업로드된 Config를 "Apply" 할때 옵션에 "Clear Config" 에 의해 적용시 기존 Config를 Clear 하고 다시 적용하는 방식으로 보임. 따라서 패킷 통신 중에 적용이 될 경우 순단에 대한 Effect 발생 여부에 대해서는 별도로 테스트가 필요함

SAISEI Config

stm1wins# show running_config
#
#
netflow_sender record
no description
no dynamic
max_flow_rate 0
name record
sample_rate 1
no policies
minimum_flow_size 0
no hidden
minimum_flow_duration 0.000
type csv
exit
#
#
ingress_flow_class games
geolocation
no minimum_rate
no next_hop_ases
no dynamic
no maximum_packets
egress_flow_class games
no minimum_total_bytes
no excluded_groups
no threat_level
no capture
no bad_source_internal
no maximum_rate
no final_ases
no bad_source_external
no hidden
initial_rate_plan
no minimum_duration
no description
no applications
minimum_distress 0
name games
no minimum_packets
no maximum_total_bytes
acl
top_host dontcare
no reputation
required_groups games
match_rate_plan
no threat_types
no maximum_duration
exit
ingress_flow_class other
geolocation
no minimum_rate
no next_hop_ases
no dynamic
no maximum_packets
egress_flow_class other
no minimum_total_bytes
no excluded_groups
no threat_level
no capture
no bad_source_internal
no maximum_rate
no final_ases
no bad_source_external
no hidden
initial_rate_plan
no minimum_duration
no description
no applications
minimum_distress 0
name other
no minimum_packets
no maximum_total_bytes
acl
top_host dontcare
no reputation
no required_groups
match_rate_plan
no threat_types
no maximum_duration
exit
ingress_flow_class speedtest
geolocation
no minimum_rate
no next_hop_ases
no dynamic
no maximum_packets
egress_flow_class speedtest
no minimum_total_bytes
no excluded_groups
no threat_level
no capture
no bad_source_internal
no maximum_rate
no final_ases
no bad_source_external
no hidden
initial_rate_plan
no minimum_duration
no description
no applications
minimum_distress 0
name speedtest
no minimum_packets
no maximum_total_bytes
acl
top_host dontcare
no reputation
required_groups speedtest
match_rate_plan
no threat_types
no maximum_duration
exit
ingress_flow_class streaming
geolocation
no minimum_rate
no next_hop_ases
no dynamic
no maximum_packets
egress_flow_class streaming
no minimum_total_bytes
no excluded_groups
no threat_level
no capture
no bad_source_internal
no maximum_rate
no final_ases
no bad_source_external
no hidden
initial_rate_plan
no minimum_duration
no description
no applications
minimum_distress 0
name streaming
no minimum_packets
no maximum_total_bytes
acl
top_host dontcare
no reputation
required_groups streaming
match_rate_plan
no threat_types
no maximum_duration
exit
ingress_flow_class updates
geolocation
no minimum_rate
no next_hop_ases
no dynamic
no maximum_packets
egress_flow_class updates
no minimum_total_bytes
no excluded_groups
no threat_level
no capture
no bad_source_internal
no maximum_rate
no final_ases
no bad_source_external
no hidden
initial_rate_plan
no minimum_duration
no description
no applications
minimum_distress 0
name updates
no minimum_packets
no maximum_total_bytes
acl
top_host dontcare
no reputation
required_groups updates
match_rate_plan
no threat_types
no maximum_duration
exit
ingress_flow_class voip
geolocation
no minimum_rate
no next_hop_ases
no dynamic
no maximum_packets
egress_flow_class voip
no minimum_total_bytes
no excluded_groups
no threat_level
no capture
no bad_source_internal
no maximum_rate
no final_ases
no bad_source_external
no hidden
initial_rate_plan
no minimum_duration
no description
no applications
minimum_distress 0
name voip
no minimum_packets
no maximum_total_bytes
acl
top_host dontcare
no reputation
required_groups voip
match_rate_plan
no threat_types
no maximum_duration
exit
ingress_flow_class Youtube
geolocation
no minimum_rate
no next_hop_ases
no dynamic
no maximum_packets
egress_flow_class Youtube
no minimum_total_bytes
no excluded_groups
no threat_level
no capture
no bad_source_internal
no maximum_rate
no final_ases
no bad_source_external
no hidden
initial_rate_plan
no minimum_duration
no description
applications youtube
minimum_distress 0
name Youtube
no minimum_packets
no maximum_total_bytes
acl Youtube
top_host dontcare
no reputation
no required_groups
match_rate_plan
no threat_types
no maximum_duration
exit
#
#
egress_policy_map external1.any_epm
no description
no dynamic
no hidden
name external1.any_epm
egress_policy games
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class games
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name games
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy other
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class other
no child_equalisation
downstream_cir 0
host_equalisation
shaper_margin 10.0
priority normal
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name other
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy speedtest
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class speedtest
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority override
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name speedtest
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy streaming
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class streaming
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name streaming
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 30.0
exit
egress_policy updates
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class updates
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority background
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name updates
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy voip
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class voip
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name voip
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 10.0
exit
egress_policy Youtube
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class Youtube
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority normal
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name Youtube
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
exit
egress_policy_map external1_epm
no description
no dynamic
no hidden
name external1_epm
egress_policy games
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class games
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name games
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy other
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class other
no child_equalisation
downstream_cir 0
host_equalisation
shaper_margin 10.0
priority normal
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name other
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy speedtest
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class speedtest
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority override
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name speedtest
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy streaming
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class streaming
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name streaming
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 30.0
exit
egress_policy updates
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class updates
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority background
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name updates
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy voip
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class voip
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name voip
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 10.0
exit
egress_policy Youtube
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class Youtube
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority normal
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name Youtube
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
exit
egress_policy_map internal1.any_epm
no description
no dynamic
no hidden
name internal1.any_epm
egress_policy games
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class games
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name games
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy other
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class other
no child_equalisation
downstream_cir 0
host_equalisation
shaper_margin 10.0
priority normal
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name other
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy speedtest
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class speedtest
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority override
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name speedtest
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy streaming
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class streaming
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name streaming
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 30.0
exit
egress_policy updates
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class updates
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority background
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name updates
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy voip
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class voip
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name voip
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 10.0
exit
egress_policy Youtube
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class Youtube
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority normal
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name Youtube
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
exit
egress_policy_map internal1_epm
no description
no dynamic
no hidden
name internal1_epm
egress_policy games
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class games
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name games
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy other
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class other
no child_equalisation
downstream_cir 0
host_equalisation
shaper_margin 10.0
priority normal
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name other
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy speedtest
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class speedtest
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority override
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name speedtest
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy streaming
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class streaming
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name streaming
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 30.0
exit
egress_policy updates
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class updates
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority background
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name updates
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
egress_policy voip
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class voip
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority high
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name voip
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 10.0
exit
egress_policy Youtube
upstream_mir 0
upstream_cir 0
downstream_mir 0
no dynamic
egress_flow_class Youtube
no child_equalisation
downstream_cir 0
no host_equalisation
shaper_margin 10.0
priority normal
no hidden
no description
parent
no rate_multiplier
percent_mir 0.0
no control_peak
name Youtube
no shaped
enabled
secondary_parent
burst_threshold 30
percent_cir 0.0
exit
exit
#
#
management_interface mgmt0
no description
requested_system_interface enp11s0
allowed_subnets 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
no dynamic
pci_address 0000:0b:00.0
no hidden
name mgmt0
exit
#
#
egress_flow_class games
no hidden
no dynamic
no description
name games
exit
egress_flow_class other
no hidden
no dynamic
no description
name other
exit
egress_flow_class speedtest
no hidden
no dynamic
no description
name speedtest
exit
egress_flow_class streaming
no hidden
no dynamic
no description
name streaming
exit
egress_flow_class updates
no hidden
no dynamic
no description
name updates
exit
egress_flow_class voip
no hidden
no dynamic
no description
name voip
exit
egress_flow_class Youtube
no hidden
no dynamic
no description
name Youtube
exit
#
#
parameter_info internal_host_quiet_limit

exit

parameter_info model

exit

#
#
fib fib0
no parent_fib
no description
no dynamic
no permitted_hosts
no hidden
root
name fib0
exit
#
#
ingress_policy_map external1.any_ipm
no description
no dynamic
no hidden
name external1.any_ipm
ingress_policy games
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name games
reverse
ingress_flow_class games
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy other
sequence 9000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name other
reverse
ingress_flow_class other
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy speedtest
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name speedtest
reverse
ingress_flow_class speedtest
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy streaming
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name streaming
reverse
ingress_flow_class streaming
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy updates
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name updates
reverse
ingress_flow_class updates
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy voip
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name voip
reverse
ingress_flow_class voip
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy Youtube
sequence 1000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name Youtube
reverse
ingress_flow_class Youtube
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
exit
ingress_policy_map external1_ipm
no description
no dynamic
no hidden
name external1_ipm
ingress_policy games
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name games
reverse
ingress_flow_class games
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy other
sequence 9000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name other
reverse
ingress_flow_class other
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy speedtest
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name speedtest
reverse
ingress_flow_class speedtest
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy streaming
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name streaming
reverse
ingress_flow_class streaming
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy updates
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name updates
reverse
ingress_flow_class updates
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy voip
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name voip
reverse
ingress_flow_class voip
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy Youtube
sequence 1000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name Youtube
reverse
ingress_flow_class Youtube
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
exit
ingress_policy_map internal1.any_ipm
no description
no dynamic
no hidden
name internal1.any_ipm
ingress_policy games
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name games
reverse
ingress_flow_class games
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy other
sequence 9000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name other
reverse
ingress_flow_class other
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy speedtest
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name speedtest
reverse
ingress_flow_class speedtest
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy streaming
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name streaming
reverse
ingress_flow_class streaming
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy updates
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name updates
reverse
ingress_flow_class updates
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy voip
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name voip
reverse
ingress_flow_class voip
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy Youtube
sequence 1000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name Youtube
reverse
ingress_flow_class Youtube
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
exit
ingress_policy_map internal1_ipm
no description
no dynamic
no hidden
name internal1_ipm
ingress_policy games
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name games
reverse
ingress_flow_class games
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy other
sequence 9000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name other
reverse
ingress_flow_class other
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy speedtest
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name speedtest
reverse
ingress_flow_class speedtest
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy streaming
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name streaming
reverse
ingress_flow_class streaming
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy updates
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name updates
reverse
ingress_flow_class updates
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy voip
sequence 8000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name voip
reverse
ingress_flow_class voip
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
ingress_policy Youtube
sequence 1000
no dynamic
flow_rate_cap 0
no reverse_path_forward
minimum_delay 0.000
no dscp_rewrite
no postprocess
no hidden
policy_route_interface
no maximum_delay
no description
policy_route_address ::
chargeable dontcare
name Youtube
reverse
ingress_flow_class Youtube
ip_protocol_rewrite 0
no drop
enabled
fixed_rate 0
no no_police
exit
exit
#
#
condition 5M_over
no dynamic
no clearing_filter
no clear_attribute_value
no attribute_value
object_class interface
severity minor
script
delay 00:00:05.000
no hidden
no description
no name_filter
clearing_script
no mail_subject
no groups
no mail_address
no mail_body
no attribute_name
name 5M_over
clear_delay 00:00:01.000
no enabled
filter name=internal1,transmit_rate>500|receive_rate>500
no trap
no restore_attribute_value
exit
condition 90M_over
no dynamic
clearing_filter rate<90000
no clear_attribute_value
no attribute_value
object_class interface
severity minor
script
delay 00:01:00.000
no hidden
no description
no name_filter
clearing_script
no mail_subject
no groups
no mail_address
no mail_body
no attribute_name
name 90M_over
clear_delay 00:00:10.000
no enabled
filter receive_rate>90000
no trap
no restore_attribute_value
exit
condition Total_Rate_Monitorintg
no dynamic
no clearing_filter
no clear_attribute_value
no attribute_value
object_class application
severity minor
script
delay 00:00:30.000
no hidden
no description
no name_filter
clearing_script
mail_subject Application Total Rate exceeded 90Mbps
no groups
mail_address taks@w-ins.net
mail_body Application Total Rate exceeded 90Mbps
no attribute_name
name Total_Rate_Monitorintg
clear_delay 00:01:00.000
no enabled
filter total_rate>90000
no trap
no restore_attribute_value
exit
#
#
interface external1
no secondary_addresses
ingress_policy_map external1_ipm
no dynamic
unmatched_efc
outer_interface
no secondary_peer
dhcp_subnet 0.0.0.0/0
no port_forwarders
proxy_arp
requested_direction external
dhcp_default_gw 0.0.0.0
shaper_margin 10.0
rate 500000
state enabled
fib fib0
dhcp_low_range 0.0.0.0
no default_ipv4_gateway
no address_pools
no hidden
type ethernet
parent_efc
no description
dhcp_default_lease_time 00:00:00.000
primary_address ::/0
peer internal1
dhcp_broadcast_addr 0.0.0.0
no control_peak
name external1
shaped
arp_timeout 00:00:00.000
lag_interface
no dhcp_enabled
dhcp_max_lease_time 00:00:00.000
egress_policy_map external1_epm
dhcp_hi_range 0.0.0.0
no flash_led
exit
interface external1.any
no secondary_addresses
ingress_policy_map external1.any_ipm
no dynamic
outer_interface external1
no secondary_peer
dhcp_subnet 0.0.0.0/0
no port_forwarders
proxy_arp
requested_direction external
dhcp_default_gw 0.0.0.0
shaper_margin 10.0
rate 500000
state enabled
fib fib0
dhcp_low_range 0.0.0.0
no default_ipv4_gateway
no address_pools
no hidden
type vlan
parent_efc
unmatched_efc
no description
dhcp_default_lease_time 00:00:00.000
primary_address ::/0
peer internal1.any
dhcp_broadcast_addr 0.0.0.0
no control_peak
name external1.any
shaped
arp_timeout 00:00:00.000
lag_interface
no dhcp_enabled
dhcp_max_lease_time 00:00:00.000
egress_policy_map external1.any_epm
dhcp_hi_range 0.0.0.0
no flash_led
exit
interface internal1
no secondary_addresses
ingress_policy_map internal1_ipm
no dynamic
unmatched_efc
outer_interface
no secondary_peer
dhcp_subnet 0.0.0.0/0
no port_forwarders
proxy_arp
requested_direction internal
dhcp_default_gw 0.0.0.0
shaper_margin 10.0
rate 500000
state enabled
fib fib0
dhcp_low_range 0.0.0.0
no default_ipv4_gateway
no address_pools
no hidden
type ethernet
parent_efc
no description
dhcp_default_lease_time 00:00:00.000
primary_address ::/0
peer external1
dhcp_broadcast_addr 0.0.0.0
no control_peak
name internal1
shaped
arp_timeout 00:00:00.000
lag_interface
no dhcp_enabled
dhcp_max_lease_time 00:00:00.000
egress_policy_map internal1_epm
dhcp_hi_range 0.0.0.0
no flash_led
exit
interface internal1.any
no secondary_addresses
ingress_policy_map internal1.any_ipm
no dynamic
outer_interface internal1
no secondary_peer
dhcp_subnet 0.0.0.0/0
no port_forwarders
proxy_arp
requested_direction internal
dhcp_default_gw 0.0.0.0
shaper_margin 10.0
rate 500000
state enabled
fib fib0
dhcp_low_range 0.0.0.0
no default_ipv4_gateway
no address_pools
no hidden
type vlan
parent_efc
unmatched_efc
no description
dhcp_default_lease_time 00:00:00.000
primary_address ::/0
peer external1.any
dhcp_broadcast_addr 0.0.0.0
no control_peak
name internal1.any
shaped
arp_timeout 00:00:00.000
lag_interface
no dhcp_enabled
dhcp_max_lease_time 00:00:00.000
egress_policy_map internal1.any_epm
dhcp_hi_range 0.0.0.0
no flash_led
exit
#
#
administrator admin
encrypted_password $5$LBLoJGFsTPCf$ucn5TXXMFfMz.IkZtsT9EV/CKXihes1.Qw/pNMdSQ3B
no description
no dynamic
enabled
privilege superuser
no hidden
name admin
exit
administrator FlowCommand
encrypted_password $5$JUV7L/f1T4Y$Pq88P9JaDQN/0ei.vi6LH4rpE9SMHW2EfuKyAcI4q02
no description
no dynamic
enabled
privilege monitor
no hidden
name FlowCommand
exit
administrator sbbaek
encrypted_password $5$B5P5XoWFL4$Fg3pM7xmrS31UPouJZsbZ1Oq4EuzNG.AUb9DL0DrKg4
no description
no dynamic
enabled
privilege superuser
no hidden
name sbbaek
exit
#
#
application youtube
no track_in_history
priority 10000
no short_lived
protocol youtube
no description
no stop_dpi
no drop
no dynamic
server youtube%e|googlevideo.com|googlevideo.c|googlevideo.co
chargeable dontcare
track_users
no location
groups streaming
map_location
no hidden
no ports
no postprocess
name youtube
exit
#
#
group games
no nested_groups
no description
no dynamic
no track_in_history
no hidden
type app
name games
exit
group p2p
no nested_groups
no description
no dynamic
no track_in_history
no hidden
type app
name p2p
exit
group speedtest
no nested_groups
no description
no dynamic
no track_in_history
no hidden
type app
name speedtest
exit
group streaming
no nested_groups
no description
no dynamic
no track_in_history
no hidden
type app
name streaming
exit
group updates
no nested_groups
no description
no dynamic
no track_in_history
no hidden
type app
name updates
exit
group voip
no nested_groups
no description
no dynamic
no track_in_history
no hidden
type app
name voip
exit
#
#
script USER_LISTENER
no interval
no description
no persistent
file_name user_listener.py
no dynamic
no argument
no days
no start_times
no end_time
directory /etc/stmfiles/files/scripts
no hidden
run_on_boot
name USER_LISTENER
exit
#
#
user User-10.10.100.35
description tak
no dynamic
chargeable_bytes_base 0
quota 0
no track_in_history
no location
no groups
map_location
no hidden
name User-10.10.100.35
exit
#
#
acl Youtube
no subnets
no description
no dynamic
no hidden
no ports
name Youtube
exit
#
#
policy games
geolocation
shared_partition
chargeable dontcare
no next_hop_ases
upstream_cir 0
downstream_mir 0
no dynamic
flow_rate_cap 0
no maximum_packets
no maximum_total_bytes
no excluded_groups
acl
host_downstream_mir 0
downstream_cir 0
no minimum_duration
no host_equalisation
no maximum_delay
shaper_margin 10.0
minimum_delay 0.000
sequence 8000
no maximum_rate
priority high
no final_ases
no dscp_rewrite
no minimum_total_bytes
no hidden
no maximum_duration
initial_rate_plan
no ports
no subnets
policy_route_interface
host_upstream_cir 0
no description
parent
attach_to_tunnel
no rate_multiplier
attach_to_interface
no applications
no shaped
groups games
percent_mir 0.0
minimum_distress 0
no minimum_rate
name games
policy_route_address ::
no threat_level
no minimum_packets
no drop
enabled
host_downstream_cir 0
host_upstream_mir 0
attach_to_access_point
top_host dontcare
no reputation
upstream_mir 0
no threat_types
percent_cir 0.0
burst_threshold 30
attach_to_rate_plan
exit
policy other
geolocation
shared_partition
chargeable dontcare
no next_hop_ases
upstream_cir 0
downstream_mir 0
no dynamic
flow_rate_cap 0
no maximum_packets
no maximum_total_bytes
no excluded_groups
acl
host_downstream_mir 0
downstream_cir 0
no minimum_duration
host_equalisation
no maximum_delay
shaper_margin 10.0
minimum_delay 0.000
sequence 9000
no maximum_rate
priority normal
no final_ases
no dscp_rewrite
no minimum_total_bytes
no hidden
no maximum_duration
initial_rate_plan
no ports
no subnets
policy_route_interface
host_upstream_cir 0
no description
parent
attach_to_tunnel
no rate_multiplier
attach_to_interface
no applications
no shaped
no groups
percent_mir 0.0
minimum_distress 0
no minimum_rate
name other
policy_route_address ::
no threat_level
no minimum_packets
no drop
enabled
host_downstream_cir 0
host_upstream_mir 0
attach_to_access_point
top_host dontcare
no reputation
upstream_mir 0
no threat_types
percent_cir 0.0
burst_threshold 30
attach_to_rate_plan
exit
policy p2p
geolocation
shared_partition
chargeable dontcare
no next_hop_ases
upstream_cir 0
downstream_mir 0
no dynamic
flow_rate_cap 0
no maximum_packets
no maximum_total_bytes
no excluded_groups
acl
host_downstream_mir 0
downstream_cir 0
no minimum_duration
host_equalisation
no maximum_delay
shaper_margin 10.0
minimum_delay 0.000
sequence 8000
no maximum_rate
priority normal
no final_ases
no dscp_rewrite
no minimum_total_bytes
no hidden
no maximum_duration
initial_rate_plan
no ports
no subnets
policy_route_interface
host_upstream_cir 0
no description
parent
attach_to_tunnel
no rate_multiplier
attach_to_interface
no applications
no shaped
groups p2p
percent_mir 0.0
minimum_distress 0
no minimum_rate
name p2p
policy_route_address ::
no threat_level
no minimum_packets
no drop
enabled
host_downstream_cir 0
host_upstream_mir 0
attach_to_access_point
top_host dontcare
no reputation
upstream_mir 0
no threat_types
percent_cir 0.0
burst_threshold 30
attach_to_rate_plan
exit
policy speedtest
geolocation
shared_partition
chargeable dontcare
no next_hop_ases
upstream_cir 0
downstream_mir 0
no dynamic
flow_rate_cap 0
no maximum_packets
no maximum_total_bytes
no excluded_groups
acl
host_downstream_mir 0
downstream_cir 0
no minimum_duration
no host_equalisation
no maximum_delay
shaper_margin 10.0
minimum_delay 0.000
sequence 8000
no maximum_rate
priority override
no final_ases
no dscp_rewrite
no minimum_total_bytes
no hidden
no maximum_duration
initial_rate_plan
no ports
no subnets
policy_route_interface
host_upstream_cir 0
no description
parent
attach_to_tunnel
no rate_multiplier
attach_to_interface
no applications
no shaped
groups speedtest
percent_mir 0.0
minimum_distress 0
no minimum_rate
name speedtest
policy_route_address ::
no threat_level
no minimum_packets
no drop
enabled
host_downstream_cir 0
host_upstream_mir 0
attach_to_access_point
top_host dontcare
no reputation
upstream_mir 0
no threat_types
percent_cir 0.0
burst_threshold 30
attach_to_rate_plan
exit
policy streaming
geolocation
shared_partition
chargeable dontcare
no next_hop_ases
upstream_cir 0
downstream_mir 0
no dynamic
flow_rate_cap 0
no maximum_packets
no maximum_total_bytes
no excluded_groups
acl
host_downstream_mir 0
downstream_cir 0
no minimum_duration
no host_equalisation
no maximum_delay
shaper_margin 10.0
minimum_delay 0.000
sequence 8000
no maximum_rate
priority high
no final_ases
no dscp_rewrite
no minimum_total_bytes
no hidden
no maximum_duration
initial_rate_plan
no ports
no subnets
policy_route_interface
host_upstream_cir 0
no description
parent
attach_to_tunnel
no rate_multiplier
attach_to_interface
no applications
no shaped
groups streaming
percent_mir 0.0
minimum_distress 0
no minimum_rate
name streaming
policy_route_address ::
no threat_level
no minimum_packets
no drop
enabled
host_downstream_cir 0
host_upstream_mir 0
attach_to_access_point
top_host dontcare
no reputation
upstream_mir 0
no threat_types
percent_cir 30.0
burst_threshold 30
attach_to_rate_plan
exit
policy updates
geolocation
shared_partition
chargeable dontcare
no next_hop_ases
upstream_cir 0
downstream_mir 0
no dynamic
flow_rate_cap 0
no maximum_packets
no maximum_total_bytes
no excluded_groups
acl
host_downstream_mir 0
downstream_cir 0
no minimum_duration
no host_equalisation
no maximum_delay
shaper_margin 10.0
minimum_delay 0.000
sequence 8000
no maximum_rate
priority background
no final_ases
no dscp_rewrite
no minimum_total_bytes
no hidden
no maximum_duration
initial_rate_plan
no ports
no subnets
policy_route_interface
host_upstream_cir 0
no description
parent
attach_to_tunnel
no rate_multiplier
attach_to_interface
no applications
no shaped
groups updates
percent_mir 0.0
minimum_distress 0
no minimum_rate
name updates
policy_route_address ::
no threat_level
no minimum_packets
no drop
enabled
host_downstream_cir 0
host_upstream_mir 0
attach_to_access_point
top_host dontcare
no reputation
upstream_mir 0
no threat_types
percent_cir 0.0
burst_threshold 30
attach_to_rate_plan
exit
policy voip
geolocation
shared_partition
chargeable dontcare
no next_hop_ases
upstream_cir 0
downstream_mir 0
no dynamic
flow_rate_cap 0
no maximum_packets
no maximum_total_bytes
no excluded_groups
acl
host_downstream_mir 0
downstream_cir 0
no minimum_duration
no host_equalisation
no maximum_delay
shaper_margin 10.0
minimum_delay 0.000
sequence 8000
no maximum_rate
priority high
no final_ases
no dscp_rewrite
no minimum_total_bytes
no hidden
no maximum_duration
initial_rate_plan
no ports
no subnets
policy_route_interface
host_upstream_cir 0
no description
parent
attach_to_tunnel
no rate_multiplier
attach_to_interface
no applications
no shaped
groups voip
percent_mir 0.0
minimum_distress 0
no minimum_rate
name voip
policy_route_address ::
no threat_level
no minimum_packets
no drop
enabled
host_downstream_cir 0
host_upstream_mir 0
attach_to_access_point
top_host dontcare
no reputation
upstream_mir 0
no threat_types
percent_cir 10.0
burst_threshold 30
attach_to_rate_plan
exit
policy Youtube
geolocation
shared_partition
chargeable dontcare
no next_hop_ases
upstream_cir 0
downstream_mir 0
no dynamic
flow_rate_cap 0
no maximum_packets
no maximum_total_bytes
no excluded_groups
acl
host_downstream_mir 0
downstream_cir 0
no minimum_duration
no host_equalisation
no maximum_delay
shaper_margin 10.0
minimum_delay 0.000
sequence 1000
no maximum_rate
priority normal
no final_ases
no dscp_rewrite
no minimum_total_bytes
no hidden
no maximum_duration
initial_rate_plan
no ports
no subnets
policy_route_interface
host_upstream_cir 0
no description
parent
attach_to_tunnel
no rate_multiplier
attach_to_interface
applications youtube
no shaped
no groups
percent_mir 0.0
minimum_distress 0
no minimum_rate
name Youtube
policy_route_address ::
no threat_level
no minimum_packets
no drop
enabled
host_downstream_cir 0
host_upstream_mir 0
attach_to_access_point
top_host dontcare
no reputation
upstream_mir 0
no threat_types
percent_cir 0.0
burst_threshold 30
attach_to_rate_plan
exit
stm1wins#

Juniper EX4200 VLAN Configuration

http://www.juniper.net/techpubs/en_US/junos11.4/topics/task/configuration/bridging-vlans-ex-series-cli.html

Configuring VLANs for EX Series Switches (CLI Procedure)
EX Series switches use VLANs to make logical groupings of network nodes with their own broadcast domains. VLANs limit the traffic flowing across the entire LAN and reduce collisions and packet retransmissions.
Why Create a VLAN?Create a VLAN Using the Minimum ProcedureCreate a VLAN Using All of the OptionsConfiguration Guidelines for VLANs
Why Create a VLAN?
Some reasons to create VLANs are:
A LAN has more than 200 devices.A LAN has a lot of broadcast traffic.A group of clients requires that a higher-than-average level of security be applied to traffic entering or exiting the group's devices.A group of clients requires that the group's devices receive less broadcast traffic than they are currently receiving, so that data speed across the group is increased.
Create a VLAN Using the Minimum Procedure
Two steps are required to create a VLAN:
Uniquely identify the VLAN. You do this by assigning either a name or an ID (or both) to the VLAN. When you assign just a VLAN name, an ID is generated by Junos OS.Assign at least one switch port interface to the VLAN for communication. All interfaces in a single VLAN are in a single broadcast domain, even if the interfaces are on different switches. You can assign traffic on any switch to a particular VLAN by referencing either the interface sending traffic or the MAC addresses of devices sending traffic.
The following example creates a VLAN using only the two required steps. The VLAN is created with the name employee-vlan. Then, three interfaces are assigned to that VLAN so that the traffic is transmitted among these interfaces.

Note: In this example, you could alternatively assign an ID number to the VLAN. The requirement is that the VLAN have a unique ID.
[edit]
set vlans employee-vlan
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members employee-vlan
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members employee-vlan
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members employee-vlan
In the example, all users connected to the interfaces ge-0/0/1, ge-0/0/2, and ge-0/0/3 can communicate with each other, but not with users on other interfaces in this network. To configure communication between VLANs, you must configure a routed VLAN interface (RVI). See Configuring Routed VLAN Interfaces (CLI Procedure).
Create a VLAN Using All of the Options
To configure a VLAN, follow these steps:
In configuration mode, create the VLAN by setting the unique VLAN name:
[edit]
user@switch# set vlans vlan-nameConfigure the VLAN tag ID or VLAN ID range for the VLAN. (If you assigned a VLAN name, you do not have to do this, because a VLAN ID is assigned automatically, thereby associating the name of the VLAN to an ID number. However, if you want to control the ID numbers, you can assign both a name and an ID.)
[edit]
user@switch# set vlans vlan-name vlan-id vlan-id-number
or
[edit]
user@switch# set vlans vlan-name vlan-range (vlan-id-low) - (vlan-id-high)Assign at least one interface to the VLAN:
[edit]
user@switch# set vlans vlan-name interface interface-name

Note: You can also specify that a trunk interface is a member of all the VLANs that are configured on this switch. When a new VLAN is configured on the switch, this trunk interface automatically becomes a member of the VLAN.(Optional) Create a subnet for the VLAN because all computers that belong to a subnet are addressed with a common, identical, most-significant-bit group in their IP address. This makes it easy to identify VLAN members by their IP addresses. To create the subnet for the VLAN:
[edit interfaces]
user@switch# set vlan unit logical-unit-number family inet address ip-address(Optional) Specify the description of the VLAN:
[edit]
user@switch# set vlans vlan-name description text-description(Optional) To avoid exceeding the maximum number of members allowed in a VLAN, specify the maximum time that an entry can remain in the forwarding table before it ages out:
[edit]
user@switch# set vlans vlan-name mac-table-aging-time time(Optional) For security purposes, specify a VLAN firewall filter to be applied to incoming or outgoing packets:
[edit]
user@switch# set vlans vlan-name filter input-or-output filter-name(Optional) For accounting purposes, enable a counter to track the number of times this VLAN is accessed:
[edit]
user@switch# set vlans vlan-name l3-interface ingress-counting l3-interface-nameConfiguration Guidelines for VLANs
Two steps are required to create a VLAN. You must uniquely identify the VLAN and you must assign at least one switch port interface to the VLAN for communication.
After creating a VLAN, all users all users connected to the interfaces assigned to the VLAN can communicate with each other but not with users on other interfaces in the network. To configure communication between VLANs, you must configure a routed VLAN interface (RVI). See Configuring Routed VLAN Interfaces (CLI Procedure) to create an RVI.
The number of VLANs supported per switch varies for each switch type. Use the command set vlans id vlan-id ? to discover the maximum number of VLANs allowed on a switch. You cannot exceed this VLAN limit because each VLAN is assigned an ID number when it is created. You can, however, exceed the recommended VLAN member maximum . To determine the maximum number of VLAN members allowed on a switch, multiply the VLAN maximum obtained using set vlans id vlan-id ? times 8.
If a switch configuration exceeds the recommended VLAN member maximum, you see a warning message when you commit the configuration. If you ignore the warning and commit such a configuration, the configuration succeeds but you run the risk of crashing the Ethernet switching process (eswd) due to memory allocation failure.
Published: 2011-11-04

To set up GRIP successfully, it is advised that you check the inline functions of each HC2 separately.

https://gigamoncp.force.com/partnercommunity/s/article/HC2-GRIP-Configuration-example#loaded

A. Set up Primary without GRIP
a. ensure secondary is wire only (i.e physical bypass = enable)
b. take primary out of bypass, configure all ports and forward inline traffic to inline tool

On secondary: inline-network alias default_inline_net_1_1_4 physical-bypass en

On primary:
port 1/1/x23..x24 params admin enable
port 1/1/x8..x9 type inline-tool
port 1/1/x8..x9 params ad en

inline-network alias default_inline_net_1_1_4 traffic-path to-inline-tool

inline-tool alias IT-01 pair tool-a 1/1/x8 and tool-b 1/1/x9
inline-tool alias IT-01 failover-action tool-bypass
inline-tool alias IT-01 enable
c. Forward traffic to the inline tool for inspection:
map-passall alias IL-to-tool-Grip
from default_inline_net_1_1_4
to IT-01
exit

inline-network alias default_inline_net_1_1_4 physical-bypass disable

Confirm set up on primary using show port params and show port stats

B. Set up Secondary without GRIP
a. Set primary as wire only (i.e physical bypass = enable)
On primary: inline-network alias default_inline_net_1_1_4 physical-bypass en

On secondary:
port 1/1/x23..x24 params admin enable
inline-network alias default_inline_net_1_1_4 traffic-path to-inline-tool

port 1/1/x2..x3 type inline-tool
port 1/1/x2..x3 params ad en
inline-tool alias IT-02 pair tool-a 1/1/x2 and tool-b 1/1/x3
inline-tool alias IT-02 failover-action tool-bypass
inline-tool alias IT-02 enable

map-passall alias IL-to-tool-GripSecondary
from default_inline_net_1_1_4
to IT-02
exit

inline-network alias default_inline_net_1_1_4 physical-bypass disable

Again, confirm configuration by using show port params and show port stats

C. Configure redundancy profiles and signal links.

i. Enable bypass on both
[primary] inline-network alias default_inline_net_1_1_4 physical-bypass en
[secondary] inline-network alias default_inline_net_1_1_4 physical-bypass en

ii. Configure GRIP Redundancy profiles and check signal link
Note: signal link on primary is 1/x7, on secondary, it is x4

Primary:
port 1/1/x7 type stack
port 1/1/x7 params admin en

redundancy-profile alias RP-01
protection-role primary
signaling-port 1/1/x7
exit

Secondary:
port 1/1/x4 type stack
port 1/1/x4 params admin en

redundancy-profile alias RP-02
protection-role secondary
signaling-port 1/1/x4
exit

D. Turn off LFP, Assign Redundancy Profile (RP) to Inline Network ports on both chassis
[primary]
no inline-network alias default_inline_net_1_4_4 lfp en
inline-network alias default_inline_net_1_1_4 physical-bypass disable
inline-network alias default_inline_net_1_1_4 redundancy-profile RP-01
[secondary]
no inline-network alias default_inline_net_1_4_4 lfp en
inline-network alias default_inline_net_1_1_4 physical-bypass disable
inline-network alias default_inline_net_1_1_4 redundancy-profile RP-02
ADDITIONAL NOTES
Once the redundancy profile has been applied, the physical bypass state is controlled by software

Commands for checking status;
[Primary]
show inline-network alias default_inline_net_1_1_4
show port stats p 1/1/x23,1/1/x8,1/1/x9,1/1/x24
show port params p 1/1/x23,1/1/x8,1/1/x9,1/1/x24

[Secondary]
show inline-network alias default_inline_net_1_1_4
show port params p 1/1/x23,1/1/x2,1/1/x3,1/1/x24
show port stats p 1/1/x23,1/1/x2,1/1/x3,1/1/x24

Note: Note that in this example, link fail propagation (LFP) is disabled to reduce inlinennetwork recovery time after failover.
When GRIP is deployed with high availability networks where a second path is present, it is a best practice to leave LFP enabled.

IP Tunnel Receiving End Configuration

port 1/1/x1 type network

port 1/1/x5 type tool

gsgroup alias GS51 port-list 1/5/e1

tunneled-port 1/1/x1 ip 192.168.51.80/24 gateway 192.168.51.1 mtu 9600 port-list GS51

gsop alias Remote2HQtunnel tunnel-recap type grip portdst 8001 port-list GS51

map alias FieldCallCtrDB

# comment "Field Call Center database traffic received at HQ"
# use gsop Remote2HQTunnel
# rule add pass ipsrc 172.16.10.88
# from 1/1/x1
# to 1/1/x5
# exit

IP Tunnel Sending End Configuration

port 1/1/x1 type network

port 1/1/x5 type tool

gsgroup alias GS51 port-list 1/5/e1

tunneled-port 1/1/x5 ip 172.16.10.88/24 gateway 172.16.10.1 mtu 9600 port-list GS51

gsop alias Chicago2HQ tunnel-uncap type gmip porters 8000 protest 8001 ipdst 192.168.51.80 port-list GS51

map alias ChicagoDBtoHQ

# comment "Chicago Call Center Database traffic sent to HQ"
# use gsop Chcago2HQ
# rule add pass porters 1521 bidir
# from 1/1/x1
# to 1/1/x5
# exit

[SSL VPN] Configuration

AxGate# show running-config 
aos v2.1-x86(2.5-r28000)
!
hostname AxGate
!
username change password duration 60
username axroot privilege 15 password 5 8.ktW$kkQKSeYoc1JbA0nWqfQhiLhGIYulzXSPkjZ86cLUZ96
!
clock timezone KST 9 
!
config sync manual 
config sync group ip service time target
config sync signature
config sync parameters
config sync aip
config sync arp-sniff
config sync policy userauth security nat
config sync admin network
config sync l2-tunnel
!
config full-sync exclude ha
config full-sync exclude hostname
config full-sync exclude full-sync
config full-sync exclude sync
config full-sync exclude vrrp
!
healthcheck threshold 600
!
security zone dmz
security zone ssl
security zone trust
security zone untrust
security zone any
!
logging
 console kernel off
 memory system severity informational
 memory audit
 memory session
 memory application
 memory ipsec
 memory anti-ddos
 memory ips
 memory anti-spam
 memory anti-virus
 memory sslvpn
 memory userauth
 file option size 50 alert 7 purge 5
 file system audit session application ipsec anti-ddos ips anti-spam anti-virus sslvpn userauth
!
statistics log at 01:00:00
!
report
 option top count 10
 language html korean
!
arp max-entries 8192
!
ip domain-lookup timeout 1 retry 1
!
ip dhcp server lease-check icmp svpn0
!
ip dhcp pool ssl
 network 50.0.0.0 255.255.255.0
 range 50.0.0.10 50.0.0.50
 classless-routes 7.7.1.10/32 50.0.0.1
 lease 1 0 0
!
ipv6 neighbor max-entries 1024
!
ip igmp max-memberships 20
!
interface lo
 ip address 127.0.0.1/8
!
interface eth0-0
 ip address 10.10.11.116/24
 security-zone untrust
 no shutdown
!
interface eth0-1
 ip address 7.7.2.1/24
 security-zone trust
 no shutdown
!
interface eth0-2
 shutdown
!
interface eth0-3
 shutdown
!
interface eth0-4
 shutdown
!         
interface eth0-5
 shutdown
!
interface eth0-6
 shutdown
!
interface eth0-7
 shutdown
!
interface eth0-8
 shutdown
!
interface eth0-9
 shutdown
!
interface bond0
 bonding mode balance-rr
 bonding link-check miimon 1
 shutdown
!
interface svpn0
 mtu 1426
 sslvpn heartbeat interval 500 threshold 10
 sslvpn proto tcp port 7900 queue 16384
 sslvpn key 1q2w3e
 sslvpn algorithm aes128 aes128
 sslvpn source eth0-0
 ip address 50.0.0.1/24
 security-zone ssl
 no shutdown
!
ip route 0.0.0.0/0 10.10.11.1
ip route 7.7.1.0/24 10.10.11.118
!
security parameters
 no offloading
 control-no3way-timeout
 session-timeout generic 1800
 session-timeout icmp 10
 session-timeout tcp 3600
 session-timeout udp 60
 state-timeout tcp syn-sent 120
 state-timeout tcp syn-recv 60
 state-timeout tcp no3way-est 60
 state-timeout tcp fin-wait 120
 state-timeout tcp close-wait 60
 state-timeout tcp last-ack 30
 state-timeout tcp time-wait 120
 state-timeout tcp reset 3
 session-limit 4500002
 logging firewall
 logging ha session-synced
 logging security-policy expired
 logging nat-policy expired
 logging ipsec
 logging ips
 logging anti-ddos
 logging anti-spam
 logging anti-virus
 logging application
 logging sslvpn
 logging userauth
 accounting firewall
 accounting ips
 accounting anti-ddos
 accounting anti-spam
 accounting anti-virus
 accounting ipsec
 accounting application
 top-statistics update-time 10
 top-statistics topn-count 10
 qos priority queue length 10
 qos priority queue restore-time 10000
 qos priority queue host-lifetime 60
 nat entry-limit 5000
 reference update-time 600
 use-abbreviated-shell
!
security signature timeout connection 10 transaction 60
security signature retry connection 3
security signature code 20
!
ddns
 update-period 600
!
service group acmsoda
 proto tcp sport any dport eq 6969
!
service group ats
 proto tcp sport any dport eq 2201
!
service group avt-profile
 proto tcp sport any dport eq 5004
!
service group bgp
 proto tcp sport any dport eq 179
!
service group blp2
 proto tcp sport any dport eq 8195
!
service group bootpc
 proto udp sport any dport eq 68
!
service group bootps
 proto udp sport any dport eq 67
!
service group dcube(default)
 proto esp
 proto udp sport any dport eq 7900
!
service group dhcpv6-server
 proto tcp sport any dport eq 547
!
service group dns
 proto tcp sport any dport eq 53
 proto udp sport any dport eq 53
!
service group fodms
 proto udp sport any dport eq 7200
!
service group ftp
 proto tcp sport any dport eq 21
!
service group ftps
 proto tcp sport any dport eq 990
!
service group h263-video
 proto tcp sport any dport eq 2979
!
service group h323gatedisc
 proto tcp sport any dport eq 1718
!
service group h323gatestat
 proto tcp sport any dport eq 1719
!
service group h323hostcall
 proto tcp sport any dport eq 1720
!         
service group h323hostcallsc
 proto tcp sport any dport eq 1300
!
service group hostmon
 proto udp sport any dport eq 5355
!
service group hpvipgrp
 proto tcp sport any dport eq 5223
!
service group http
 proto tcp sport any dport eq 80
!
service group https
 proto tcp sport any dport eq 443
!
service group ike
 proto udp sport any dport eq 500
!
service group imap
 proto tcp sport any dport eq 143
 proto tcp sport any dport eq 993
!
service group imaps
 proto tcp sport any dport eq 993
!
service group kerberos
 proto tcp sport any dport eq 88
!
service group kerberos_v5
 proto tcp sport any dport eq 464
!
service group l2tp
 proto udp sport any dport eq 1701
!
service group ldap
 proto tcp sport any dport eq 389
!
service group ldaps
 proto tcp sport any dport eq 636
!
service group mdns
 proto udp sport any dport eq 5353
!
service group mevent
 proto tcp sport any dport eq 7900
!         
service group microsoft-ds
 proto tcp sport any dport eq 445
!
service group mindprintf
 proto tcp sport any dport eq 8033
!
service group mms
 proto tcp sport any dport eq 1755
 proto udp sport any dport eq 1755
!
service group ms-sql
 proto udp sport any dport eq 1434
 proto tcp sport any dport eq 1433
!
service group ms-sql-m
 proto udp sport any dport eq 1434
!
service group ms-sql-s
 proto tcp sport any dport eq 1433
!
service group mysql
 proto tcp sport any dport eq 3306
!         
service group netbios
 proto udp sport any dport multi 137 138 139
!
service group netbios-dgm
 proto udp sport any dport eq 138
!
service group netbios-ns
 proto udp sport any dport eq 137
!
service group netbios-ssn
 proto udp sport any dport eq 139
!
service group ntp
 proto udp sport any dport eq 123
!
service group oracle
 proto tcp sport any dport eq 1521
!
service group oracle-em2
 proto tcp sport any dport eq 1754
!
service group oracle-vp1
 proto tcp sport any dport eq 1809
!
service group oracle-vp2
 proto tcp sport any dport eq 1808
!
service group pharos
 proto tcp sport any dport eq 4443
!
service group pop3
 proto tcp sport any dport eq 110
 proto tcp sport any dport eq 995
!
service group pptp
 proto udp sport any dport eq 1723
!
service group proshare-mc-2
 proto tcp sport any dport eq 1674
!
service group radius-account
 proto tcp sport any dport eq 1813
!
service group radius-auth
 proto tcp sport any dport eq 1812
!         
service group regacy_radius
 proto tcp sport any dport multi 1645 1646
!
service group rsync
 proto tcp sport any dport eq 873
!
service group rtsp
 proto tcp sport any dport eq 554
!
service group sabams
 proto tcp sport any dport eq 2760
!
service group sftp
 proto tcp sport any dport eq 115
!
service group smtp
 proto tcp sport any dport eq 25
!
service group smtps
 proto tcp sport any dport eq 465
!
service group snapp
 proto tcp sport any dport eq 2333
!
service group snmp
 proto udp sport any dport eq 161
!
service group snmptrap
 proto udp sport any dport eq 162
!
service group ssdp
 proto udp sport any dport eq 1900
!
service group ssh
 proto tcp sport any dport eq 22
!
service group stun
 proto udp sport any dport eq 3478
!
service group syslog
 proto udp sport any dport eq 514
!
service group tcslap
 proto tcp sport any dport eq 2869
!
service group telnet
 proto tcp sport any dport eq 23
!
service group teradataordbms
 proto tcp sport any dport eq 8002
!
service group teredo
 proto udp sport any dport eq 3544
!
service group tftp-mcast
 proto tcp sport any dport eq 1758
!
service group unicall
 proto tcp sport any dport eq 4343
!
service group vcom-tunnel
 proto tcp sport any dport eq 8001
!
service group webcache
 proto tcp sport any dport eq 8080
!
service group www
 proto tcp sport any dport eq 80
 proto tcp sport any dport eq 443
!
service group www-ldap-gw
 proto tcp sport any dport eq 1760
!
service group x11-ssh-offset
 proto tcp sport any dport eq 6010
!
service group xmpp-client
 proto tcp sport any dport eq 5222
!
password policy admin
 length 9 16
 character-count upper 1 lower 1 digit 1 special 1
 impossible sequential-count asc 3 same 3 qwerty-right 3
 impossible contain-word id password 6
!
password policy user
 length 9 16
 character-count english 1 digit 1 special 1
!
userauth http port 10444 secure-port 10443
userauth http-install port 4443
userauth factor ip
userauth expire-timeout 24 expire-update delete-timeout 65535 connection-timeout 1
userauth max-connections 1000
userauth server priority local
userauth username mskang password 5 bJoq0$vdlEf8FVv1CqhdC3eFev.L0z0f/dAVUgCrhy3tyrFG7
userauth username test01 password 5 bJo35$EflVN/ufphqDzV8ZS498mrMv93yI9GSE2Vy6AjBJTd5
userauth username test02 password 5 4DmRC$d9M.Cb93m.JZWBFX6mcfuB9wEMJAbFCZiY/w0TzcD8C
userauth group special
userauth group special username mskang
userauth group special username test01
userauth group special username test02
!
application http option url-cache 10000
!
ip userauth policy from ssl to trust 1
 source any
 destination any
 action authenticate
 enable
!
ip userauth policy from ssl to untrust 1
 source any
 destination any
 action authenticate
 enable
!
security policy index 3
!
ip security policy from ssl to trust 10 id 1
 source any
 destination any
 action pass log
 enable
!
ip security policy from ssl to untrust 10 id 3
 source any
 destination any
 tcp-mss 1300
 action pass log
 enable
!
vrrp vmac disable
!
line vty
 exec-timeout 10 0
 telnet port 2333
 ssh port 2222
 http secure-port 4433
 login server request-condition auth-fail
 login server priority local
 login server privilege default monitor
!
end

AxGate#    

EX2300 OSPF SW#6

root@SW6# run show configuration | display set
set version 18.2R3-S4.1
set groups phcd_user_script system scripts op allow-url-for-python
set groups phcd_user_script system scripts language python
set apply-groups phcd_user_script
set system root-authentication encrypted-password "$6$3j/9mf6Z$Q7PfdiLhdbyl8p2NMZHzaJav3dW6N6QQ4AvYwobvDAfZpSh/seAisGmpHrj7uieu/a3mNSk5BJwi3976.79GX0"
set system host-name SW6
set system auto-snapshot
set system services telnet
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file interface daemon info
set system syslog file interface match "SNMP_TRAP_LINK_UP|SNMP_TRAP_LINK_DOWN"
set chassis alarm management-ethernet link-down ignore
set interfaces ge-0/0/0 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/1 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/2 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/3 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/4 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/5 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/6 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/7 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/8 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/9 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/10 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/11 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/12 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/13 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/14 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/15 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/16 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/17 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/18 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/19 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/20 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/21 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/22 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/23 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/24 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/25 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/26 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/27 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/28 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/29 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/30 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/31 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/32 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/33 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/34 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/35 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/36 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/37 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/38 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/39 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/40 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/41 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/42 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/43 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/44 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/45 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/46 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/0/47 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/1/0 hold-time up 0
set interfaces ge-0/1/0 hold-time down 500
set interfaces ge-0/1/0 unit 0 family inet address 46.46.46.2/24
set interfaces xe-0/1/0 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/1/1 hold-time up 0
set interfaces ge-0/1/1 hold-time down 500
set interfaces ge-0/1/1 unit 0 family inet address 56.56.56.2/24
set interfaces xe-0/1/1 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/1/2 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/1/2 unit 0 family ethernet-switching storm-control default
set interfaces ge-0/1/3 unit 0 family ethernet-switching storm-control default
set interfaces xe-0/1/3 unit 0 family ethernet-switching storm-control default
set interfaces irb unit 0 family inet address 7.7.6.1/24
set interfaces lo0 unit 0 family inet address 6.6.6.6/32
set forwarding-options storm-control-profiles default all
set forwarding-options analyzer gm-monitor input ingress interface ge-0/1/0.0
set forwarding-options analyzer gm-monitor input ingress interface ge-0/1/1.0
set forwarding-options analyzer gm-monitor output interface ge-0/0/47.0
## set routing-options forwarding-table export ecmp
## set routing-options forwarding-table ecmp-fast-reroute
set protocols ospf area 0.0.0.0 interface ge-0/1/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/1/1.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface irb.0 passive
set protocols ospf3 area 0.0.0.0 interface ge-0/1/0.0 interface-type p2p
set protocols ospf3 area 0.0.0.0 interface ge-0/1/1.0 interface-type p2p
set protocols ospf3 area 0.0.0.0 interface lo0.0 passive
set protocols ospf3 area 0.0.0.0 interface irb.0 passive
set protocols lldp interface all
set protocols lldp-med interface all
set protocols igmp-snooping vlan default
set policy-options policy-statement ecmp then load-balance per-packet
set vlans default vlan-id 1
set vlans default l3-interface irb.0