반응형
SMALL

Example 12 is an inline flow mapping based solution on GigaVUE-HC2. Example 12 has a single, unprotected inline network, two individual inline tools, a rule-based map (portdst 22) from the inline network to bypass, a rule-based map (portdst 80) from the inline network to the first inline tool, and a shared collector from the inline network to the second inline tool. Traffic that does not match the map rules will be sent to the shared collector, ensuring that all traffic is exchanged between side A and side B of the network.

Step

Description

Command

  1. Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.

(config) # port 7/2/x1 alias iN1
(config) # port iN1 type inline-network
(config) # port iN1 params admin enable

(config) # port 7/2/x20 alias iN2
(config) # port iN2 type inline-network
(config) # port iN2 params admin enable

  1. Configure inline network.

(config) # inline-network alias inNet pair net-a iN1 and net-b iN2

  1. Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 7/2/x2 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 7/2/x15 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

(config) # port 7/2/x3 alias iT3
(config) # port iT3 type inline-tool
(config) # port iT3 params admin enable

(config) # port 7/2/x4 alias iT4
(config) # port iT4 type inline-tool
(config) # port iT4 params admin enable

  1. Configure inline tools and enable them.

(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4

(config) # inline-tool alias inTool1 enable
(config) # inline-tool alias inTool2 enable

  1. Enable default heartbeats.

(config) # inline-tool alias inTool1 heart-beat
(config) # inline-tool alias inTool2 heart-beat

  1. Configure rule-based map, from inline network to bypass.

(config) # map alias inMap3
(config map alias inMap3) # type inline byRule
(config map alias inMap3) # from inNet
(config map alias inMap3) # to bypass
(config map alias inMap3) # rule add pass portdst 22
(config map alias inMap3) # exit
(config) #

  1. Configure rule-based map, from inline network to first inline tool.

(config) # map alias inMap4
(config map alias inMap4) # type inline byRule
(config map alias inMap4) # from inNet
(config map alias inMap4) # to inTool1
(config map alias inMap4) # rule add pass portdst 80
(config map alias inMap4) # exit
(config) #

  1. Add a shared collector, from inline network to second inline tool.

(config) # map-scollector alias scoll3
(config map-scollector alias scoll3) # from inNet
(config map-scollector alias scoll3) # collector inTool2
(config map-scollector alias scoll3) # exit
(config) #

  1. Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool

  1. Display the configuration for this example.

(config) # show inline-tool
(config) # show map

 

반응형
LIST

+ Recent posts