Example 7—Protected Flexible Inline, Out-of-Band Copy
Example 7 demonstrates a flexible inline map with OOB copy configuration as follows:
• an example of the source as a protected inline network and the destination as a hybrid port
• an example of the source as a tool member in the a-to-b list and the destination as a regular tool port
• an example of the source as a tool member in the a-to-b list and the destination as a GigaStream
Use the following steps to configure Example 7:
Step
Description
Command
1.
Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.
(config) # port 1/3/x1..x4 type inline-tool
(config) # port 1/3/x1..x4 params admin enable
2.
Configure inline tools, specify that the inline tool is going to be shared by different sources, specify heart-beat, and enable inline tools.
(config) # inline-tool alias it1 pair tool-a 1/3/x1 and tool-b 1/3/x2
(config) # inline-tool alias it1 shared true
(config) # inline-tool alias it1 heart-beat
(config) # inline-tool alias it1 enable
(config) # inline-tool alias it2 pair tool-a 1/3/x3 and tool-b 1/3/x4
(config) # inline-tool alias it2 shared true
(config) # inline-tool alias it2 heart-beat
(config) # inline-tool alias it2 enable
3.
Configure hybrid port, port type (hybrid), and administratively enable hybrid port. The flexible inline map will configure out-of-band (OOB) traffic to this hybrid port.
(config) # port 1/3/x19 type hybrid
(config) # port 1/3/x19 params admin enable
4.
Configure regular tool ports, port type (tool), and administratively enable tool ports. The flexible inline map will configure out-of-band (OOB) traffic to a regular tool port. Two other tool ports will be used in a GigaStream.
(config) # port 1/3/x20..x22 type tool
(config) # port 1/3/x20..x22 params admin enable
5.
Create a GigaStream using two of the regular tool ports.
(config) # gigastream alias gs1 port-list 1/3/x21,1/3/x22
6.
Configure the flexible inline map from the default inline network to inline tools in both directions, specify a rule, and a user-defined tag. Then configure out-of-band traffic as follows:
• from a protected inline network to a hybrid port using the same VLAN tag as the flexible inline map
• from the first tool member in the a-to-b list to a regular tool port without a VLAN tag. The tag can be configured to none, because traffic goes to a different destination, it1.
• from the second tool member in the a-to-b list to a GigaStream using the same VLAN tag as the flexible inline map
Finally, enable the map.
(config) # map alias FLEX1
(config map alias FLEX1) # type flexInline byRule
(config map alias FLEX1) # from default_inline_net_1_4_1
(config map alias FLEX1) # rule add pass vlan 500
(config map alias FLEX1) # a-to-b it1,it2
(config map alias FLEX1) # b-to-a same
(config map alias FLEX1) # tag 11
(config map alias FLEX1) # oob-copy from default_inline_net_1_4_1 to 1/3/x19 tag as-inline
(config map alias FLEX1) # oob-copy from it1 to 1/3/x20 tag none
(config map alias FLEX1) # oob-copy from it2 to gs1 tag as-inline
(config map alias FLEX1) # enable
(config map alias FLEX1) # exit
(config) #
7.
Configure the path of the traffic to inline tools.
(config) # inline-network alias default_inline_net_1_4_1 traffic-path to-inline-tool
8.
Disable physical bypass on the default inline network.
(config) # inline-network alias default_inline_net_1_4_1 physical-bypass disable
'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글
| GigaSMART SSL Decryption for Out-of-Band Tools (0) | 2021.01.17 |
|---|---|
| Gigamon Flexible Inline Single Tag Configuration (0) | 2021.01.17 |
| Gigamon Unprotected Flexible Inline, Monitoring Mode (0) | 2021.01.17 |
| Gigamon Unprotected Flexible Inline, Inline Tool Group (0) | 2021.01.17 |
| Gigamon Unprotected Flexible Inline, Rule-Based Map (0) | 2021.01.17 |