728x90
Aruba Controller CLI
 
#show ip interface brief
#show ip route
#show port status
#show license
#aaa user delete all
#show running-config | include adp
#show user
#show user-table
#show ap active
#show ap database
#show ap essid
#show vpdn l2tp local pool
#show ap config ap-group ISD
#show crypto ipsec sa
#show crypto isakmp sa
# show datapath session | include 7.7.7.1
#clear gap-db ap-name AP1
 
Client Match 설정
#configure terminal
(config) # rf arm-profile default
(Adaptive Radio Management Profile "default")#cm-report-interval 30
(Adaptive Radio Management Profile "default")#cm-sticky-check-interval 3
(Adaptive Radio Management Profile "default")#cm-sticky-snr 25
(Adaptive Radio Management Profile "default")#cm-sticky-snr-delta 10
(Adaptive Radio Management Profile "default")#cm-sticky-min-signal 70
(Adaptive Radio Management Profile "default")#cm-steer-timeout 20
(Adaptive Radio Management Profile "default")#cm-lb-thresh 20
(Adaptive Radio Management Profile "default")#cm-stale-age 120
(Adaptive Radio Management Profile "default")#cm-max-steer-fails 5
(Adaptive Radio Management Profile "default")#cm-lb-client-thresh 10

 

(Adaptive Radio Management Profile "default")#cm-lb-snr-thresh 30

 

 

728x90
저작자표시 비영리 변경금지

'업무이야기 > Network' 카테고리의 다른 글

Juniper OSPF & LACP SW#2(EX4200) Configuration Sample  (0) 2021.01.11
Juniper OSPF & LACP SW#1(EX2300) Configuration Sample  (0) 2021.01.11
Aruba Controller 초기 설정  (0) 2018.05.08
pumpkin 스위치보드 firmware update  (0) 2012.10.31
Pumpkin CPU 비정상적인 부하 Issue  (0) 2012.10.31
728x90
 
root@srx# set security log mode stream
root@srx# set security log format sd-syslog
root@srx# set security log source-address 10.10.10.2
root@srx# set security log stream securitylog category all
root@srx# set security log stream securitylog host 10.10.10.1
root@srx# set security log stream securitylog host port 514
 
 
When complete and a 'commit' is executed, and the configuration looks like this:
 
security {
log {
mode stream;
format sd-syslog;
source-address 10.10.10.2;
stream securitylog {
category all;
host {
10.0.10.1;
port 514;
}
}
}
}
set security log mode stream
set security log format sd-syslog
set security log source-address 10.10.10.2
set security log stream securitylog format sd-syslog
set security log stream securitylog category all
set security log stream securitylog host 10.10.10.1

 

set security log stream securitylog host 172.22.154.214 port 514

 

 

 

728x90
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Axgate [SSL VPN] Configuration  (5) 2021.01.17
Juniper Firewall Transparent mode config (Example)  (0) 2018.05.08
Palo Alto Firewall Appliance PA-VM - Useful Commands  (0) 2018.05.08
FortiGate FGSP  (0) 2018.05.08
FortiAnalyzer CLI  (0) 2018.05.08
728x90

Fortigate SIP ALG / Fortinet SIP ALG

FortiOS has two features that can modify the SIP headers and SDP parameters. The first feature is called the “SIP Session Helper”. If you are experiencing one way audio issues disable this feature first, reboot your IP phone then try making another call. If disabling the session helper does not work, disable the SIP ALG as well.

To disable the sip session helper:

1 Enter the following command to find the sip session helper entry in the session-helper list:

show system session-helper

edit 10
set name sip
set port 5060
set protocol 17

2 Enter the following command to delete session-helper list entry number 10 to disable the sip session helper:

config system session-helper
delete 10

To disable the SIP ALG:

There are typically two VOIP profiles on a factory shipped Fortinet firewall. You may need to disable both profiles to fully stop the ALG.

config voip profile
edit VoIP_Pro_2
config sip
set status disable
end
end

See the Fortigate Technical documentation page for further details.

 

 

728x90
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28
FortiAP Configuration  (0) 2015.12.28
FortiGate diagnose CLI  (0) 2015.12.28
FortiGate FGSP  (0) 2015.12.28
728x90

ScreenOS divides its routing component into two virtual routers—untrust-VR and trust-VR. If you have obtained and loaded a virtual router (VR) software key, you can create a new VR. Multiple VRs can exist, but trust-VR is the default.

Additionally, you can set basic parameters for the untrust-VR and trust-VR and for user-defined VRs. When you set parameters for a VR, you can also configure dynamic routing protocols.

If you configure AutoConnect virtual private network (AC-VPN), you must enable Next-Hop Resolution Protocol (NHRP) on the VR.

To Create or Modify a Virtual Router

  1. Enter the required information:

Virtual Router Name: Indicates the name of the VR.

Virtual Router ID: Indicates one of two settings that identify the VR.

Use System Default: Indicates that the IP address of the VR acts as the ID of the routing instance.

Custom: Enables you to set an IP address to identify the virtual routing instance that is different from the default address.

Management VR: Designates this VR as the management virtual router (MGT VR). A MGT VR supports the out-of-band management infrastructure and segments security device management traffic away from production traffic.

Maximum Route Entry: Indicates the upper limit of the number of routes the VR can store in its routing table.

Unlimited: Indicates that the current virtual routing instance has no upper limit for the number of routes it can store in its routing table.

Set Limit At: Enables you to set a specified upper limit for the number of routes the current VR can store in its routing table.

Maximum ECMP Routes: Enables you to set a specified upper limit for the maximum number of equal cost multipath (ECMP) routes that can exist for each protocol and for static routes in a routing table. Specify 2, 3, or 4. Setting the limit enables ECMP routing so that the security device can perform load balancing between ECMP routes.

Route Lookup Preference: Specifies the order in which the VR performs route lookup, if source-based routing or source interface-based routing (SIBR) is enabled in the VR. The VR checks the routing table with the highest preference value first.

For Destination Routing: Assigns a preference value for the destination-based routing table. The default value is 1. Enter a value between 1 and 255.

For Source Based Routing: Assigns a preference value for the source-based routing table. The default value is 2. Enter a value between 1 and 255.

For Source Interface Based Routing: Assigns a preference value for the SIBR routing table. The default value is 3. Enter a value between 1 and 255.

Use default route: (For the trust-VR only) Adds a default route with the specified VR as the next hop.

Shared and accessible by other vsys: Indicates that the root-level local VR is accessible from a virtual system (vsys). The untrust-VR is, by default, shared by all other vsys.

Ignore Subnet Conflict for Interfaces in This VRouter: Directs the VR to ignore overlapping subnet addresses for interfaces in the VR.

Make This VRouterDefault-Vrouter for the System: Sets this VR as the default VR for the vsys. The trust-VR is the default VR for the root system.

Auto Export Route to Untrust-VR: Directs the VR to export public interface routes to the untrust-VR.

Make SNMP Trap Private: (This option is only available for the default root-level VR.) Enables you to make Simple Network Management Protocol (SNMP) traps for the dynamic routing MIBs private for the VR.

Enable Source Based Routing: Enables source based routing on this VR.

Enable Source Interface Based Routing: Enables source interface-based routing on this VR.

Advertise Routes on Inactive Interfaces: Directs the VR to consider active routes on inactive interfaces for advertising.

Permit sync VR configure to NSRP peer: Directs the VR to synchronize its configuration with the VR on its NetScreen Redundancy Protocol (NSRP) peer.

Route Preference: Displays various ways to identify the desirability of a route in the current VR. The lower the value, the more probable the VR will select the route.

Auto Exported: Indicates the level of desirability associated with the decision the current VR makes to select an automatically exported route from other VRs on the network.  

Imported: Indicates the level of desirability associated with the decision the current virtual routing instance makes to select a route imported from another VR on the network.  

EBGP: Indicates the level of desirability associated with the decision the current VR makes to select a route originating from an Exterior Border Gateway Protocol (EBGP) router.

OSPF: Indicates the level of desirability associated with the decision the current VR makes to select a route originating from an Open Shortest Path First (OSPF) router.

RIP/RIPng: Indicates the level of desirability associated with the decision the current VR makes to select a route originating from a Routing Information Protocol (RIP) or a Routing Information Protocol Next Generation (RIPng) router. RIPng is intended only for use in IPv6 networks.

Connected: Indicates the level of desirability associated with the decision the current VR makes to select a route sent from a router that has at least one interface with an IP address assigned to it.

Static: Indicates the level of desirability associated with the decision the current VR makes to select a static or manually configured route.

IBGP: Indicates the level of desirability associated with the decision the current VR makes to select a route originating from an Interior Border Gateway Protocol (IBGP) router.

OSPF External Type 2: Indicates the level of desirability associated with the decision the current VR makes to select OSPF External-Type-2 routes.

  1. Click OK to save your changes and return to the Virtual Router List. Click Apply to continue configuring the VR.

If you clicked Apply, the Dynamic Routing Protocols Support area displays with the following links:

BGP: A link for creating a Border Gateway Protocol (BGP) routing instance. For more information, see Virtual Router BGP Settings.

OSPF: A link for creating an OSPF routing instance. For more information, see OSPF Virtual Router Settings.

RIP: A link for creating a RIP routing instance. For more information, see RIP Virtual Router Settings.

RIPng: A link for creating a RIPng routing instance. For more information, see RIPng Virtual Router Settings.

Next Hop Resolution Protocol (NHRP) Support: If you are configuringAC-VPN,click NHRP Setting to enable NHRP and configure Next Hop Client (NHC) cache entries.

728x90
저작자표시 비영리 변경금지

'업무이야기 > Network' 카테고리의 다른 글

한드림넷 보안스위치 사용자 알림 설정  (0) 2012.07.12
Alteon L4 FWLB Sample  (0) 2012.04.20
Juniper EX-series Switch Password Recovery  (0) 2012.02.17
Alteon config 기본 설정  (2) 2012.02.07
Alteon SLB에서 PIP(Proxy IP) 설정  (1) 2012.02.04
728x90


Eclipse2640 adminstrator configuration Guide는 L3 SAN Switch입니다.

 

2640_adm_config.pdf
다운로드

 

728x90
저작자표시 비영리 변경금지

'업무이야기 > etc' 카테고리의 다른 글

SAISEI Configuration Sample  (1) 2021.03.29
Cluster NAS Gateway(Scaleway)  (1) 2011.11.03
728x90










L4스위치 A Config





 

























L4스위치 B Config

 

 

 

 







 

 

 

 

 





 

 

 

728x90
저작자표시 비영리 변경금지

'업무이야기 > Network' 카테고리의 다른 글

Alteon L4 스위치 기본 설정방법  (0) 2011.12.26
Alteon L4 스위치 VRRP 로 SLB 구성 (Hotstandby)  (0) 2011.12.21
VLAN 과 Trunk  (0) 2011.11.23
Etherchannel Config 설명  (0) 2011.11.23
etherchannel  (0) 2011.11.23
728x90

Piolink L4  전체 설정

 

switch(config)# sh run

Current configuration (ver 3.3.3):

!

configure

!

hostname switch

terminal length 30

terminal timeout 10

mac-ageing 300

!

! Alias setting

!

!

! Port setting

!

port 1 enable

port 1 duplex auto

port 1 speed auto

port 2 enable

port 2 duplex auto

port 2 speed auto

port 3 enable

port 3 duplex auto

port 3 speed auto

port 4 enable

port 4 duplex auto

port 4 speed auto

port 5 enable

port 5 duplex auto

port 5 speed auto

port 6 enable

port 6 duplex auto

port 6 speed auto

port 7 enable

port 7 duplex auto

port 7 speed auto

port 8 enable

port 8 duplex auto

port 8 speed auto

port 9 enable

port 9 duplex full

port 9 speed 10

port 9 mdi-mdix mdi

port 10 enable

port 10 duplex auto

port 10 speed auto

port 11 enable

port 11 duplex auto

port 11 speed auto

port 12 enable

port 12 duplex auto

port 12 speed auto

port 13 enable

port 13 duplex auto

port 13 speed auto

port 14 enable

port 14 duplex auto

port 14 speed auto

port 15 enable

port 15 duplex auto

port 15 speed auto

port 16 enable

port 16 duplex auto

port 16 speed auto

port 17 enable copper

port 17 duplex auto copper

port 17 speed auto copper

port 17 enable fiber

port 17 duplex auto fiber

port 17 speed auto fiber

port 18 enable copper

port 18 duplex auto copper

port 18 speed auto copper

port 18 enable fiber

port 18 duplex auto fiber

port 18 speed auto fiber

!

! Mirroring setting

!

mirroring disable

!

! VLAN setting

!

vlan lan 20

vlan lan up

vlan lan port 1,2,3,4,5,6,7,8 untagged

vlan pvid lan port 1

vlan pvid lan port 2

vlan pvid lan port 3

vlan pvid lan port 4

vlan pvid lan port 5

vlan pvid lan port 6

vlan pvid lan port 7

vlan pvid lan port 8

vlan wan 10

vlan wan up

vlan wan port 9,10 untagged

vlan pvid wan port 9

vlan pvid wan port 10

!

! Trunk setting

!

!

! STP setting

!

!

! IP route & IP DNS setting

!

ip address 192.168.100.1/24 interface mgmt

ip address 203.1.9.129/26 interface lan

ip address 203.1.11.46/30 interface wan

ip route default gateway 203.1.11.45

!

! IP masquerading setting

!

!

! Port-boundary configuration

!

port-boundary 1

  promisc on

  protocol all

  sip 0.0.0.0/0

  dip 0.0.0.0/0

  boundary server

  port 1,2,3,4,5,6,7,8

  enable

  apply

port-boundary 2

  promisc off

  protocol all

  sip 0.0.0.0/0

  dip 0.0.0.0/0

  boundary client

  port 9,10

  enable

  apply

!

! SNMP setting

!

snmp community public

snmp load-timeout 60

snmp disable

!

! RADIUS setting

!

radius

  disable

..

!

! ARP setting

!

!

! Logging setting

!

logging priority all information

logging buffer 200

logging rotate 12:00 sunday

logging server enable

!

! System environment setting

!

proxy-arp disable

passive-proxy-arp enable

compare-src-mac disable

multicast-bridge disable

!

! Router configuration

!

interface lan

  ..

interface wan

  ..

!

!

! SLB configuration

!

! Define SLB service 'slb1'

slb slb1

  priority 50

  sticky 60

  lb-method rr

  vip 203.1.9.130

  vport tcp:80,tcp:53,tcp:9797,tcp:8000,udp:53

  natmode dest-nat

  no session-sync

  enable

  apply

! Define Reals of SLB service 'slb1'

  real 1

    name real1

    rip 203.1.9.131

    rport 0

    weight 1

    max-connection 0

    enable

    apply

  real 2

    name real2

    rip 203.1.9.132

    rport 0

    weight 1

    max-connection 0

    enable

    apply

! Define Healthcheck of SLB service 'slb1'

  health 1

    type tcp

    timeout 3

    interval 5

    retry 3

    recover 0

    port 80

    sip 0.0.0.0

    tip 0.0.0.0

    enable

    apply

  health 2

    type tcp

    timeout 3

    interval 5

    retry 3

    recover 0

    port 53

    sip 0.0.0.0

    tip 0.0.0.0

    enable

    apply

  health 4

    type tcp

    timeout 3

    interval 5

    retry 3

    recover 0

    port 8000

    sip 0.0.0.0

    tip 0.0.0.0

    enable

    apply

  ..

!

!

! Layer7 configuration

!

layer7

  ..

!

!

! L7SLB configuration

!

!

!

! L7CSLB configuration

!

!

!

! FWLB configuration

!

!

!

! CSLB configuration

!

!

!

! Security configuration

!

security

  asymmetric-filtering disable

!

! Security system configuration

!

  system

!

! Security system protection configuration

!

    protection

      synflood disable

      ipspoof disable

      dos dead-timeout 60

      dos alive-timeout 7200

      dosprotect disable

      apply

!

! Security system access policy configuration

!

    access

      default-policy accept

      apply

    ..

!

! Security firewall configuration

!

  firewall

! Security firewall content configuration

! Security firewall content group configuration

! Security firewall filter configuration

! Security firewall filter group configuration

! Security firewall policy configuration

    ..

!

! Advanced security configuration

!

  advanced

!

! Security DoS protection configuration (advanced)

!

    dos

      ..

!

! Security flood control configuration (advanced)

!

!

! Security scan protection configuration (advanced)

!

    scan

      portscan

        weight 21

        delay 300

        highportweight 1

        lowportweight 3

        disable

        ..

      osfingerprinting disable

      interface any

      ..

!

! Security worm protection configuration (advanced)

!

    worm

      ramen disable

      sadmind disable

      nimda disable

      codered disable

      sqlslammer disable

      blaster disable

      welchia disable

      sasser1 disable

      sasser2 disable

      korgo disable

      interface any

      ..

!

! Security spam mail protection configuration (advanced)

!

    mail

      interface any

      searchlimit 0

      ..

!

! Security e-mail worm protection configuration (advanced)

!

    ..

  ..

!

!

!

! QoS configuration

!

qos

  disable

  ..

! End of QoS configuration

! Network Monitoring Status

!

!

! Failover configuration

!

!

end

switch(config)#

 

728x90
저작자표시 비영리 변경금지

'업무이야기 > Network' 카테고리의 다른 글

Etherchannel Config 설명  (0) 2011.11.23
etherchannel  (0) 2011.11.23
[ALTEON] VRRP Hot-Standby 설정예제  (0) 2011.11.14
포트 바운더리(Promisc 설정)  (0) 2011.11.09
Piolink Application Switch 4009  (0) 2011.08.17

+ Recent posts

티스토리툴바