반응형
SMALL

Gigamon 장비의 통합관리 솔루션인 FM 장비를 업그레이드 하다 보면 가끔식 fmctlMgmtPort가 풀리는(?) 경우가 발생 한다. 이런 경우 FM CLI의 기본 명령어인 fmctl 명령어 실행이 안되게 된다. 이런 경우 당황하지 말고 아래와 같이 해결 하시길 바랍니다.

아래와 같이 fmctl 실행 시 아래와 같은 메시지가 발생 될 경우
$ fmctl
Error: fmctlMgmtPort - no such connection profile.
runfmctl: 2021/05/27 18:30:43 : There is no active NIC to set as the management port
runfmctl: 2021/05/27 18:30:43 : defaulting to 'eth0'
Error: fmctlMgmtPort - no such connection profile.
Error: fmctlMgmtPort - no such connection profile.
Error: fmctlMgmtPort - no such connection profile.
fmctl: there is no UUID for , connection 'fmctlMgmtPort'

조치방법
아래 정보는 예제이며 각 장비의 FM에서 명령어 실행 시 나오는 UUID 정보를 확인 하시기 바랍니다.
$ sudo nmcli conn show
NAME                UUID                                  TYPE      DEVICE
fmctlMgmtPort       5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03ethernet  eth0
fmctlNoRole         4d2000d1-6397-3541-9a78-89190c6d8608  ethernet  --
fmctlNoRole         e99474bf-fafa-4fdf-b11d-3c8add48e373  ethernet  --
Wired connection 1  534bdaea-402f-342a-8b05-11d7b7d86418  ethernet  --
Wired connection 2  b16cb007-0501-3d19-992b-eb6cd3542b47  ethernet  --
Wired connection 3  d1bb8356-a80f-30a8-a3f2-030a850ddd47  ethernet  --

$ sudo nmcli connection modify "해당 MGMT 포트의 UUID" connection.id fmctlMgmtPort
 
$ fmctl 실행 확인

반응형
LIST
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon을 통한 구성 사례  (2) 2024.11.07
SSL VA PoC용 Gigamon Config  (3) 2024.11.06
Gigamon Source port labeling  (31) 2024.10.04
Gigamon Policy (Active Visibility) 항목  (8) 2024.10.04
Gigamon Regular GigaStream Configuration  (4) 2024.10.04
반응형
SMALL

Gigamon 장비 Firmware 업그레이드 방법입니다.

(config) # show images
(config) # show version
(config) # no boot next fallback-reboot enable
(config) # image fetch scp://user:password@192.168.1.25/builds/hdd511xx.img
(config) # image install hdd511xx.img
(config) # show uboot
(config) # uboot install          //안해도 됨
(config) # coreboot install      //안해도 됨
(config) # image boot next
(config) # write mem
(config) # reload
(config) # write mem

# Firmware upload 위치
/var/opt/tms/images/

반응형
LIST
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

How To: Packet capture on Gigamon interface  (7) 2024.10.04
Gigamon Mirror packet에 Vlan Tag 넣기  (7) 2024.10.04
Gigamon Classic Map을 통한 Inline SSL 암복호화 config 샘플  (17) 2024.10.02
Gigamon Precryption  (43) 2024.09.06
GigaVUE Cloud Suite™ Prerequisites - AWS Ports and Protocols | Gigamon Product Clinic #3  (7) 2024.09.06
반응형
SMALL

(config) # show images
(config) # show version
(config) # no boot next fallback-reboot enable
(config) # image fetch scp://user:password@192.168.1.25/builds/hdd511xx.img
(config) # image install hdd511xx.img
(config) # show uboot
(config) # uboot install
(config) # coreboot install
(config) # image boot next
(config) # write mem
(config) # reload
(config) # write mem

HC 장비 image 위치
/var/opt/tms/images/

반응형
LIST
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

GigaVUE Cloud Suite™ Prerequisites - AWS Ports and Protocols | Gigamon Product Clinic #3  (7) 2024.09.06
Gigamon HC Series에서 pcap 받는 방법  (17) 2024.09.05
@cloud에서 Gigamon으로 패킷 전송 config  (2) 2024.09.05
Gigamon FM Canvas 사용 시 주의할 점  (1) 2024.08.01
Gigamon FM Canvas Export & Import에 관하여  (0) 2024.08.01
반응형
SMALL

(config) # show images

(config) # show version

(config) # no boot next fallback-reboot enable

(config) # image fetch scp://user:password@192.168.1.25/builds/hdd511xx.img

(config) # image install hdd511xx.img

(config) # show uboot

(config) # uboot install

(config) # coreboot install

(config) # image boot next

(config) # write mem

(config) # reload

(config) # write mem

 

 

/var/opt/tms/images/

반응형
LIST
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon HC Series의 이중화 및 iSSL에 관하여  (1) 2023.11.15
Gigamon Process 상태 정보 확인 by Rest-API  (0) 2023.07.06
Gigamon DevStack  (0) 2023.07.06
Gigamon Third Party Orchestration  (0) 2023.07.06
Gigamon Basics: Building a Flow Map  (0) 2022.06.13
반응형
SMALL

SRX 설정 방법 (CLI)

설정 확인(operation 모드)
show configuration | display set | match “찾을 문자 또는 숫자”

어드레스 추가(configure 모드)

set security zones security-zone untrust address-book address 222_231_7_233 222.231.7.233/32
set security zones security-zone trust address-book address 2_2_2_2 2.2.2.2/32

어드레스 그룹 추가(configure 모드)

set security zones security-zone untrust address-book address-set 222_231_7_233/222_231_7_234 address 222_231_7_233
set security zones security-zone untrust address-book address-set 222_231_7_233/222_231_7_234 address 218_50_1_87

어드레스 그룹 삭제(해당 그룹에서 특정 IP만 제거)

delete security zones security-zone untrust address-book address-set 1_1_1_1/2_2_2_2 address 1_1_1_1

스케줄 추가(configure 모드)

set schedulers scheduler 2014_07_31_23_59 start-date 2012-08-24.00:00 stop-date 2014-07-31.23:59

서비스 추가

#set applications application tcp_3659 term tcp_3659 protocol tcp
#set applications application tcp_3659 term tcp_3659 source-port 1024-65535
#set applications application tcp_3659 term tcp_3659 destination-port 3659-3659

서비스 그룹 추가

#set applications application-set ping_tcp_3659 application junos-ping
#set applications application-set ping_tcp_3659 application tcp_3659

정책 추가(configure 모드)

set security policies from-zone untrust to-zone trust policy 120824001 match source-address 61_110_18_122
set security policies from-zone untrust to-zone trust policy 120824001 match destination-address 121_254_132_198
set security policies from-zone untrust to-zone trust policy 120824001 match application http_8080
set security policies from-zone untrust to-zone trust policy 120824001 then permit
set security policies from-zone untrust to-zone trust policy 120824001 then log session-close
set security policies from-zone untrust to-zone trust policy 120824001 scheduler-name 2014_07_31_23_59

우선순위 변경(configure 모드)

insert security policies from-zone untrust to-zone trust policy 130115001 before policy 706 (인바운드))

정책 우선순위 확인(operation 모드)

show security policies from-zone untrust to-zone trust
show security policies from-zone trust to-zone untrust

정책 리스트 확인

op policy.xml

Source NAT 추가 (configure 모드)

set security nat source rule-set rs_1 to zone untrust --> 초기생성 시 적용
set security nat source rule-set rs_1 rule rule_14 match source-address 172.30.148.0/24
set security nat source rule-set rs_1 rule rule_14 then source-nat pool pool_14
set security nat source pool pool_14 address 117.52.15.148/32

Destination NAT 추가 (configure 모드)

set security nat destination rule-set dnat_1 from zone untrust
set security nat destination rule-set dnat_1 rule dnat_rule_1 match destination-address 123.123.123.123/32
set security nat destination rule-set dnat_1 rule dnat_rule_1 then destination-nat pool dpool_1
set security nat destination pool dpool_1 address 192.168.10.50/32

dnat port(포트 포워딩)

set security nat destination pool dpool_1 address 192.168.10.50/32
set security nat destination pool dpool_1 address port 80
set security nat destination rule-set dnat_1 from zone untrust
set security nat destination rule-set dnat_1 rule dnat_rule_1 match destination-address 123.123.123.123/32
set security nat destination rule-set dnat_1 rule dnat_rule_1 match destination-port 33890
set security nat destination rule-set dnat_1 rule dnat_rule_1 then destination-nat pool dpool_1

routing 추가 (configure 모드)

set routing-options static route 172.30.148.0/24 next-hop 172.16.20.113

session 확인

show security flow session source-prefix
show security flow session destination-prefix 출발지IP

  • show | compare 로 추가되는 설정 확인 후, commit check로 정상적으로 들어가는지 확인 후 commit 적용 필요~!!!!
    #show | compare
    #commit check
    #commit
    #exit

 

 

반응형
LIST
저작자표시

'업무이야기 > Security' 카테고리의 다른 글

Fortinet FortiSandbox Shell mode  (0) 2021.01.20
Fortinet FortiSandbox Clustering Setting sample  (0) 2021.01.20
Axgate [SSL VPN] Configuration  (5) 2021.01.17
Juniper Firewall Transparent mode config (Example)  (0) 2018.05.08
SRX Syslog config  (0) 2018.05.08
반응형
SMALL

Aruba AP CLI

convert-aos-ap <mode> <controller-IP>
convert-aos-ap RAP 218.36.6.60


Table 1: AP Console Commands
Command
 Description

setenv ipaddr <ipaddr>
 IP address to be assigned to the AP.

setenv netmask <netmaskip>
 Netmask to be assigned to the AP.

setenv gatewayip <ipaddr> IP address of the internet gateway used by the AP.

setenv name <ap name>
Name of the AP.

setenv group <group name> Name of the AP group to which the AP should belong.

setenv master <ipaddr>
 IP address of the AP’s master controller.

setenv serverip <ipaddr>
 IP address of the TFTP server from which the AP can download its boot image.

setenv dnsip <ipaddr>
 IP address of the DNS server used by the AP.

setenv domainname <domain> Domain name used by the AP.

 

반응형
LIST
저작자표시

'업무이야기 > Network' 카테고리의 다른 글

Juniper EX S/W Factory Reset  (0) 2021.01.25
Alteon-5208 Default Config  (0) 2021.01.20
Juniper OSPF & LACP SW#6(EX2300) Configuration Sample  (0) 2021.01.11
Juniper OSPF & LACP SW#5(EX4200) Configuration Sample  (0) 2021.01.11
Juniper OSPF & LACP SW#4(EX4200) Configuration Sample  (0) 2021.01.11
반응형
SMALL

FM5801 CLI

fmctl image
fetch <download URI> [<filename>] list [details] [<filename>]
install <filename> [next|location {1|2}] boot [next|location {1|2}]
delete [force] <filename>
{move|rename} <old filename> <new filename> show
jump-start
{get|show} {ip|ntp|hostname|domain|fqdn}
set ip dhcp
set ip [static] <address/cidr> <gateway> <dns1>[,<dns2>[,...] set ntp {disable|[enable] <server1>[,<server2>[,...]}
set hostname <hostname>
set domain <domain>
set fqdn <hostname> <domain>
set/get/show searchdomains [<domain1>[,<domain2>[,...]]] set/get/show nameservers [<dns1>[,<dns2>[,...]]]
--interface <interface name>



# image fetch <download URI> [<filename>]
fmctl image fetch ftp://robh:xray@192.168.1.10/myconfig
fmctl image fetch scp://bbochy:catch1@192.168.1.75/myconfig newconfig
# image list
fmctl image list
# image install <filename> [next|location {1|2}]
fmctl image install gigamon-gigavue-fm- 5.9.00-160194-trial.img next
fmctl image install gigamon-gigavue-fm- 5.9.00-160194-trial.img location 1
# image boot [next|location {1|2}]
fmctl image boot next
fmctl image boot location 1
# image delete [force] <filename>
fmctl image delete myimage
# image {move|rename} <old filename> <new filename>
fmctl image rename myimage newimage
# image show
fmctl image show
#set mapping <fqdn> <IP address>
fmctl set mapping fm 10.10.10.1
fmctl set mapping fm
# {get|show} {ip|ntp|hostname|domain|fqdn}
fmctl get {ip|ntp|hostname|domain|fqdn}
fmctl show {ip|ntp|hostname|domain|fqdn}

fmctl set ip dhcp
# set ip [static] <address/cidr> <gateway> <dns1>[,<dns2>[,...]
fmctl set ip static 10.115.46.72/21 10.115.40.1 10.10.1.20

fmctl set ntp disable

fmctl set ntp enable 192.168.1.10

fmctl set hostname myfm

fmctl set domain gigamon.com
# set fqdn <hostname> <domain>
fmctl set fqdn myfm gigamon.com

fmctl set searchdomains
fmctl get | show searchdomains

fmctl set nameservers
fmctl get | show nameservers

fmctl --interface eth1 ip dhcp

 

반응형
LIST

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Cluster B  (0) 2020.06.03
Cluster A  (0) 2020.06.03
RestAPI Exemple  (0) 2020.06.03
How To: Packet capture on Gigamon interface  (0) 2020.06.03
AFP, ASF Sample  (0) 2020.01.02
반응형
SMALL
Aruba Controller CLI
 
#show ip interface brief
#show ip route
#show port status
#show license
#aaa user delete all
#show running-config | include adp
#show user
#show user-table
#show ap active
#show ap database
#show ap essid
#show vpdn l2tp local pool
#show ap config ap-group ISD
#show crypto ipsec sa
#show crypto isakmp sa
# show datapath session | include 7.7.7.1
#clear gap-db ap-name AP1
 
Client Match 설정
#configure terminal
(config) # rf arm-profile default
(Adaptive Radio Management Profile "default")#cm-report-interval 30
(Adaptive Radio Management Profile "default")#cm-sticky-check-interval 3
(Adaptive Radio Management Profile "default")#cm-sticky-snr 25
(Adaptive Radio Management Profile "default")#cm-sticky-snr-delta 10
(Adaptive Radio Management Profile "default")#cm-sticky-min-signal 70
(Adaptive Radio Management Profile "default")#cm-steer-timeout 20
(Adaptive Radio Management Profile "default")#cm-lb-thresh 20
(Adaptive Radio Management Profile "default")#cm-stale-age 120
(Adaptive Radio Management Profile "default")#cm-max-steer-fails 5
(Adaptive Radio Management Profile "default")#cm-lb-client-thresh 10

 

(Adaptive Radio Management Profile "default")#cm-lb-snr-thresh 30

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Network' 카테고리의 다른 글

Juniper OSPF & LACP SW#2(EX4200) Configuration Sample  (0) 2021.01.11
Juniper OSPF & LACP SW#1(EX2300) Configuration Sample  (0) 2021.01.11
Aruba Controller 초기 설정  (0) 2018.05.08
pumpkin 스위치보드 firmware update  (0) 2012.10.31
Pumpkin CPU 비정상적인 부하 Issue  (0) 2012.10.31

+ Recent posts

티스토리툴바