Example 6 is an inline bypass solution on GigaVUE-HC2 for an inline tool series. The inline network is unprotected. The order of the tools and inline tool groups in the tool list defines the order of the series. The map directs the traffic to the series, that is, to the first inline tool or inline tool group in the tool list. Example 6 includes two inline tools in the series and an inline tool group.

Step

Description

Command

1. Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.

(config) # port 3/1/x1 alias iN11
(config) # port iN11 type inline-network
(config) # port iN11 params admin enable

(config) # port 3/1/x2 alias iN12
(config) # port iN12 type inline-network
(config) # port iN12 params admin enable

2. Configure inline network.

(config) # inline-network alias inNet pair net-a iN11 and net-b iN12

3. Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 3/1/x3 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 3/1/x4 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

(config) # port 3/1/x5 alias iT3
(config) # port iT3 type inline-tool
(config) # port iT3 params admin enable

(config) # port 3/1/x6 alias iT4
(config) # port iT4 type inline-tool
(config) # port iT4 params admin enable

(config) # port 3/1/x7 alias iT5
(config) # port iT5 type inline-tool
(config) # port iT5 params admin enable

(config) # port 3/1/x8 alias iT6
(config) # port iT6 type inline-tool
(config) # port iT6 params admin enable

(config) # port 3/1/x9 alias iT7
(config) # port iT7 type inline-tool
(config) # port iT7 params admin enable

(config) # port 3/1/x10 alias iT8
(config) # port iT8 type inline-tool
(config) # port iT8 params admin enable

4. Configure inline tools and enable them.

(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4
(config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6
(config) # inline-tool alias inTool4 pair tool-a iT7 and tool-b iT8

(config) # inline-tool alias inTool1 enable
(config) # inline-tool alias inTool2 enable
(config) # inline-tool alias inTool3 enable
(config) # inline-tool alias inTool4 enable

5. Configure inline tool group and parameters. Enable it and then configure failover action.

(config) # inline-tool-group alias inToolGroup
(config inline-tool-group alias inToolGroup) # tool-list inTool2,inTool3
(config inline-tool-group alias inToolGroup) # enable
(config inline-tool-group alias inToolGroup) # failover-action tool-bypass
(config inline-tool-group alias inToolGroup) # exit
(config) #

6. Configure inline tool series and enable it. Then configure failover action.

(config) # inline-serial alias inSer
(config inline-serial alias inSer) # inline-tool-list inTool1,inToolGroup,inTool4
(config inline-serial alias inSer) # enable
(config inline-serial alias inSer) # failover-action tool-bypass
(config inline-serial alias inSer) # exit
(config) #

7. Configure map passall, from inline network to inline tool series.

(config) # map-passall alias inMap
(config map-passall alias inMap) # from inNet
(config map-passall alias inMap) # to inSer
(config map-passall alias inMap) # exit
(config) #

8. Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool

9. Display the configuration for this example.

(config) # show inline-serial
(config) # show map

Example 5 is an inline bypass solution on GigaVUE-HC2 for an inline tool group with N+1 redundancy. In this example, N=2. The inline network is unprotected. Example 5 expands upon Example 3 by adding a spare to the inline tool group.

Step

Description

Command

1. Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.

(config) # port 3/1/x1 alias iN1
(config) # port iN1 type inline-network
(config) # port iN1 params admin enable

(config) # port 3/1/x2 alias iN2
(config) # port iN2 type inline-network
(config) # port iN2 params admin enable

2. Configure inline network.

(config) # inline-network alias inNet pair net-a iN1 and net-b iN2

3. Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 3/1/x3 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 3/1/x4 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

(config) # port 3/1/x5 alias iT3
(config) # port iT3 type inline-tool
(config) # port iT3 params admin enable

(config) # port 3/1/x6 alias iT4
(config) # port iT4 type inline-tool
(config) # port iT4 params admin enable

(config) # port 3/1/x7 alias iT5
(config) # port iT5 type inline-tool
(config) # port iT5 params admin enable

(config) # port 3/1/x8 alias iT6
(config) # port iT6 type inline-tool
(config) # port iT6 params admin enable

4. Configure inline tools and enable them.

(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4
(config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6

(config) # inline-tool alias inTool1 enable
(config) # inline-tool alias inTool2 enable
(config) # inline-tool alias inTool3 enable

5. Configure inline tool group and parameters. Enable it and then configure failover action.

(config) # inline-tool-group alias inToolGroup
(config inline-tool-group alias inToolGroup) # tool-list inTool1,inTool2
(config inline-tool-group alias inToolGroup) # spare-inline-tool inTool3
(config inline-tool-group alias inToolGroup) # release-spare-if-possible
(config inline-tool-group alias inToolGroup) # hash advanced
(config inline-tool-group alias inToolGroup) # minimum-group-healthy-size 2
(config inline-tool-group alias inToolGroup) # enable
(config inline-tool-group alias inToolGroup) # failover-action tool-bypass
(config inline-tool-group alias inToolGroup) # exit
(config) #

6. Configure map passall, from inline network to inline tool group.

(config) # map-passall alias inMap
(config map-passall alias inMap) # from inNet
(config map-passall alias inMap) # to inToolGroup
(config map-passall alias inMap) # exit
(config) #

7. Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool

8. Display the configuration for this example.

(config) # show inline-tool-group

Example 4 is a protected inline bypass solution using bypass combo modules on GigaVUE-HC2. It also configures heartbeat and negative heartbeat profiles.

Protected inline networks are based on the pairs of ports associated with the physical protection switches located on the bypass combo modules. Unlike the unprotected examples, you do not need to configure inline network ports because they are created automatically. On GigaVUE-HC2, the port pairs are numbered for example: 2/2/x17 and 2/2/x18, 2/2/x19 and 2/2/x20, 2/2/x21 and 2/2/x22, 2/2/x23 and 2/2/x24.

You do not need to configure inline networks because they are also created automatically on bypass combo modules. The aliases of the default inline networks are: default_inline_net_2_2_1, default_inline_net_2_2_2, default_inline_net_2_2_3, default_inline_net_2_2_4.

On GigaVUE-HC3, protected inline bypass can be configured on the bypass combo module on ports c1..c4.

On GigaVUE-HC1, protected inline bypass can be configured on the bypass combo module. It can also be configured on the TAP-HC1-G10040 module placed in either bay 2 or bay 3, so the ports will be 1/2/g1..g8 or 1/3/g1..g8. For an example, refer to Example to Configure Inline Bypass on H Series Nodes.

Note: The default value of the physical-bypass attribute of protected inline networks is set to enable, which means that the fibers attached to ports net-a and net-b of the inline network are optically coupled and the traffic is exchanged between end nodes without coming to the switching fabric of the GigaVUE node. As shown in Example 4, after configuring the inline tool and the map passall, the physical-bypass attribute is set to disable in order to activate the inline-bypass solution.

Step

Description

Command

1. Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 2/2/x11 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 2/2/x12 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

2. Configure heartbeat profile alias.

(config) # hb-profile alias hb2
(config hb-profile alias hb2) # exit
(config) #

3. Configure negative heartbeat profile alias and PCAP file.

(config) # nhb-profile alias nhb1
(config nhb-profile alias nhb1) # custom-packet http://remote/home/hnb.pcap
(config nhb-profile alias nhb1) # exit
(config) #

4. Configure inline tool. Also specify the heartbeat profile, the negative heartbeat profile, enable heartbeat and negative heartbeat, and also enable inline tool.

(config) # inline-tool alias inTool1
(config inline-tool alias inTool1) # pair tool-a iT1 and tool-b iT2
(config inline-tool alias inTool1) # hb-profile hb2
(config inline-tool alias inTool1) # nhb-profile nhb1
(config inline-tool alias inTool1) # heart-beat
(config inline-tool alias inTool1) # negative-heart-beat
(config inline-tool alias inTool1) # enable
(config inline-tool alias inTool1) # exit
(config) #

5. Configure map passall, from inline network to inline tool.

(config) # map-passall alias inMap1
(config map-passall alias inMap1) # from default_inline_net_2_2_1
(config map-passall alias inMap1) # to inTool1
(config map-passall alias inMap1) # exit
(config) #

6. Configure the path of the traffic to inline tool.

(config) # inline-network alias default_inline_net_2_2_1 traffic-path to-inline-tool

7. Disable physical bypass on the default inline network alias.

(config) # inline-network alias default_inline_net_2_2_1 physical-bypass disable

8. Display the configuration for this example.

(config) # show port
(config) # show inline-network
(config) # show inline-tool
(config) # show map
(config) # show hb-profile
(config) # show nhb-profile

Example 3 adds a second inline tool to the unprotected inline bypass solution on GigaVUE-HC2 in Example 1 and creates an inline tool group consisting of two tools. It also configures a custom heartbeat profile.

Step

Description

Command

1. Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.

(config) # port 3/1/x1 alias iN1
(config) # port iN1 type inline-network
(config) # port iN1 params admin enable

(config) # port 3/1/x2 alias iN2
(config) # port iN2 type inline-network
(config) # port iN2 params admin enable

2. Configure inline network.

(config) # inline-network alias inNet pair net-a iN1 and net-b iN2

3. Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 3/1/x3 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 3/1/x4 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

(config) # port 3/1/x5 alias iT3
(config) # port iT3 type inline-tool
(config) # port iT3 params admin enable

(config) # port 3/1/x6 alias iT4
(config) # port iT4 type inline-tool
(config) # port iT4 params admin enable

4. Configure a custom heartbeat profile.

(config) # hb-profile alias hb_custom
(config hb-profile alias hb_custom) # custom-packet http://1.1.1.1/tftpboot/hbpackets/MyHBPacket.pcap
(config hb-profile alias hb_custom) # packet-format custom
(config hb-profile alias hb_custom) # exit
(config) #

5. Configure inline tools and enable them.

(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4

(config) # inline-tool alias inTool1 enable
(config) # inline-tool alias inTool2 enable

6. Specify heartbeat profile and enable heartbeat on each inline tool.

(config) # inline-tool alias inTool1 hb-profile hb_custom
(config) # inline-tool alias inTool2 hb-profile hb_custom
(config) # inline-tool alias inTool1 heart-beat
(config) # inline-tool alias inTool2 heart-beat

7. Configure inline tool group and enable it.

(config) # inline-tool-group alias inToolGroup tool-list inTool1,inTool2
(config) # inline-tool-group alias inToolGroup enable

8. Configure map passall, from inline network to inline tool group.

(config) # map-passall alias inMap
(config map-passall alias inMap) # from inNet
(config map-passall alias inMap) # to inToolGroup
(config map-passall alias inMap) # exit
(config) #

9. Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool

10. Display the configuration for this example.

(config) # show inline-tool-group
(config) # show hb-profile
(config) # show map

Example 2 adds the default heartbeat profile to the unprotected inline bypass solution on GigaVUE-HC2 in Example 1.

Step

Description

Command

1. Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.

(config) # port 3/1/x1 alias iN1
(config) # port iN1 type inline-network
(config) # port iN1 params admin enable

(config) # port 3/1/x2 alias iN2
(config) # port iN2 type inline-network
(config) # port iN2 params admin enable

2. Configure inline network.

(config) # inline-network alias inNet pair net-a iN1 and net-b iN2

3. Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 3/1/x3 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 3/1/x4 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

4. Configure default heartbeat profile.

(config) # hb-profile alias hb1
(config hb-profile alias hb1) # exit
(config) #

5. Configure inline tool and enable it.

(config) # inline-tool alias inTool pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool enable

6. Specify heartbeat profile and enable heartbeat.

(config) # inline-tool alias inTool hb-profile hb1
(config) # inline-tool alias inTool heart-beat

7. Configure map passall, from inline network to inline tool.

(config) # map-passall alias inMap
(config map-passall alias inMap) # from inNet
(config map-passall alias inMap) # to inTool
(config map-passall alias inMap) # exit
(config) #

8. Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool

9. Display the configuration for this example.

(config) # show hb-profile
(config) # show inline-tool

Example 1: Unprotected Inline Bypass

On GigaVUE-HC1, an unprotected inline bypass solution can be configured on the base module, with the inline networks and inline tools on ports 1/1/x1..x12 and
1/1/g1..g4, or on the bypass combo module on ports x1..x4.

Step

Description

Command

1. Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.

(config) # port 3/1/x1 alias iN1
(config) # port iN1 type inline-network
(config) # port iN1 params admin enable

(config) # port 3/1/x2 alias iN2
(config) # port iN2 type inline-network
(config) # port iN2 params admin enable

2. Configure inline network.

(config) # inline-network alias inNet pair net-a iN1 and net-b iN2

3. Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 3/1/x3 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 3/1/x4 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

4. Configure inline tool and enable it.

(config) # inline-tool alias inTool pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool enable

5. Configure map passall, from inline network to inline tool.

(config) # map-passall alias inMap
(config map-passall alias inMap) # from inNet
(config map-passall alias inMap) # to inTool
(config map-passall alias inMap) # exit

6. Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool

7. Display the configuration for this example.

(config) # show port
(config) # show inline-network
(config) # show inline-tool
(config) # show map

AFP, ASF Sample

gigamon-2c013c (config) # sh running-config
##

Running database "initial"

Generated at 2019/12/23 05:23:44 +0000

Software version on which this output was taken: GigaVUE-OS 5.7.01 142718 2019-09-23 23:20:06

##

Port level configurations

##
port 1/1/g1 type network
port 1/1/g2 type network
port 1/1/g3 type network
port 1/1/g4 type network
port 1/1/x1 type hybrid
port 1/1/x1 params admin enable
port 1/1/x2 type network
port 1/1/x2 params admin enable
port 1/1/x3 type tool
port 1/1/x3 params admin enable
port 1/1/x4 type network
port 1/1/x4 params admin enable
port 1/1/x5 type network
port 1/1/x6 type tool
port 1/1/x6 params admin enable
port 1/1/x7 type tool
port 1/1/x7 params admin enable
port 1/1/x8 type tool
port 1/1/x8 params admin enable
port 1/1/x9 type network
port 1/1/x10 type tool
port 1/1/x10 params admin enable
port 1/1/x11 type network
port 1/1/x12 type tool
port 1/1/x12 params admin enable
port 1/2/x1 type network
port 1/2/x2 type network
port 1/2/x3 type network
port 1/2/x4 type network
port 1/2/x5 type inline-net
port 1/2/x5 params admin enable speed 1000
port 1/2/x6 type inline-net
port 1/2/x6 params admin enable speed 1000
port 1/2/x7 type inline-net
port 1/2/x8 type inline-net
port 1/3/g1 type network
port 1/3/g1 params taptx passive
port 1/3/g2 type network
port 1/3/g2 params taptx passive
port 1/3/g3 type network
port 1/3/g3 params taptx passive
port 1/3/g4 type network
port 1/3/g4 params taptx passive
port 1/3/g5 type network
port 1/3/g5 params taptx passive
port 1/3/g6 type network
port 1/3/g6 params taptx passive
port 1/3/g7 type network
port 1/3/g7 params taptx passive
port 1/3/g8 type network
port 1/3/g8 params taptx passive

##

Gigastream hash configurations

##
gigastream advanced-hash slot 1/cc1 default

##

Gigastream configurations

##
gigastream alias T-LB-1
port-list 1/1/x6,1/1/x8 params hash advanced
exit
gigastream alias T-LB-2
port-list 1/1/x10,1/1/x12 params hash advanced
exit

##

SAPF configurations

##
apps asf alias youtube-asf
bi-directional enable
buffer enable
buffer-count-before-match 6
packet-count disable
protocol tcp-udp
sess-field add ipv4-5tuple outer
timeout 15
exit

##

Gsgroup configurations

##
gsgroup alias GS1 port-list 1/1/e1

##

Gs params configurations

##
gsparams gsgroup GS1
cpu utilization type total rising 80
dedup-action drop
dedup-ip-tclass include
dedup-ip-tos include
dedup-tcp-seq include
dedup-timer 50000
dedup-vlan ignore
diameter-packet timeout 2
diameter-s6a-session limit 10000
diameter-s6a-session timeout 30
eng-watchdog-timer 60
erspan3-timestamp format none
flow-mask disable
flow-sampling-rate 5
flow-sampling-timeout 1
flow-sampling-type device-ip
generic-session-timeout 5
gtp-control-sample enable
gtp-flow timeout 48
gtp-persistence disable
gtp-persistence file-age-timeout 30
gtp-persistence interval 10
gtp-persistence restart-age-time 30
gtp-randomsample disable
gtp-randomsample interval 12
ip-frag forward enable
ip-frag frag-timeout 10
ip-frag head-session-timeout 30
lb failover disable
lb failover-thres lt-bw 80
lb failover-thres lt-pkt-rate 1000
lb replicate-gtp-c disable
lb use-link-spd-wt disable
node-role disable
resource buffer-asf 2
resource cpu overload-threshold 90
resource hsm-ssl buffer disable
resource hsm-ssl packet-buffer 1000
resource inline-ssl standalone enable
resource metadata disable
resource packet-buffer overload-threshold 80
resource xpkt-pmatch num-flows 0
session logging level none
sip-media timeout 30
sip-nat disable
sip-session timeout 30
sip-tcp-idle-timeout 20
ssl-decrypt decrypt-fail-action drop
ssl-decrypt enable
ssl-decrypt hsm-pkcs11 dynamic-object enable
ssl-decrypt hsm-pkcs11 load-sharing enable
ssl-decrypt hsm-timeout 1000
ssl-decrypt key-cache-timeout 10800
ssl-decrypt non-ssl-traffic drop
ssl-decrypt pending-session-timeout 60
ssl-decrypt session-timeout 300
ssl-decrypt tcp-syn-timeout 20
ssl-decrypt ticket-cache-timeout 10800
tunnel-health-check action pass
tunnel-health-check disable
tunnel-health-check dstport 54321
tunnel-health-check interval 600
tunnel-health-check protocol icmp
tunnel-health-check rcvport 54321
tunnel-health-check retries 5
tunnel-health-check roundtriptime 1
tunnel-health-check srcport 54321
xpkt-pmatch disable
exit

Gsop configurations

gsop alias youtube-gsop apf set asf set port-list GS1

Vport configurations

vport alias vp1 gsgroup GS1
vport alias vp1 failover-action vport-bypass
vport alias vp1 outer-traffic-path to-inline-tool
vport alias vp1 inner-traffic-path to-inline-tool
vport alias vp1 deferred-binding disable
vport alias vp1 asf profile youtube-asf
vport alias vp1 mmon disable

Inline-network configurations

inline-network alias default_inline_net_1_2_1
pair net-a 1/2/x5 and net-b 1/2/x6
physical-bypass disable
traffic-path bypass
exit

##

Traffic map connection configurations

인라인네트워크에서 특정 포트로 미러패킷을 전달(전체 패킷-rx)

map-passall alias N1-map-source-packet-rx
roles replace admin to owner_roles
to 1/1/x1
from 1/2/x5
exit

인라인네트워크에서 특정 포트로 미러패킷을 전달(전체 패킷-tx)

map-passall alias N1-map-source-packet-tx
roles replace admin to owner_roles
to 1/1/x1
from 1/2/x6
exit

인라인네트워크에서 받은 미러패킷을 버철포트로 전달

map alias All-traffic
type firstLevel byRule
roles replace admin to owner_roles
comment " "
rule add pass macsrc 00:00:00:00:00:00 00:00:00:00:00:00 bidir
to vp1
from 1/1/x1
exit

유투브사이트에서 비디오 플레이 될때 탐지함.

map alias traffic-sapf-youtube
type secondLevel byRule
roles replace admin to owner_roles
use gsop youtube-gsop
gsrule add pass pmatch RegEx youtube|ytimg|yt3.ggpht|tubeMogul|tmogul|googlevideo|tmogulyoutu 0..1460
to 1/1/x3
from vp1
exit

PC에서 시만텍서버와 클라이언트 또는 패턴 업데이트 될때 탐지함.

map alias traffic-sapf-symatec
type secondLevel byRule
roles replace admin to owner_roles
use gsop youtube-gsop
gsrule add pass pmatch RegEx symantec|syma|sep|livet|symant 0..1460
to 1/1/x3
from vp1
exit

번외 - 특정 헥사 코드값 만을 탐지

map alias traffic-sapf-hex
type secondLevel byRule
roles replace admin to owner_roles
comment hex-.ama
use gsop youtube-gsop
gsrule add pass pmatch protocol ipv4 pos 1 RegEx [\x2e\x61\x6d\x61] 0..80
to 1/1/x7
from vp1
exit

The RegEx expression identifies the

SSL handshake type Client Hello patterns and All Buffered packets(TCP) #

pos -> number presenting the occurrence(발생 될 숫자 지정)

HTTPS사이트에 접근하면 탐지

map alias traffic-sapf-https
type secondLevel byRule
roles replace admin to owner_roles
use gsop youtube-gsop
gsrule add pass pmatch protocol tcp pos 1 RegEx \x16\x03.{3}\x01 0..6
to 1/1/x7
from vp1
exit

특정 지정한 패킷(HTTPS,youtube,symatec 등) 외 탐지

map-scollector alias traffice-non-asf
roles replace admin to owner_roles
from vp1
collector T-LB-1
exit

How To: Configure Out of band clustering on H series

Objective
How to get going with Out of Band Clustering: In OOB clustering all the cluster control traffic uses eth0 or eth2 interface depending on the type of the node.
If you have HD & HC devices then you can use either eth0 or eth2 as your cluster control interface (where the control traffic will bet exchange between the nodes)
If you have low end devices like HB & TAxx you have to use only eth0 as your cluster control interface. eth2 is not supported on this platforms.

Environment
H series of nodes
Procedure
Planning
Assign a dedicated IP for the new cluster.
NB: this must be unique and is different to the two mgmt IP's if you are using eth2 interface as your cluster interface

Cluster Details
Name = provide any cluster name could be the combination of letters and numbers (e.g 1007)
ID = provide any cluster name could be the combination of letters and numbers (e.g 1007)
Mgmt IP = x.x.x.x /x (e.g 10.150.56.71/24)

Device A (Master node)
Stack ports = 1/1/x1..x2
Mgmt IP =
Cluster mgmt port = eth2 (for HD & HC devices)
Chassis Serial Number =
Box id = 1

Device B (standby node)
Stack ports = 2/1/x1..x2
Mgmt IP =
Cluster mgmt Port = eth2
Chassis Serial Number
New box id = 2

First, set up the cluster so each box communicates

On device A:
Re-run the Jump-Start script
(config) # config jump-start
...
Step 12: Cluster enable? [no] yes
Step 13: Cluster interface? [eth2]
Step 14: Cluster id (Back-end may take time to proceed)? [default-cluster] 1007
Step 15: Cluster name? [default-cluster] 1007
Step 16: Cluster mgmt IP address and masklen? [0.0.0.0/0] 10.150.56.71/24

#On device B
Change the chassis ID, please note, this will remove any existing configuration, so please take a back up first.
no chassis box-id 1
chassis box-id 2 serial-num <>

#Re-run the Jump-Start script
(config) # config jump-start
...
Step 12: Cluster enable? [no] yes
Step 13: Cluster interface? [eth2]
Step 14: Cluster id (Back-end may take time to proceed)? [default-cluster] 1007
Step 15: Cluster name? [default-cluster] 1007
Step 16: Cluster mgmt IP address and masklen? [0.0.0.0/0] 10.150.56.71/24

Log into VIP Address, the cluster mgmt IP set above.
chassis box-id 1 serial
card all box-id 1

chassis box-id 2 serial
card all box-id 2

Set up cluster stack-links (stack- link is used to send the data traffic between Gigamon nodes)
port 1/1/x1..x2 type stack
gigaStream alias box1-GSstack port 1/1/x1..x2

port 2/1/x1..x2 type stack
gigaStream alias box2-GSstack port 2/1/x1..x2

stack-link alias hc2-hc2 between gigastreams box1-GSstack and box2-GSstack

Additional Notes
please make sure that in an order to form the out of band cluster cluster name, cluster id, cluster interface and software version has to match with other nodes.
please also do not keep the cluster master preference default. for master node keep the cluster master preference higher (100 preferred) and for other nodes you can pick other number between 50 to 99
Verify all by using below commands on each nodes
show version
show cluster config
show cluster global brief

We recommend a clean node before joining existing cluster (reset factory only-traffic)