'Sample' 태그의 글 목록 (2 Page)

EX4200 OSPF & LACP SW#2

root@SW2# run show configuration | display set
set version 12.3R9.4
set system host-name SW2
set system root-authentication encrypted-password "$1$vcM9OeNk$kg8GieApqxCPRRoYsSEBE/"
set system login user isd uid 1001
set system login user isd class super-user
set system login user isd authentication encrypted-password "$1$q6DRrUnW$6Z8kjfmMnvCL5JCRESE9r."
set system services telnet
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file interface daemon info
set system syslog file interface match "SNMP_TRAP_LINK_UP|SNMP_TRAP_LINK_DOWN"
set chassis aggregated-devices ethernet device-count 4
set chassis alarm management-ethernet link-down ignore
set chassis auto-image-upgrade
set interfaces ge-0/0/0 hold-time up 0
set interfaces ge-0/0/0 hold-time down 500
set interfaces ge-0/0/0 unit 0 family inet address 12.12.12.2/24
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 hold-time up 0
set interfaces ge-0/0/2 hold-time down 500
set interfaces ge-0/0/2 ether-options 802.3ad ae0
set interfaces ge-0/0/3 hold-time up 0
set interfaces ge-0/0/3 hold-time down 500
set interfaces ge-0/0/3 ether-options 802.3ad ae0
set interfaces ge-0/0/4 unit 0 family ethernet-switching
set interfaces ge-0/0/5 unit 0 family ethernet-switching
set interfaces ge-0/0/6 unit 0 family ethernet-switching
set interfaces ge-0/0/7 unit 0 family ethernet-switching
set interfaces ge-0/0/8 unit 0 family ethernet-switching
set interfaces ge-0/0/9 unit 0 family ethernet-switching
set interfaces ge-0/0/10 unit 0 family ethernet-switching
set interfaces ge-0/0/11 unit 0 family ethernet-switching
set interfaces ge-0/0/12 unit 0 family ethernet-switching
set interfaces ge-0/0/13 unit 0 family ethernet-switching
set interfaces ge-0/0/14 unit 0 family ethernet-switching
set interfaces ge-0/0/15 unit 0 family ethernet-switching
set interfaces ge-0/0/16 unit 0 family ethernet-switching
set interfaces ge-0/0/17 unit 0 family ethernet-switching
set interfaces ge-0/0/18 hold-time up 0
set interfaces ge-0/0/18 hold-time down 500
set interfaces ge-0/0/18 unit 0 family inet address 23.23.23.1/24
set interfaces ge-0/0/19 unit 0 family ethernet-switching
set interfaces ge-0/0/20 unit 0 family ethernet-switching
set interfaces ge-0/0/21 unit 0 family ethernet-switching
set interfaces ge-0/0/22 unit 0 family ethernet-switching
set interfaces ge-0/0/23 unit 0 family ethernet-switching
set interfaces ge-0/1/0 unit 0 family ethernet-switching
set interfaces xe-0/1/0 unit 0 family ethernet-switching
set interfaces ge-0/1/1 unit 0 family ethernet-switching
set interfaces xe-0/1/1 unit 0 family ethernet-switching
set interfaces ge-0/1/2 unit 0 family ethernet-switching
set interfaces xe-0/1/2 unit 0 family ethernet-switching
set interfaces ge-0/1/3 unit 0 family ethernet-switching
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 unit 0 family inet address 24.24.24.1/24
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set routing-options forwarding-table export ecmp
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/0/18.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ae0.0 interface-type p2p
set protocols ospf3 area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf3 area 0.0.0.0 interface ge-0/0/18.0 interface-type p2p
set protocols ospf3 area 0.0.0.0 interface lo0.0 passive
set protocols ospf3 area 0.0.0.0 interface ae0.0 interface-type p2p
set protocols igmp-snooping vlan default
set protocols lldp interface all
set protocols lldp-med interface all
set policy-options policy-statement ecmp then load-balance per-packet
set ethernet-switching-options storm-control interface all
set poe interface all

저작자표시

'업무이야기 > Network' 카테고리의 다른 글

Juniper OSPF & LACP SW#4(EX4200) Configuration Sample (0)	2021.01.11
Juniper OSPF & LACP SW#3(EX4200) Configuration Sample (0)	2021.01.11
Juniper OSPF & LACP SW#1(EX2300) Configuration Sample (0)	2021.01.11
Aruba Controller CLI (0)	2018.05.08
Aruba Controller 초기 설정 (0)	2018.05.08

EX2300 OSPF SW#1

root# run show configuration | display set
set version 18.1R3.3
set system host-name SW1
set system auto-snapshot
set system root-authentication encrypted-password "$6$FK6HaYna$XQSYA7w2uEinKCHLLhzBlvYfkbl.PPMzpSLf0N6QumR7o5JPOXEHl2.i7pNV6eYpVwk1oJzpIG6Awk/cBswS9/"
set system login user isd uid 1001
set system login user isd class super-user
set system login user isd authentication encrypted-password "$6$3HkcK3hW$EFdDbLKU0l96FZjjx/w2/iC/eYADMC7Kr4GVRIxQikLb.fGgI8mn92nLYaf9SttFEV1Luy.8NjoJrmWswnxlX/"
set system services telnet
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file interface daemon info
set system syslog file interface match "SNMP_TRAP_LINK_UP|SNMP_TRAP_LINK_DOWN"
set chassis redundancy graceful-switchover
set chassis alarm management-ethernet link-down ignore
set interfaces ge-0/0/0 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/1 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/2 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/3 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/4 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/5 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/6 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/7 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/8 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/9 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/10 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/11 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/12 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/13 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/14 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/15 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/16 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/17 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/18 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/19 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/20 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/21 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/22 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/23 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/24 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/25 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/26 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/27 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/28 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/29 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/30 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/31 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/32 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/33 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/34 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/35 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/36 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/37 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/38 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/39 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/40 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/41 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/42 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/43 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/44 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/45 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/46 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/47 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/1/0 hold-time up 0
set interfaces ge-0/1/0 hold-time down 500
set interfaces ge-0/1/0 unit 0 family inet address 12.12.12.1/24
set interfaces xe-0/1/0 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/1/1 hold-time up 0
set interfaces ge-0/1/1 hold-time down 500
set interfaces ge-0/1/1 unit 0 family inet address 13.13.13.1/24
set interfaces xe-0/1/1 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/1/2 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/1/2 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/1/3 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/1/3 unit 0 family ethernet-switching storm-control default
set interfaces irb unit 0 family inet address 7.7.5.254/24
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set forwarding-options storm-control-profiles default all
set forwarding-options analyzer gm-monitor input ingress interface ge-0/1/0.0
set forwarding-options analyzer gm-monitor input ingress interface ge-0/1/1.0
set forwarding-options analyzer gm-monitor output interface ge-0/0/47.0
set routing-options static route 0.0.0.0/0 next-hop 7.7.5.1
## set routing-options forwarding-table export ecmp
## set routing-options forwarding-table ecmp-fast-reroute
set protocols ospf export redi2ospf
set protocols ospf area 0.0.0.0 interface ge-0/1/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/1/1.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface irb.0 passive
set protocols ospf3 export redi2ospf
set protocols ospf3 area 0.0.0.0 interface ge-0/1/0.0 interface-type p2p
set protocols ospf3 area 0.0.0.0 interface ge-0/1/1.0 interface-type p2p
set protocols ospf3 area 0.0.0.0 interface lo0.0 passive
set protocols ospf3 area 0.0.0.0 interface irb.0 passive
set protocols lldp interface all
set protocols lldp-med interface all
set protocols igmp-snooping vlan default
set policy-options policy-statement ecmp then load-balance per-packet
set policy-options policy-statement redi2ospf from protocol static
set policy-options policy-statement redi2ospf from protocol direct
set policy-options policy-statement redi2ospf then accept
set vlans default vlan-id 1
set vlans default l3-interface irb.0

저작자표시

'업무이야기 > Network' 카테고리의 다른 글

Juniper OSPF & LACP SW#3(EX4200) Configuration Sample (0)	2021.01.11
Juniper OSPF & LACP SW#2(EX4200) Configuration Sample (0)	2021.01.11
Aruba Controller CLI (0)	2018.05.08
Aruba Controller 초기 설정 (0)	2018.05.08
pumpkin 스위치보드 firmware update (0)	2012.10.31

RestAPI Exemple

# Port adminStatus

PATCH /api/v1.3/inventory/ports/1_1_x5?clusterId=10.10.7.154 HTTP/1.1
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4xMjNBISE=
Accept: application/json
Cookie: JSESSIONID=A57C6FF5D57AB34F40EFA3B78D500EE0
Host: 10.10.7.161
Connection: close
User-Agent: Paw/3.1.10 (Macintosh; OS X/10.15.3) GCDHTTPRequest
Content-Length: 84

{
    "portId" : "1/1/x5",
    "portType" : "network",
    "adminStatus" : "down"
}

# PortGroup

POST /api/v1.3/portConfig/portGroups?clusterId=10.10.7.154 HTTP/1.1
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4xMjNBISE=
Accept: */*
Cookie: JSESSIONID=D6825465646B8852DBBE96DA79953683
Host: 10.10.7.161
Connection: close
User-Agent: Paw/3.1.10 (Macintosh; OS X/10.15.3) GCDHTTPRequest
Content-Length: 177

{
    "alias" : "PortG1",
    "ports" : [ "1/1/x6", "1/1/x7", "1/1/x8" ],
    "smartLb" : false,
    "healthState" : "green",
    "clusterId" : "10.10.7.154",
    "tags" : [ ]
}

# Delete PortGroup

DELETE /api/v1.3/portConfig/portGroups/PortG1?clusterId=10.10.7.154
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4xMjNBISE=
Accept: */*
Cookie: JSESSIONID=D6825465646B8852DBBE96DA79953683
Host: 10.10.7.161
Connection: close
User-Agent: Paw/3.1.10 (Macintosh; OS X/10.15.3) GCDHTTPRequest
Content-Length: 167

# Create MAP

POST /api/v1.3/maps?clusterId=10.10.7.154 HTTP/1.1
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4xMjNBISE=
Accept: application/json
Cookie: JSESSIONID=127538AEFA4D24C72B1D7481A3721833
Host: 10.10.7.161
Connection: close
User-Agent: Paw/3.1.10 (Macintosh; OS X/10.15.3) GCDHTTPRequest
Content-Length: 538

{
    "alias" : "sbbaek",
    "type" : "regular",
    "subType" : "byRule",
    "srcPorts" : [ "1/1/x9" ],
    "dstPorts" : [ "1/1/x10" ],
    "rules" : {
      "passRules" : [ {
        "ruleId" : 1,
        "bidi" : true,
        "matches" : [ {
          "type" : "ipVer",
          "value" : "v4"
} ]
     }, {
        "ruleId" : 2,
        "bidi" : true,
        "matches" : [ {
          "type" : "ipVer",
          "value" : "v6"
        } ]
      } ]
    },
    "ruleMatching" : "normal",
    "enable" : true,
    "tags" : [ ]
}

# Delete MAP

DELETE /api/v1.3/maps/sbbaek?clusterId=10.10.7.154 HTTP/1.1
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4xMjNBISE=
Accept: */*
Cookie: JSESSIONID=127538AEFA4D24C72B1D7481A3721833
Host: 10.10.7.161
Connection: close
User-Agent: Paw/3.1.10 (Macintosh; OS X/10.15.3) GCDHTTPRequest
Content-Length: 167

# Add Rule

POST /api/v1.3/maps/isd/rules/pass?clusterId=10.10.7.154 HTTP/1.1
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4xMjNBISE=
Accept: */*
Cookie: JSESSIONID=F6DB53DB7AB04330B3589DFA15871A29
Host: 10.10.7.161
Connection: close
User-Agent: Paw/3.1.10 (Macintosh; OS X/10.15.3) GCDHTTPRequest
Content-Length: 327

        {
          "ruleId": 2,
          "bidi": true,
          "matches": [
            {
              "type": "ip4Dst",
              "value": "1.1.1.2",
              "netMask": "255.255.255.255"
            },
            {
              "type": "portDst",
              "value": 443
            }
          ]
        }

# Create Flexible-inline MAP

POST /api/v1.3/maps?clusterId=10.10.7.154 HTTP/1.1
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4xMjNBISE=
Accept: application/json
Cookie: JSESSIONID=8E2FE8F03710427E5004FC304ED71239
Host: 10.10.7.161
Connection: close
User-Agent: Paw/3.1.10 (Macintosh; OS X/10.15.3) GCDHTTPRequest
Content-Length: 811

{
    "alias" : "WEB",
    "clusterId" : "10.10.7.154",
    "type" : "flexInline",
    "subType" : "byRule",
    "srcPorts" : [ "default_inline_net_1_3_2" ],
    "dstPorts" : [ ],
    "flexInlineFailover" : "bypass",
    "flexInline" : {
      "aToB" : {
        "type" : "tools",
        "tools" : [ "iT1" ]
      },
      "bToA" : {
        "type" : "reverse"
      },
      "tag" : {
        "type" : "auto",
        "vlanId" : 4000
      }
    },
    "rules" : {
      "passRules" : [ {
        "ruleId" : 1,
        "bidi" : true,
        "matches" : [ {
          "type" : "portDst",
          "value" : 80
        } ]
      }, {
        "ruleId" : 2,
        "bidi" : true,
        "matches" : [ {
          "type" : "portDst",
          "value" : 443
        } ]
      } ]
    },
    "enable" : true
  }

# Create Flexible-inline MAP Collector

POST /api/v1.3/maps?clusterId=10.10.7.154 HTTP/1.1
Content-Type: application/json
Authorization: Basic YWRtaW46YWRtaW4xMjNBISE=
Accept: application/json
Cookie: JSESSIONID=8E2FE8F03710427E5004FC304ED71239
Host: 10.10.7.161
Connection: close
User-Agent: Paw/3.1.10 (Macintosh; OS X/10.15.3) GCDHTTPRequest
Content-Length: 1436

{
    "alias" : "Collector",
    "clusterId" : "10.10.7.154",
    "type" : "flexInline",
    "subType" : "collector",
    "srcPorts" : [ "default_inline_net_1_3_2" ],
    "dstPorts" : [ ],
    "flexInlineFailover" : "bypass",
    "flexInline" : {
      "aToB" : {
        "type" : "tools",
        "tools" : [ "iT2" ]
      },
      "bToA" : {
        "type" : "reverse"
      },
      "tag" : {
        "type" : "auto",
        "vlanId" : 3999
      }
    },
    "roles" : {
      "owners" : [ "admin" ],
      "viewers" : [ ],
      "editors" : [ ],
      "listeners" : [ ]
    },
    "enable" : true
  }

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Cluster A (0)	2020.06.03
FM5801 CLI (0)	2020.06.03
How To: Packet capture on Gigamon interface (0)	2020.06.03
AFP, ASF Sample (0)	2020.01.02
GigaSMART De-duplication (0)	2019.09.23

# Fortigate IPS DoS configuration Sample

qvrexhqfw2 $ show ips DoS block_dos
config ips DoS
    edit "block_dos"
            config anomaly
                edit "tcp_syn_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_port_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_sweep"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "ip_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "ip_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
            end
    next
end
qvrexhqfw2 $ sh firewall interface-policy
config firewall interface-policy
    edit 1
        set interface "dmz"
            set srcaddr "all"
            set dstaddr "all"
            set service "ANY"
        set ips-DoS-status enable
        set ips-DoS "block_dos"
    next
end

저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

WEBFRONT SSH PORT 변경 (0)	2012.10.18
Setting up a Policy-Based VPN Tunnel (0)	2012.10.18
Fortigate SSL VPN 설정 샘플 (0)	2012.10.18
Juniper SRX Firewall Password Recovery (0)	2012.03.21
Juniper 인터넷 2회선을 이용한 Load Balancing (0)	2012.02.21

쫑콩아빠의 지금 이 순간...

Sample

Juniper OSPF & LACP SW#2(EX4200) Configuration Sample

'업무이야기 > Network' 카테고리의 다른 글

Juniper OSPF & LACP SW#1(EX2300) Configuration Sample

'업무이야기 > Network' 카테고리의 다른 글

RestAPI Exemple

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Fortigate IPS DoS Test용 configuration Sample

'업무이야기 > Security' 카테고리의 다른 글

+ Recent posts

티스토리툴바