728x90

Insert VLAN Tag

# port 1/1/x2 type network
# port 1/1/x6 type tool
# gsgroup alias GS1 port-list 1/5/e1
# gsop alias addVLAN add-header lan 101 port-list GS1
# map alias add_VLAN_example
    # use gsop addVLAN
    # rule add pass Ipver 4
    # from 1/1/x2
    # to 1/1/x6
    # exit
# write memory

728x90
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon Regular GigaStream Configuration  (4) 2024.10.04
How To: Packet capture on Gigamon interface  (7) 2024.10.04
Gigamon HC/TA Series Firmware upgrade via CLI  (72) 2024.10.02
Gigamon Classic Map을 통한 Inline SSL 암복호화 config 샘플  (17) 2024.10.02
Gigamon Precryption  (43) 2024.09.06
728x90

##
## Network interface configuration
##
interface eth0
  no dhcp
  ip address 192.168.1.13 /24
  exit
##
## Network interface IPv6 configuration
##
interface eth0
  no ipv6 dhcp client enable
  exit
##
## Routing configuration
##
ip default-gateway 192.168.1.1 eth0
##
## Other IP configuration
##
hostname HC1
ip domain-list inner
ip name-server 168.126.63.1
##
## Other IPv6 configuration
##
no ipv6 enable
##
## Logging configuration
##
logging 192.168.1.245
logging 192.168.1.245 trap warning
##
## Port level configurations
##
port 1/1/g1 type network
port 1/1/g1 params admin enable
port 1/1/g2 type tool
port 1/1/g2 params admin enable
##
## Gigastream hash configurations
##
gigastream advanced-hash slot 1/cc1 default
##
## Gsgroup configurations
##
gsgroup alias GSHS port-list 1/1/e1
##
## IP Interface configurations
##
ip interface alias IN-VPN
  attach 1/1/g1
  ip address 192.168.1.10 /24
  gw 192.168.1.1
  gsgroup add GSHS
  exit
##
## Gs params configurations
##
gsparams gsgroup GSHS
  cpu utilization type total rising 80
  dedup-action drop
  dedup-ip-tclass include
  dedup-ip-tos include
  dedup-tcp-seq include
  dedup-timer 50000
  dedup-vlan ignore
  diameter-packet timeout 2
  diameter-s6a-session limit 10000
  diameter-s6a-session timeout 30
  eng-watchdog-timer 60
  erspan3-timestamp format none
  flow-mask disable
  flow-sampling-rate 5
  flow-sampling-timeout 1
  flow-sampling-type device-ip
  generic-session-timeout 5
  gtp-control-sample enable
  gtp-flow timeout 48
  gtp-persistence disable
  gtp-persistence file-age-timeout 30
  gtp-persistence interval 10
  gtp-persistence restart-age-time 30
  gtp-randomsample disable
  gtp-randomsample interval 12
  ip-frag forward enable
  ip-frag frag-timeout 10
  ip-frag head-session-timeout 30
  lb failover disable
  lb failover-thres lt-bw 80
  lb failover-thres lt-pkt-rate 1000
  lb replicate-gtp-c disable
  lb use-link-spd-wt disable
  node-role disable
  resource buffer-asf disable
  resource cpu overload-threshold 90
  resource hsm-ssl buffer disable
  resource hsm-ssl packet-buffer 1000
  resource inline-ssl standalone enable
  resource metadata disable
  resource packet-buffer overload-threshold 80
  resource xpkt-pmatch num-flows 0
  session logging level none
  sip-media timeout 30
  sip-nat disable
  sip-session timeout 30
  sip-tcp-idle-timeout 20
  ssl-decrypt decrypt-fail-action drop
  ssl-decrypt enable
  ssl-decrypt hsm-pkcs11 dynamic-object enable
  ssl-decrypt hsm-pkcs11 load-sharing enable
  ssl-decrypt hsm-timeout 1000
  ssl-decrypt key-cache-timeout 10800
  ssl-decrypt non-ssl-traffic drop
  ssl-decrypt pending-session-timeout 60
  ssl-decrypt session-timeout 300
  ssl-decrypt tcp-syn-timeout 20
  ssl-decrypt ticket-cache-timeout 10800
  tunnel-health-check action pass
  tunnel-health-check disable
  tunnel-health-check dstport 54321
  tunnel-health-check interval 600
  tunnel-health-check protocol icmp
  tunnel-health-check rcvport 54321
  tunnel-health-check retries 5
  tunnel-health-check roundtriptime 1
  tunnel-health-check srcport 54321
  xpkt-pmatch disable
  exit
##
## Gsop configurations
##
gsop alias gsope1 strip-header vxlan 0 port-list GSHS
##
## Traffic map connection configurations
##
map alias 01.G2-G1_HS_MAP
  type regular byRule
  roles replace admin to owner_roles
  use gsop gsope1
  rule add pass ipver 4
  rule add pass ipver 6
  to 1/1/g2
  from 1/1/g1
  exit
##
## SNMP configuration
##
no snmp-server host 192.168.1.245 disable
snmp-server host 192.168.1.245 traps port 162 version 2c public

728x90
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon HC Series에서 pcap 받는 방법  (17) 2024.09.05
Gigamon HC Series CLI를 통한 Firmware upgrade  (1) 2024.09.05
Gigamon FM Canvas 사용 시 주의할 점  (1) 2024.08.01
Gigamon FM Canvas Export & Import에 관하여  (0) 2024.08.01
Gigamon Config Backup 및 수정을 통한 Config Restore 방법  (0) 2024.01.18
728x90

NetFlow Generation - CLI

# port 1/1/x5 type tool
# apps net flow record alias NetFlow9_record
    # netflow-version netflow-v9
    # match add ipv4 protocol
    # match add ipv4 source address
    # match add ipv4 destination address
    # match add transport source-port
    # match add transport destination-port
    # collect add counter bytes
    # collect add counter packets
    # collect add transport source-port
    # collect add transport destination-port
    # collect add counter packets
    # collect add timestamp sys-uptime first
    # collect add timestamp sys-uptime last
    # collect add ipv4 protocol
    # collect add ipv4 source address
    # collect add ipv4 destination address
    # exit


# apps net flow exporter alias v9_flows
    # destination ipv4addr 192.168.51.41
    # netflow-version net flow-v9
    # template-refresh-interval 300
    # snap enable
    # transport ump 2055
    # exit
# apps net flow monitor alias GS51 NetFlowMonitor
    # cache timeout active 60
    # cache timeout inactive 900
    # cache timeout event transaction-end
    # exit
# gsgroup alias GS51 port-list 1/5/e1
# tunneled-port 1/1/x5 ip 192.168.51.91 255.255.255.0 gateway 192.168.51.1 mtu 1500 port-list GS51
# tunneled-port 1/1/x5 net flow-exporter add v9_flows


# gsparams gsgroup GS51
    # netflow-monitor add GS51-NetFlowMonitor
    # exit
# gsop alias v9NetFlow flow-ops net flow port-list GS51
# map alias NetFlowExample
    # use gsop v9NetFlow
    # rule add pass Inver 4
    # to 1/1/x5
    # from 1/1/x1
    # exit

 

728x90

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

GigaSMART Packet Slicing  (0) 2019.09.23
Passive SSL Decryption  (0) 2019.09.23
ASF Example : instant messaging  (0) 2019.09.23
Gigamon Password reset :  (0) 2019.09.23
APCon SSL 복호화 및 네트워크 가시성을 위한 솔루션  (0) 2017.08.28

+ Recent posts

티스토리툴바