure? (Select 3)
Applications distributed across sites (v)
Well-defined boundaries
Unmanaged devices (v)
Rise of digital transformation projects (v)

The most effective way to use the use cases is to identify specific customer needs and focus early conversations on the subset of use cases that can address those needs.
True

 

 

반응형
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon Clustering #2  (0) 2021.06.11
Gigamon Clustering #1  (0) 2021.06.11
Could you please share us the below listed information to proceed further on this case.  (0) 2021.01.25
To set up GRIP successfully, it is advised that you check the inline functions of each HC2 separately.  (0) 2021.01.25
Gigamon ASF (Buffered) Email Attachment Content-Disposition 1000byte & (Unbuffered) Yahoo MSG  (0) 2021.01.20
반응형

Alfred 검색 등록

구글
https://www.google.co.kr/search?q={query}

다음
https://search.daum.net/search?w=tot&DA=YZR&t__nil_searchbox=btn&sug=&sugo=&q={query}

카카오맵
https://map.kakao.com/?nil_profile=title&nil_src=local&q={query}

다음 사전
https://dic.daum.net/search.do?q={query}

다음 쇼핑
https://shoppinghow.kakao.com/search/{query}

네이버
https://search.naver.com/search.naver?sm=top_hty&fbm=1&ie=utf8&query={query}

네이버 쇼핑
https://search.shopping.naver.com/search/all.nhn?query={query}&cat_id=&frm=NVSHATC

 

 

반응형
저작자표시

'업무이야기 > OS' 카테고리의 다른 글

[Linux] CentOS 7 부팅시 자동시작 스크립트 적용  (2) 2024.01.19
[Linux] linux-centos-7-2009 서버에서 NetworkManger bonding 설정에 대한 test 및 옵션 값 확인  (2) 2024.01.19
[MacOS] Mac LaunchPad 사이즈 조절  (0) 2021.01.18
[MacOS] 맥에서 OpenSSL 라이브러리 설치  (1) 2021.01.18
[Linux] NTOPNG 설치 및 구동  (0) 2021.01.15

+ Recent posts

티스토리툴바