Gigamon GigaVUE-OS HC Series Reference Manual

Table of Contents

Quick Links

Download this manual

GigaVUE-OS CLI

Reference Guide

GigaVUE-OS

Product Version: 6.7

Document Version: 1.0

Last Updated: Tuesday, June 11, 2024

(See Change Notes for document updates.)

Table of Contents

Need help?

Do you have a question about the GigaVUE-OS HC Series and is the answer not in the manual?

Questions and answers

Summary of Contents for Gigamon GigaVUE-OS HC Series

Page 1 GigaVUE-OS CLI Reference Guide GigaVUE-OS Product Version: 6.7 Document Version: 1.0 Last Updated: Tuesday, June 11, 2024 (See Change Notes for document updates.)
Page 2 Gigamon Inc. Trademark Attributions Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal- trademarks.
Page 3: Change Notes
GigaVUE-OS CLI Reference Guide Change Notes When a document is updated, the document version number on the cover page will indicate a new version and will provide a link to this Change Notes table, which will describe the updates. Document Date Updated Change Notes Version...
Page 4 Contents Introducing the GigaVUE-OS Nodes About the GigaVUE HC Series and GigaVUE TA Series GigaVUE-OS® HC Series Features and Benefits The Gigamon Deep Observability Pipeline GigaVUE-OS® HC Series Features and Benefits Module Numbering White Box Port and Faceplate Labeling Introducing the GigaVUE-OS CLI...
Page 5 GigaVUE-OS CLI Reference Guide apps asf apps gtp-backup apps exporter apps metadata exporter apps enhanced-slicing apps enhanced asf apps enhanced-lb apps gtp-whitelist apps hsm apps hsm-group apps icap apps inline-ssl apps keystore apps listener apps netflow apps regrex-profile apps sip-whitelist apps split-dns apps ssl apps ssl-profile...
Page 6 GigaVUE-OS CLI Reference Guide exit fabric advanced-hash file filter-template gigasmart gigastream gigastream advanced-hash gigastream variance-threshold gsgroup gsop gsparams halt hb-profile header-strip help hrot hostname ib-pathway image inline-network inline-network-group inline-serial inline-tool inline-tool-group interface ip interface ipv6 ldap license logging Severity Levels for Logging Commands map rule map gsrule map-group...
Page 7 GigaVUE-OS CLI Reference Guide no traffic notifications ntpdate onie pcap ping ping6 policy port port-group port-pair Use ptp on GigaVUE-TA200 Devices radius-server redundancy-profile reload (reboot) reset serial sffp profile show GigaVUE V Seriesshow sleep snmp-server spine-link stack-link system system-health tacacs-server terminal threshold timestamp...
Page 8 GigaVUE-OS CLI Reference Guide username Access for Read-Only Users Change Passwords Password Policies vport write GigaVUE-OS CLI—Configuration Examples Configure Flow Mapping® How to Create Maps Configure Shared Collector Maps Map Priority Adjust Map Priority Packets Matching Multiple Rules in Same Map Example Port Lists How to Add Comments to Map Rules Mixing Pass and Drop Rules...
Page 9 GigaVUE-OS CLI Reference Guide Controlled GigaStream Configuration Advanced Hashing Weighted GigaStream Configure Ingress and Egress VLAN Ingress Port VLAN Tagging TPID for Ingress Port VLAN Tagging VLAN Tags in Maps Configure Egress Port VLAN Stripping Configure Inline Bypass Solutions Configuration Steps Configure Inline Bypass Examples Configure Inline Bypass Solution on GigaVUE-OS TAP Modules Rules for Inline Bypass on TAP-HC0-G100C0 and TAP-HC1-G10040...
Page 10 GigaVUE-OS CLI Reference Guide GigaSMART GTP Whitelisting and GTP Flow Sampling Examples GigaSMART GTP Overlap Flow Sampling Maps GigaSMART GTP Scaling GigaSMART GTP Stateful Session Recovery GigaSMART SIP/RTP Correlation Configuration of 5G Correlation GigaSMART FlowVUE GigaSMART Adaptive Packet Filtering (APF) GigaSMART Application Session Filtering (ASF) and Buffer ASF GigaSMART NetFlow Generation GigaSMART Load Balancing...
Page 11 CLI limits Maximum Nodes per Cluster CLI limits GigaStream Maximums CLI limits Map Rule Maximums Alias Limitations Additional Sources of Information Documentation How to Download Software and Release Notes from My Gigamon Documentation Feedback Contact Technical Support Contact Sales Premium Support The VÜE Community...
Page 12 GigaVUE-OS CLI Reference Guide Introducing the GigaVUE-OS Nodes This chapter introduces the GigaVUE HC Series Deep Observability Pipeline nodes, describes their features and functions, and provides an orientation to the physical layout of the models. Refer to the following sections for details: About the GigaVUE HC Series and GigaVUE TA Series ■...
Page 13 GigaVUE-OS CLI Reference Guide 1RU Footprint GigaVUE-HC1 ● Two Module Slots (Bays) ● Dedicated Cluster Management ● Port Supports all GigaVUE-HC1 ● Modules Cluster with HC Series and ● TA Series Nodes All ports, excluding BPS ports, of ● same type and speed can be used to create GigaStream.
Page 14 GigaVUE-OS CLI Reference Guide 1RU and half rack width system GigaVUE-HCT ● One Module Slot (Bay) and one ● Fixed Base Module 2 x 100Gb/40G bconnectivity ● Supports Flex Inline in ● unprotected ports with 40Gb/100Gb/4x10G/4x25G speed Nodes. Cluster with HC Series and ●...
Page 15 GigaVUE-OS CLI Reference Guide 2RU Footprint GigaVUE-TA200 ● 64 x 100Gb/40Gb ports, hot ● swappable fan modules Optional patch or breakout panel ● support Cluster with HC Series and ● TA Series Nodes. 2RU Footprint GigaVUE-TA200E ● 64 x QSFP28 ports (40G/100G), ●...
Page 16 You can think of the Deep Observability Pipeline as a data socket that provides immediate access for ad hoc tool deployment without impact to the production network. Gigamon’s Deep Observability Pipeline nodes accommodate the growing number of network monitoring tools and network security tools.
Page 17 Manage the operations of theGigaVUE HC Series node using GigaVUE-FM, Management Gigamon’s simple but powerful Web-based interface for GigaVUE HC Series nodes. GigaVUE-FM makes it easy to set up Flow Mapping, allowing you to see at a glance which network ports are delivering which packets to individual tool ports.
Page 18: Command
Role-Based Access Role-based access makes it easy to share the Gigamon Deep Observability Pipeline between different groups of users with different needs. Administrators can assign egress ports to different groups of users. Users can then select the traffic they need to see from shared ingress ports.
Page 19 GigaVUE-OS CLI Reference Guide Numbered with a leading C. For example, the SMT-HC3-C05 100Gb Ports includes five 100Gb ports C1 to C5. Numbered with a leading Q. For example, the PRT-HC0-Q06 40Gb Ports includes 40Gb ports Q1 to Q6. Numbered with a leading X. For example, the PRT-HC3-X24 25Gb/10Gb/1Gb includes twenty-four 25Gb ports X1 to X24.
Page 20 GigaVUE-OS CLI Reference Guide +---+---+---+ +---+---+---+ +---+---+ GigaVUE-OS Faceplate Numbering: +---+---+---+ +---+---+---+ +---+---+ | x1| x3| x5| ... |x43|x45|x47| | q1| q3| +---+---+---+ +---+---+---+ +---+---+ | x2| x4| x6| ... |x44|x46|x48| | q2| q4| +---+---+---+ +---+---+---+ +---+---+ Legend ------ x1..x48 : 10G ports q1..q4 : 40G ports Use the following CLI command to display the mapping of the faceplate port number to the GigaVUE-OS port number:...
Page 21: Accessing The Command-Line Interface
GigaVUE-OS CLI Reference Guide Introducing the GigaVUE-OS CLI This chapter introduces the GigaVUE HC Series command-line interface, the GigaVUE-OS, including basic techniques for entering commands and a summary of the available commands. Refer to the following sections for details: Command-Line Basics ■...
Page 22 GigaVUE-OS CLI Reference Guide Changing to Configure Mode Change to Configure mode as follows: Log in to the GigaVUE-OS. When you first log in, the CLI is in Standard mode, indicated by the > prompt (for example, [hostname] >) 2. Type en <Enter> to switch to Enable mode. The system prompt changes from [hostname] >...
Page 23 GigaVUE-OS CLI Reference Guide Figure 1 GigaVUE-OS Command-Line Modes Cheat Sheet Introducing the GigaVUE-OS CLI Command-Line Basics...
Page 24 GigaVUE-OS CLI Reference Guide Changing Command Line Modes The following table summarizes the commands used to change command-line modes: Task Command Changing to Enable Mode > enable You only need to supply enough of each command to positively identify it among the other available commands.
Page 25 GigaVUE-OS CLI Reference Guide Technique Description : Typing ? accesses the help system immediately – you do not need to press <Enter>. Partial Command For all GigaVUE HC Series commands and arguments, you only need to enter enough characters to distinguish the command from all other available Entry commands.
Page 26 GigaVUE-OS CLI Reference Guide For example, in Configure mode, port 1/1/g1 alias Port_Alias is legal, but port 1/1/g1 alias Port Alias is not. : Some string fields do accept spaces provided the input is made inside quotation marks (for example, the banner login command). Configure Mode Syntax Users of GigaVUE-OS nodes may be accustomed to entering the word config before many commands –...
Page 27 GigaVUE-OS CLI Reference Guide Figure 2 Viewing Paging Options Tip: Assigning Unique Hostnames If you are working simultaneously with multiple GigaVUE-OS nodes, you may want to assign each a separate hostname so its easy to identify separate terminal sessions from the system prompt.
Page 28: Saving A Configuration File
GigaVUE-OS CLI Reference Guide Most commands have multiple supported arguments. You can see the exact arguments available at any point of command entry by typing it into the CLI followed by ?. What Is Saved In a Configuration File ® Configuration files store all of the settings in place on the GigaVUE-OS HC Series node when the file was saved –...
Page 29 GigaVUE-OS CLI Reference Guide : In contrast to the traditional GigaVUE-OS nodes, there is no requirement that GigaVUE HC Series Series configuration files have a .cfg extension. Viewing Saved Configuration Files Use the show configuration files command to see a list of available configuration files, as well as the currently active configuration file.
Page 30: Configuration File Types
GigaVUE-OS CLI Reference Guide Figure 4 Showing Configuration Files Using the configuration Command Use the configuration command to manage configuration files on the GigaVUE HC Series node – separate arguments let you perform a wide variety of related tasks, including: Save, copy, and delete configuration files.
Page 31 GigaVUE-OS CLI Reference Guide Reserved Empty Database File The empty database file, empty_db_file_dnu, is a reserved file. Do not use this filename (dnu) in any database operation such as configuration write to or configuration switch-to commands as the filename is removed when the node is reloaded. Syntax for the configuration Command For details on the configuration command, refer to configuration.
Page 32 GigaVUE-OS CLI Reference Guide Sharing Configuration Files with Other ® GigaVUE-OS HC Series Nodes You can apply a configuration file created on one node to a second node. Keep in mind the following notes: All configuration settings that are not related to packet distribution (maps, tool-mirrors, ■...
Page 33: Command Line Reference
Upgrades the BIOS image on GigaVUE-TA100, GigaVUE-HC1, and GigaVUE-HC3. crypto Manages X.509 certificates for theGigaVUE HC Series node’s Web server. debug Generates a dump file for use in debugging issues with Gigamon Technical Support. disable Exits Enable mode and returns to Standard mode. email Configures email and event notification through email.
Page 34 Configures GigaSMART parameters. GigaSMART applications are not supported on GigaVUE TA Series. gta-profile Configures a Control and User Plane Seperation (CUPS) gta profile on a Control Processing Plane for routing the Gigamon Transport Agent (GTA) packets. halt Shuts down the system without powering it off. hb-profile Configures a heartbeat profile on GigaVUE HC Series nodes.
Page 35 GigaVUE-OS CLI Reference Guide Command Description map-scollector Configures shared collector map parameters. map-template Creates a map template. nhb-profile Configures a negative heartbeat profile on GigaVUE HC Series nodes. Deletes or clears certain configuration options. notifications Configures notification settings. Enables and disables the use of NTP, as well as adds NTP servers. ntpdate Sets system clock once from a remote server using NTP.
Page 36 GigaVUE-OS CLI Reference Guide Command Description terminal Sets terminal parameters, including width and length. timestamp Configures the timestamp source. This command is not supported on GigaVUE TA Series nodes. tool-mirror Configures a tool-mirror connection between two tool ports. A tool-mirror connection sends all packets arriving on one tool port to a second tool port on the same node.
Page 37 GigaVUE-OS CLI Reference Guide X12G04 card includes ports x1..x12 and ports g1..g4, but you cannot create a series that spans from 1/1/x1 to 1/1/g4. Instead, you must create two series: 1/1/x1..x12 and 1/1/g1..g4. GigaSMART load balancing port groups can have ports with different rates. ■...
Page 38: Aaa Accounting
GigaVUE-OS CLI Reference Guide Required Command-Line Mode = Enable Use the aaa command to configure accounting, authentication, and authorization (AAA) settings for the GigaVUE-OS node. Use the aaa accounting command to configure accounting settings. Refer to accounting. Use the aaa authentication command to configure authentication settings. Refer to authentication.
Page 39: Aaa Authentication
GigaVUE-OS CLI Reference Guide Task Command Clears the accounting changes default (config) # no aaa accounting changes method list settings. default Clears the accounting changes stop (config) # no aaa accounting changes notification settings. default stop-only Clears the accounting changes (config) # no aaa accounting changes TACACS+ settings.
Page 40 GigaVUE-OS CLI Reference Guide certificate crl install name default pem url <URL> uninstall name default login default [ldap] [local] [radius] [tacacs+] password expiration duration <days> enable The following table describes the arguments for the aaa authentication command: Argument Description attempts Overrides the global settings for tracking and lockouts for the admin account.
Page 41 GigaVUE-OS CLI Reference Guide Argument Description unlock-time <seconds> Specifies that if a user account is locked due to authentication failures, another login attempt will be permitted if this number of seconds has elapsed since the last login failure. That does not count failures caused by the lockout mechanism itself.
Page 42 GigaVUE-OS CLI Reference Guide Argument Description [local] [radius] tried. The valid values are ldap, local, radius, and tacacs+. The order in which the [tacacs+] methods are specified is the order in which the authentication is tried. To prevent lockouts, it is recommended that you include local as one of the methods.
Page 43 GigaVUE-OS CLI Reference Guide Task Command status user manager Display authentication-certificate settings. # show aaa authentication certificate Displays the currently installed CRL. # show aaa authentication certificate crl name default Displays the tracked login attempts. # show aaa authentication login Displays the tracked login attempts for last x days (default 10).
Page 44: Aaa Authorization
GigaVUE-OS CLI Reference Guide aaa authorization Required Command-Line Mode = Configure Use the aaa authorization command to specify how externally logged-in users should be granted privileges on the GigaVUE-OS node. You can map all external logins to a specific local account, use matching accounts in the local database, or reject external logins unless they have a matching account in the local database.
Page 45 GigaVUE-OS CLI Reference Guide Related Commands The following table summarizes other commands related to the aaa authorization command: Task Command Displays general AAA settings. # show aaa Clears authorization user mapping (config) # no aaa authorization map default user settings. default-user Clears authorization user mapping (config) # no aaa authorization map order...
Page 46 GigaVUE-OS CLI Reference Guide Use the apps inline-ssl command to configure inline Secure Sockets Layer (SSL) parameters for (Passive) SSL Decryption for inline tools. Refer to apps inline-ssl. Use the apps keystore command to configure keystore key pairs. Refer to apps keystore.
Page 47 GigaVUE-OS CLI Reference Guide Argument Description alias <alias> Specifies the ASF alias. For example: (config) # apps asf alias asf2 bi-directional <disable | enable> Specifies the direction of the flow, as follows: disable—Disables capture of both directions of ● the flow. enable—Enables capture of both directions of ●...
Page 48 GigaVUE-OS CLI Reference Guide Argument Description For example, to capture 50 packets after the pattern match: (config) # apps asf alias asf2 packet- count 50 This parameter applies to APF pass rules (gsrule add pass). The number of packets dropped after the packet count is exceeded is displayed in the Exceed Count Drop field.
Page 49 GigaVUE-OS CLI Reference Guide Argument Description ipv6 (ipv6-src, ipv6-dst)—IPv6 source and ● destination IP. ipv6-5tuple (ipv6-src, ipv6-dst, l4port-src, ● l4port-dst, ipv6-protocol)—IPv6 source and destination IP, L4 source and destination port, and protocol field in IPv6 header. For buffer ASF, the IPv6 protocol is TCP/UDP. ipv6-dst—IPv6 destination IP.
Page 50 GigaVUE-OS CLI Reference Guide Argument Description (config) # apps asf alias asf3 sess-field add ipv4-5tuple oute) # apps asf alias asf4 sess-field add vlan-id pos 2 timeout <10-120s> Specifies the session inactivity timeout, in seconds. A session will be removed due to inactivity when no packets match.
Page 51 GigaVUE-OS CLI Reference Guide Task Command Displays configuration of a specified ASF. # show apps asf alias asf1 Displays configuration of all ASFs. # show apps asf all Displays ASF statistics by alias. # show apps asf stats alias asf2 Displays all ASF statistics.
Page 52 GigaVUE-OS CLI Reference Guide apps exporter Use the apps exporter command to configure the exporter. The apps exportercommand has the following syntax: apps exporter alias <alias> type <gtp-cups | tunnel> source interface ip-interface l4 port destination port <1-65535> protocol <tcp | udp> ip ver6 ver4...
Page 53 GigaVUE-OS CLI Reference Guide Argument Description l4 — Configures the exporter destination transportation layer ● parameters. : When the listener type is gtp-cups, the configuration of exporter destination network layer parameters is optional. l4< port <1-65535> Configures the following transportation layer parameters in the exporter: protocol <tcp | udp>>...
Page 54 GigaVUE-OS CLI Reference Guide Maximum Packet Size The max-pkt-size parameter can be used to configure the maximum length of the packets that are exported from the AMI application. By default this option is disabled. : The max-pkt-size parameter value can be configured between 1280 and 9400. When you configure the max-pkt-size value as 0, the feature will be disabled and the packets will get exported based on the available buffer size.
Page 55 GigaVUE-OS CLI Reference Guide Argument Description gtpu-udp—Adds gtpu-udp protocol. ● For GTP protocol, the protocol position is inner by default. For other protocols, the protocol position must be configured either as inner or outer. At least one protocol field is required in each profile. The parameters that are configured are: offset <offset-length>...
Page 56 GigaVUE-OS CLI Reference Guide rule add transport <tcp | udp> app <application protocol> field <application field> match-pattern <regex profile alias> action <pass | drop> rule delete <rule-id> exit The following table describes the arguments for the apps exportercommand: Argument Description alias <name>...
Page 57 GigaVUE-OS CLI Reference Guide Related Commands The following table summarizes other commands related to the apps enhanced asfcommand: Task Command Enables Enhanced Application gsop alias <gsop alias> apf set Session Filteringfeature. asf enhanced <enhanced asf alias> port-list <gsgroup name> apps enhanced-lb Required Command-Line Mode = ConfigureRequired User Level = Admin Use the apps enhanced-lb command to configure Enhanced load balancing profile and their parameters.
Page 58 GigaVUE-OS CLI Reference Guide Argument Description for ipv6. When hash-field ip-src or ip-dst is defined with ip, ip-src or ip-dst hash-mask overwrites ip hash mask. If field or fields in hash-field rules do not match incoming packets, packets are multi-casted to all the members in the output port group.
Page 59 GigaVUE-OS CLI Reference Guide Argument Description For example: (config) # apps gtp-whitelist alias wlf1 add imsi 318260109318283 (config) # apps gtp-whitelist alias ran_db add ran 210.32.345678912 apps gtp-whitelist alias ran_db add ran 755.56.0xf12345678 create Creates a new forward list. For example: (config) # apps gtp-whitelist alias wlf1 create To create a whitelist, refer to How to Create a Forward...
Page 60 GigaVUE-OS CLI Reference Guide Argument Description RAN entries. Do not use any characters, such as commas or colons, to separate IMSI or RAN entries in forward list files. Each forward list file can contain a maximum of 50,000 entries. ● Forward list files must have a filename with a .txt suffix.
Page 61 GigaVUE-OS CLI Reference Guide Task Command Configure the GigaSMART operation. (config) # gsop alias gtp_wl1 flow-ops gtp-whitelist lb app gtp metric hashing key imsi port-list gsg1 Add single entry to the whitelist.orFetch and (config) # apps gtp-whitelist alias wlf1 add imsi download forward list files.
Page 62 GigaVUE-OS CLI Reference Guide Task Command Configures a rule for a forward list map. # map alias <whitelist map> whitelist add gtp <interface | version> Displays a particular IMSI associated with the # show gsgroup flow-whitelist alias gsg1 imsi GigaSMART group. 318260109318283 Displays the GTP forward list entry count.
Page 63 GigaVUE-OS CLI Reference Guide Argument Description 30eab672d888d22eab811755d5938981ca5c8f18 (config) # apps hsm alias hsm2 hsm-ip 10.115.176.6 hsm-port 9004 esn 12EE-4B24-2FCE kneti cf9ad964faa9acdcbf0e725a76e77e212fd8345b : Obtain the ESN and KNETI numbers from an HSM administrator. The following is from a HSM Remote File System (RFS): $ anonkneti 10.115.176.5 FBC5-F777-2A93 30eab672d888d22eab811755d5938981ca5c8f18 $ anonkneti 10.115.176.6...
Page 64 GigaVUE-OS CLI Reference Guide Task Command Displays a specified HSM. # show apps hsm alias hsm1 Displays all HSM. # show apps hsm all Deletes a specified HSM. (config) # no apps hsm alias hsm1 Deletes all HSM. (config) # no apps hsm all apps hsm-group Use the apps hsm-group command to configure an HSM group.
Page 65 GigaVUE-OS CLI Reference Guide Argument Description comment <comment> Adds a comment to an HSM group. Comments can be up to 128 characters. Comments longer than one word must be enclosed in double quotation marks. For example: (config) # apps hsm-group alias hsm-set comment "HSM group1"...
Page 66 GigaVUE-OS CLI Reference Guide Argument Description hsm-set rfs-sync auto <time- Synchronizes the RFS server with the GigaVUE-OS device automatically period> so that the device can fetch the encrypted keys stored in the RFS server for a given time period. The valid values for the time period are 0–100 hours. The value 0 turns off the automatic synchronization of the RFS server with the GigaVUE-OS device.
Page 67 GigaVUE-OS CLI Reference Guide Argument Description Example: (config) # apps hsm-group alias hsm-set fetch keymap scp://user@10.10.10.10/keymap.txt Related Commands The following table summarizes other commands related to the apps hsm-group command: Task Command Displays the ESN for a given IP address. # show apps hsm-group anonkneti Displays enquiry data from the module.
Page 68 GigaVUE-OS CLI Reference Guide Task Command slots/partitions are visible to the Client. Verifies if the Luna HSM appliances are ping- # show apps hsm-group stats ping-result able. Verifies the Luna HSM appliances HA stats. # show apps hsm-group status ha apps icap Use the apps icap command to configure the ICAP Client app.
Page 69 GigaVUE-OS CLI Reference Guide Task Command Displays all icap server. # show apps icap server all | <alias> Displays all icap server groups. # show apps icap server-group all | <alias> Displays all icap profiles. # show apps icap profile all | <alias> Displays GSOP for icap.
Page 70 GigaVUE-OS CLI Reference Guide inactive-timeout <2-1440 mins> portmap add in-port <value> out-port <value> default-out-port <<value> | disable> delete <all | rule-id <rule ID>> override-port <<value> | disable> tool-bypass <disable | enable> default-action <decrypt | no-decrypt> fetch <decryptlist <URL for profile decrypt list file> | nodecryptlist <URL for profile no- decrypt list file>>...
Page 71 GigaVUE-OS CLI Reference Guide Argument Description password> Creating a new password for ssl keychain: Password: ********* Confirm: ********* The password is used to encrypt all cryptographic materials such as certificates and private keys uploaded to the node. Passwords are not saved on the node. Passwords must be at least 8 characters (up to 64 characters) and must include at least one of each of the following: uppercase letters...
Page 72 GigaVUE-OS CLI Reference Guide Argument Description tls12—Specifies TLS 1.2. ● tls13—Specifies TLS 1.3. ● The default minimum version is sslv3. The default maximum version is tls12. Ensure the minimum version is less than the maximum version. For example: (config) # apps inline-ssl min-version tls11 max-version tls12 below min-version Allows or drops below TLS minimum version for the given configuration as follows: no-decrypt - Bypasses below TLS minimum version.
Page 73 GigaVUE-OS CLI Reference Guide Argument Description (config) # apps inline-ssl profile alias sslprofile tool early-engage enable profile alias <alias> tool Allows the inline tool to view the decrypted data first before connecting to the early-inspect <enable | server. This helps the inline tool to validate the data and ensure that only valid disable>...
Page 74 GigaVUE-OS CLI Reference Guide Argument Description certificate follows: expired <decrypt | expired—Specifies decrypt or drop for expired certificates. The default is drop. ● drop> ■ decrypt—Accepts the certificate and continues to decryption. invalid <decrypt | ■ drop—Rejects the certificate and drops the connection. drop>...
Page 75 GigaVUE-OS CLI Reference Guide Argument Description decrypt tcp—Specifies the TCP destination for decrypted traffic sent to inline tools. The ● tcp TCP parameters are as follows: inactive-timeout o inactive-timeout—Specifies an inactivity timeout from 2 to 1440 minutes. <2-1440 mins> The default is 5 minutes. Proxied connections are terminated when there is portmap no activity for the specified time.
Page 76 GigaVUE-OS CLI Reference Guide Argument Description categories or no-decrypt all but security-related categories. Examples: (config apps inline-ssl profile alias sslprofile) # default-action decrypt (config apps inline-ssl profile alias sslprofile) # default-action no- decrypt profile alias <alias> Fetches the no-decrypt list or the decrypt list text file for the profile from the fetch <decryptlist <URL specified URL as follows: for profile decryptlist...
Page 77 GigaVUE-OS CLI Reference Guide Argument Description or IP address or IPv6 A server key map binds keys from the keystore as follows: address> key <key server—Specifies the domain name of the server or the IP address of the server ● alias>...
Page 78 GigaVUE-OS CLI Reference Guide Argument Description allows traffic from the same connection to reenter GigaSMART. However, the same traffic sent by GigaSMART reentering through the same network port pair (for example, Nb2, Na2) is not supported. For example: (config apps inline-ssl profile alias sslprofile) # network-group multiple-entry enable profile alias <alias>...
Page 79 X.509 certificate. For <any | port <value example, an issuer name has the following format: /C=US/ST=ca/L=santa or range>> clara/O=gigamon/OU=eng/CN=RootCA/emailAddress=john.doe@gigamon <decrypt | o l4port—Specifies a rule based on any Layer 4 (L4) port for either source or no-decrypt>...
Page 80 GigaVUE-OS CLI Reference Guide Argument Description (config apps inline-ssl profile alias sslprofile) # starttls delete l4port profile alias <alias> url- Specifies an action to take for the profile. This is the action to take on the traffic if cache miss action GigaSMART is unable to resolve the URL category information locally.
Page 81 GigaVUE-OS CLI Reference Guide Argument Description session debug [disable Reserved for internal use. | enable] signing rsa for Specifies SSL signing for RSA. For SSL certificate re-signing, there are different CAs <primary | secondary> used (primary and secondary) as follows: key <key alias>...
Page 82 Displays inline SSL sessions that match any IPv4 source IP # show apps inline-ssl session match ipv4-src address and mask, any IPv4 destination IP address and any ipv4-dst any l4port-src any l4port-dst any mask, any L4 source and destination port, and hostname. hostname gigamon.com Command Line Reference apps...
Page 83 # show apps inline-ssl session match the matching criteria needs to be specified, for example, hostname gigamon.com# show apps inline- instead of gigamon.com, you can specify gigamon or ssl session match hostname gigamon# show gamon. apps inline-ssl session match hostname...
Page 84 GigaVUE-OS CLI Reference Guide Task Command Clears the inline SSL certificate validation persistent cache. (config) # clear apps inline-ssl caching cert- validation Clears the inline SSL URL persistent cache. (config) # clear apps inline-ssl caching url Clears inline SSL session statistics summary. (config) # clear apps inline-ssl session summary apps keystore...
Page 85 GigaVUE-OS CLI Reference Guide Argument Description ECDSA ● certificate <download url Downloads a certificate or cuts and pastes a certificate. Use this <download URL> | key-str command to configure the Man-in-the-Middle (MitM) primary CA or <key string>> optional secondary CA as follows: url—Specifies the download URL for the certificate PEM file.
Page 86 For example, to download an encrypted private key when the password is specified on the command line: (config) # apps keystore rsa K4 private-key download url http://dominos.gigamon.com/~ama/misc/encrypted_pkey.pem password admin1100.0% [######################################## For example, to download an encrypted private key when the password is...
Page 87 GigaVUE-OS CLI Reference Guide Argument Description For example, to configure keys residing on HSM: (config) # apps keystore rsa mykey private-key download url http://10.115.0.100/tftpboot/myname/hsm/key_pkcs11_ ua88af6e573c9c6c39b245a15edfc3ebcbebbdae4f type hsm Refer to apps hsm. self-signed Generates a self-signed certificate and key (key pair) as follows: common-name <CN>...
Page 88 GigaVUE-OS CLI Reference Guide Task Command Displays a certificate for a specified SSL key. # show apps keystore alias primary certificate Displays a summary for a specified SSL key. # show apps keystore alias primary summary Displays all SSL keys. # show apps keystore all Deletes specified ecdsa keys from the keystore (config) # no apps keystore ecdsa aliasprimary...
Page 89 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the apps listener command: Argument Description alias <alias> Specifies the listener alias. type <gtp-cups | tunnel> Specifies the type of the listener as follows: gtp-cups — GigaSMART host for GTP-Cups. ●...
Page 90 GigaVUE-OS CLI Reference Guide Command Argument Description apps netflow Configures the NetFlow Generation parameters. exporter Configures the NetFlow Generation Exporter. monitor Configures the NetFlow Generation Monitor. record Configures the NetFlow Generation Record. apps netflow Specifies the NetFlow Generation Exporter. exporter alias Configures an alias for the NetFlow Generation Exporter.
Page 91 GigaVUE-OS CLI Reference Guide Command Argument Description seconds (optional). apps netflow Specifies a description for the NetFlow Generation Exporter. exporter alias <alias> description <string> Specifies the description of the NetFlow Generation Exporter. apps netflow Specifies an alias destination for the NetFlow Generation exporter alias Exporter.
Page 92 GigaVUE-OS CLI Reference Guide Command Argument Description apps netflow any value <af11 | af12 | af13 Adds a new exporter pass filter rule for IPv4 DiffServ Code Point exporter alias | af21 | af22 | af23 | af31 | (DSCP) bits as follows: <alias>...
Page 93 GigaVUE-OS CLI Reference Guide Command Argument Description exporter alias address..ipv6_address>] | any range—Configures IPv6 destination address range as ● <alias> filter add [value <ipv6 address>] | <ipv6_address..ipv6_address>. pass ipv6 dst pos <1-3> any value—Configures IPv6 destination address value as ● <ipv6 address>.
Page 94 GigaVUE-OS CLI Reference Guide Command Argument Description exporter alias address..MAC_address>] | follows: <alias> filter add [value <MAC_address>] | any range—Configures MAC address range as <MAC_ ● pass mac src pos <1-3> address..MAC_address>. any value—Configures MAC address value as <MAC_ ● address>.
Page 95 GigaVUE-OS CLI Reference Guide Command Argument Description template- refresh-interval <1-216000> Specifies the NetFlow Generation template timeout in seconds. The default is 1800. apps netflow Specifies the NetFlow Generation Exporter Transport Protocol. exporter alias <alias> transport Uses the NetFlow Generation UDP Transport Protocol. This is the default.
Page 96 GigaVUE-OS CLI Reference Guide Command Argument Description cache. apps netflow Configures the monitor cache timeout. monitor alias <alias> cache timeout active Specifies the active NetFlow Generation timeout in seconds. event Specifies that the NetFlow Generation Record is generated and exported in the NetFlow Generation cache on an event. inactive Specifies the inactive NetFlow Generation timeout in seconds.
Page 97 GigaVUE-OS CLI Reference Guide Command Argument Description monitor alias <alias> port-list apps netflow <0 to 65535> Deletes specific ports to scan for SSL. List up to 10 ports to monitor alias delete from the monitor. Use commas to separate the ports in <alias>...
Page 98 GigaVUE-OS CLI Reference Guide Command Argument Description <alias> sampling set no-sampling Disables sampling for a NetFlow monitor. single-rate Enables single-rate sampling for a NetFlow monitor. Single-rate applies to all records. apps netflow 1 in <10-16000> Defines the sampling rate for single-rate sampling by monitor alias specifying a number for 1 in N, where N is the packet count <alias>...
Page 99 GigaVUE-OS CLI Reference Guide Command Argument Description sampling Adds or deletes sampling for a NetFlow record. 1 in 1 (no sampling) is the default. apps netflow Specifies the NetFlow Generation non-key fields of the NetFlow record alias Generation Record. <alias> collect Adds a new NetFlow Generation Collect non-key field.
Page 100 <1-10>] | additional- —Specifies a pen name. The only valid pen pen <pen name> ● private class-text [number- name is gigamon. of-collects <1-10>] —Specifies an optional parameter that number-of-collects ● |additional-name indicates the number of instances of elements that can be [number-of-collects collected for a DNS request.
Page 101 GigaVUE-OS CLI Reference Guide Command Argument Description <1-10>] | an-count | field in the additional records section. ar-count |authority- additional-rdata—Specifies the length of the rdata field in ● class [number-of- the additional records section. collects <1-10>] | additional-ttl—Specifies the time-to-live (TTL), which is the ●...
Page 102 GigaVUE-OS CLI Reference Guide Command Argument Description section. —Specifies the query format containing one of the query-class ● RR class codes. —Specifies the text string of the hexadecimal query-class-text ● value of the query class containing one of the RR type codes. —Specifies the domain name requested in the query-name ●...
Page 103 Description <alias> collect —Specifies a pen name. The only valid pen pen <pen name> ● add private name is gigamon. —Captures any packet with an HTTP response response-code ● code embedded in it. For IPFIX only. apps netflow pen <pen name> http url...
Page 104 GigaVUE-OS CLI Reference Guide Command Argument Description given CA. —Specifies the identifier for the signatureAlgorithm ● cryptographic algorithm used by the CA to sign the certificate. —Specifies the text string of the signatureAlgorithm-text ● hexadecimal value of the identifier for the cryptographic algorithm used by the CA to sign the certificate.
Page 105 GigaVUE-OS CLI Reference Guide Command Argument Description add private compressionMethod | name is gigamon. nameIndication [width —Specifies the cipher that the server agreed to use for cipher ● <1-64>] | sessionId | that session. version | version-text> —Specifies the text string of the hexadecimal value cipher-text ●...
Page 106 GigaVUE-OS CLI Reference Guide Command Argument Description apps netflow flow-start-sec | flow-end- Adds a new NetFlow Generation Collect timestamp field. record alias sec | flow-start-msec | <alias> collect flow-end-msec | sys- add timestamp uptime <first | last> apps netflow Adds a new NetFlow Generation Collect transport field. record alias <alias>...
Page 107 GigaVUE-OS CLI Reference Guide Command Argument Description delete <all | exporter-id Removes an exporter from a NetFlow record or removes all <exporter-id> exporters. apps netflow Specifies key fields for the NetFlow Generation Record. record alias <alias> match Adds a NetFlow Generation new match key field. delete Deletes an existing NetFlow Generation match key field.
Page 108 GigaVUE-OS CLI Reference Guide Command Argument Description record alias <alias> match delete Deletes all NetFlow Generation Match key fields for a particular NetFlow Generation Flow Record. match-id Deletes the NetFlow Generation match key field corresponding to a particular Match ID. apps netflow Deletes match key field corresponding to Match ID.
Page 109 GigaVUE-OS CLI Reference Guide Related Commands The following table summarizes other commands related to the apps netflow command: Task Command Displays general NetFlow information. # show apps netflow Displays NetFlow exporters. # show apps netflow exporter Displays NetFlow exporter for a specified # show apps netflow exporter alias exp1 alias.
Page 110 GigaVUE-OS CLI Reference Guide Task Command exporter. enable Deletes all NetFlow exporters. (config) # no apps netflow exporter all Deletes a specified NetFlow monitor. (config) # no apps netflow monitor alias mon1 Deletes all NetFlow monitors. (config) # no apps netflow monitor all Deletes a specified NetFlow record.
Page 111 GigaVUE-OS CLI Reference Guide add ip-addr <ip-address> create delete <all | callerid <caller ID>> destroy fetch <add | delete> <URL for a SIP whitelist file> The following table describes the arguments for the apps sip-whitelist command: Argument Description sip-whitelist Specifies an alias of the forward list file. alias <SIP whitelist file alias>...
Page 112 GigaVUE-OS CLI Reference Guide Argument Description (config) # apps sip-whitelist alias sip-scp add id-range 123456700..123456750 add ip-addr Adds a valid IPv4/IPv6 address to the forward list entries. IP address must be a valid single: <ip-address> IPv4 address ● IPv6 address ●...
Page 113 GigaVUE-OS CLI Reference Guide Argument Description Forward list files must have a filename with a .txt suffix. ● To fetch a specified forward list file from a location, use one of the following formats: http://IPaddress/path/filename.txt ● scp://username:password@IPaddress:/path/filename.txt ● For SIP forward listing in a cluster, only fetch the forward list to the leader in the cluster. On member nodes, fetch is not available.
Page 114 GigaVUE-OS CLI Reference Guide Task Command Configure the GigaSMART operation. (config) # gsop alias sip_wl1 flow-ops sip-whitelist lb app sip metric hashing key caller-id port-list gsg1 Add single entries to the whitelist.or (config) # apps sip-whitelist alias sip-scp1 add callerid Fetch and download forward list files.
Page 115 GigaVUE-OS CLI Reference Guide Task Command Displays a particular caller ID associated with the # show gsgroup sip-whitelist alias gsg1 caller-id GigaSMART group. 302701237777777 Displays the SIP forward list entry count. # show apps sip-whitelist alias sip-scp count apps split-dns You can choose to configure separate DNS servers for internal and external networks to ensure better security and privacy management.
Page 116 Configures a rule with DNS server IP address and domain <domain-name> name for the split-DNS profile. Example: (config) # rule add dns 11.22.33.44 domain *.gigamon.com collector edit dns <ip-address> Edits the IP address of the collector DNS server. Example: (config) # collector edit dns 10.115.181.229 rule edit id <rule id>...
Page 117 GigaVUE-OS CLI Reference Guide Task Command Deletes the specified split-DNS profile. # no apps split-dns profile alias <alias> : Before deleting the split-DNS profile, ensure that you disable the profile from the GigaSMART engine port. To disable the profile, you must delete the GigaSMART engine port configurations. Refer to gigasmart.
Page 118 GigaVUE-OS CLI Reference Guide Argument Description download type pkcs12—Specifies a PKCS12 file containing the private key and the ● pkcs12 <url certificate. <download URL>> private-key—Specifies a private key. ● [password <password>] The parameters are as follows: private-key <key-str url—Specifies the download URL for either PKCS12 or private key. <key string>...
Page 119 GigaVUE-OS CLI Reference Guide Argument Description <password> you will be prompted to verify the password after any node reboot when you enter configure terminal mode, for example: (config)# configure terminal (config) # apps ssl keychain password required Please enter ssl keychain password: Password: ********* keychain password Resets an SSL keychain password.
Page 120 GigaVUE-OS CLI Reference Guide Task Command Displays a specified SSL private key. # show apps ssl key alias key1 Displays all SSL keys. # show apps ssl key all Displays a specified SSL service. # show apps ssl service alias service1 Displays all SSL services.
Page 121 GigaVUE-OS CLI Reference Guide mtls <disable; default: "disable"> cipher <string; default: TLS_AES_128_GCM_SHA256> version <string; default: TLS1.3> exit The following table describes the arguments for the apps ssl-profile command: Argument Description alias <alias> Specifies the SSL proile alias. For example: (config) # apps ssl-profile alias ssl- profile mtls <disable;...
Page 122 GigaVUE-OS CLI Reference Guide Argument Description alias <alias> Specifies the TCP alias. For example: (config) # apps tcp-profile alias tcp-profile1 keep-alive-timer <30-7200; Specifies the time duration between keep alive messages. The value default 60> ranges from 30-7200. The default value is 60. selective-ack Enables or disables selective acknowledgement.
Page 123 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the banner command: Argument Description login <string> Configures the login banner. This banner is displayed at the login prompt before you log in ® | default> to the GigaVUE-OS HC Series node.
Page 124: Battery Optimization
GigaVUE-OS CLI Reference Guide The following table describes the arguments for the battery command Argum Descrption batte Starts the battery test for the specified battery ID. For example: # battery test execute abcde1234567890 test [ You cannot simultaneously start another BET process by giving another battery ID. For example: exec # battery test execute pqrst1234567890Battery Exercise Test is ute][...
Page 125 GigaVUE-OS CLI Reference Guide Argument Description Port group -ID- which is X1,X2,X3,X4. ● Port-group-list – a series of port groups can also be defined for battery ● optimization. <level> Defines the battery level at which battery optimization must be started. The battery level values are as follows: NORMAL ●...
Page 126 GigaVUE-OS CLI Reference Guide Task Command Displays the current CPU hibernation configuration setting. # show battery optimization global Disables cpu hibernation #no battery optimization global cpu- hibernate bond Required User Level = Admin Use the bond command to configure bonding interfaces and modes. Bonding is a Linux networking feature.
Page 127 GigaVUE-OS CLI Reference Guide Argument Description balance-xor | backup—backup fault tolerant mode ● balance-xor- balance-xor—XOR load balancing ● layer3+4 | balance-xor-layer3+4—XOR load balancing Layer 3 + 4 mode ● broadcast | link-agg broadcast—broadcast fbondault tolerant mode ● link-agg—link aggregation mode (IEEE 802.3ad) link-agg-layer3+4 | ●...
Page 128 Enables fallback reboot if the selected image does not load correctly. When this option is reboot enable enabled, the GigaVUE-OS HC Series node will fall back and boot the other image if the selected image does not load correctly. This setting is enabled by default.
Page 129 GigaVUE-OS CLI Reference Guide ® Use the card command to manage GigaVUE-OS HC Series line cards. You can configure a card, causing the system to recognize a newly installed card and make it available for use, shut down cards in preparation for removal, and show card status. : You must run the card command to configure all cards as part of the installation of a new system.
Page 130 GigaVUE-OS CLI Reference Guide Argument Description : On the GigaVUE-HC3, this command configures the same alarm buffer threshold on all the slots in the chassis. slot <slot ID> Shuts down the specified line card and prepares it for removal. Refer to the line card down removal procedure in the Hardware Installation Guide for instructions.
Page 131 GigaVUE-OS CLI Reference Guide Argument Description code> slot <slot ID> For GigaVUE-OS-TA1 and GigaVUE-OS-TA10, allows ports to consume a greater percentage set buffer of the common shared buffer pool. For deployment, contact Technical Support. Refer to alpha <alpha Contacting Technical Support on page 733.
Page 132 GigaVUE-OS CLI Reference Guide : Card mismatch occurs when: a card that has a particular mode is replaced with another card with a different ■ mode or with a card that does not support a mode a configured card is replaced with another card without unconfiguring the initial ■...
Page 133 Unique box IDs are required for each node in a cluster. For example: (config) # chassis box-id 2 gdp <enable | disable> Enables or disables Gigamon discovery on the chassis. enable—Enables Gigamon discovery (GDP) on the chassis. ● disable—Disables Gigamon discovery (GDP) on the chassis.
Page 134 (config) # chassis box-id 2 serial-num C0D55 type hc3-v2 mode 100G In normal mode, the maximum number of ports on each column is 48. serial-num <serial Configures the serial number of the node and the type of node. Enables Gigamon number> [gdp discovery on the chassis.
Page 135 GigaVUE-OS CLI Reference Guide Argument Description The serial numbers of the node are displaying in the show chassis command. Examples: (config) # chassis box-id 2 serial-num 1C80-1000 (config) # chassis box-id 2 serial-num 1C80-1000 type hc3 tag-mode <single | Configures the VLAN tag mode for the chassis. double>...
Page 136 Displays Gigamon discovery for a card at a specified slot. # show gdp slot 2 Displays Gigamon discovery for a card at a specified slot in table # show gdp slot 2 brief format. Deletes the active configuration on the chassis.
Page 137 GigaVUE-OS CLI Reference Guide session debug vport <vport alias> session summary netflow exporter stats [alias <alias> | all] monitor cache [alias <alias> | all] stats [alias <alias> | all] ssl service stats [alias <alias> | all] arp gsgroup flow-ops flow-sampling <alias <alias> | all> flow-filtering <alias <alias>...
Page 138 GigaVUE-OS CLI Reference Guide Argument Description apps inline-ssl Clears inline SSL persisted records and files. Also clears the GigaSMART shared caching <cert- memory caches. validation | url> apps inline-ssl Clears inline SSL monitor mode statistics. monitor stats apps inline-ssl Reserved for internal use. session debug vport <vport alias>...
Page 139 GigaVUE-OS CLI Reference Guide Argument Description lb | masking | slicing | strip- header | trailer | tunnel- decap | ssl- decrypt] by- gsgroup <GS group alias> hb-counters <alias Clears heartbeat counters on inline tools. <inline tool alias> | all> destination stats Resets IP destination statistics.
Page 140 GigaVUE-OS CLI Reference Guide Argument Description stats—Clears port statistics reported in the show port-stats command for the ● specified ports. You can specify all ports, a <port-list>, or all ports in a specified slot. For example, the following command clears the port stats for all ports in slot (config) # clear port stats slot 3 You can define the <port-list>...
Page 141 GigaVUE-OS CLI Reference Guide resize type <ansi | console | dumb | linux | screen | vt52 | vt100 | vt102 | vt220 | xterm> width <number of characters> The following table describes the arguments for the cli command: Command Description clear-history Clears the command history for the current user.
Page 142 GigaVUE-OS CLI Reference Guide Command Description <ansi | console | dumb | linux | screen | vt52 | vt100 | vt102 | vt220 | xterm> session terminal width <number of characters> Related Commands The following table summarizes other commands related to the cli command: Task Command Displays CLI options.
Page 143 GigaVUE-OS CLI Reference Guide Task Command Disables paging. (config) # no cli session paging enable Disables progress updates. (config) # no cli session progress enable Clears the terminal type. (config) # no cli session terminal type clock Required Command-Line Mode = Configure Use the clock command to set the system’s local time, date, and time zone.
Page 144 GigaVUE-OS CLI Reference Guide Task Command Displays clock settings. # show clock Resets the timezone to the default (GMT). (config) # no clock timezone cluster Required Command-Line Mode = Enable or Configure Use the cluster command to create and manage clusters. A cluster is a group of GigaVUE HC Series nodes operating as a unified fabric with packets entering a port on one node capable of being sent to any destination port on another node.
Page 145 GigaVUE-OS CLI Reference Guide remove <node ID> shared-secret <shared secret> shutdown startup-time <cluster startup time (secs)> The following table describes the arguments for the cluster command: Argument Description enable Enables cluster support for the node as follows: If the currently specified cluster ID does not match an existing cluster, creates a new ●...
Page 146 GigaVUE-OS CLI Reference Guide Argument Description leader Sets options relating to the leader in the cluster. The leader role on the GigaVUE HC address Series is not statically assigned to a single node. Instead, another node in the cluster can primary ip take on the leader role if the situation requires it (for example, if both the leader and the <cluster leader...
Page 147 GigaVUE-OS CLI Reference Guide Argument Description leader preference—Specifies how likely a node is to claim the leader role during the leader ● preference <1- contention process (for example, across a cluster reload). Higher values are more likely 100> yield to claim the leader role; lower values are less likely. The cluster leader preference can be configured to a preference value between 1 and (continued) 100.
Page 148 GigaVUE-OS CLI Reference Guide Argument Description cluster again. : It is recommended that you use this command, instead of the cluster reload command, when you want to reload the nodes in an Inband cluster. For example: (config) # cluster reload sequential remove <node Removes the specified node from the cluster using the node ID.
Page 149 GigaVUE-OS CLI Reference Guide Task Command Use this CLI command on the leader, standby, or normal node to display the maximum (Max) and Used cost units across a cluster Displays cluster history log. # show cluster history Displays cluster history log for a specified box. # show cluster history box-id 1 Displays local cluster run state.
Page 150 GigaVUE-OS CLI Reference Guide ® Use the configuration command to manage configuration files on the GigaVUE-OS HC Series node separate arguments let you perform a wide variety of related tasks, — including: Save, copy, and delete configuration files. ■ Upload and retrieve configuration files from external hosts using FTP, TFTP, or SCP. ■...
Page 151 GigaVUE-OS CLI Reference Guide new <filename> [factory [keep-basic] [keep-connect]] revert saved switch-to <filename | initial> text fetch <download URL> apply [discard] [fail-continue] [filename <filename>] [overwrite] [verbose] filename <filename> [apply] [fail-continue] [overwrite] [verbose] overwrite [apply] [fail-continue] [filename <filename>] [verbose] file <filename> apply [fail-continue] [verbose] delete rename <filename>...
Page 152 GigaVUE-OS CLI Reference Guide Argument Description myconfig and names it newconfig on the node: (config) # configuration fetch scp://bbochy:catch1@192.168.1.75/myconfig newconfig : You cannot retrieve a file with the same name as the currently active configuration file. jump-start Runs the configuration wizard for the initial setup of GigaVUE-OS nodes. Refer to the Hardware Installation Guide for details.
Page 153 GigaVUE-OS CLI Reference Guide Argument Description [filename (config) # configuration text fetch <filename>] [overwrite] ftp://sven:svenpass@192.168.1.40/textconfig [verbose] The arguments are as follows: filename filename—Gives the retrieved file a new name on the GigaVUE HC Series ● <filename> [apply] node. For example, the following command retrieves textconfig and names it [fail-continue] newtextconfig on the node: [overwrite] [verbose]...
Page 154 GigaVUE-OS CLI Reference Guide Argument Description Deleting a Text Configuration File Use the delete argument to delete a text configuration file. For example: (config) # configuration text file myconfig delete Renaming a Text Configuration File Use the rename argument to rename a text configuration file. For example: (config) # configuration text file myconfig rename your config Uploading a Text Configuration File Use the upload argument to send a text configuration file to an external server...
Page 155 GigaVUE-OS CLI Reference Guide Argument Description Uploaded text configuration files are automatically named with a timestamp in epoch format. For example: config-text-1308003659 You can also generate text configuration files and save them to local storage. For example: (config) # configuration text generate active running save myfile.txt You can also generate traffic-only text configuration files and save them locally.
Page 156 GigaVUE-OS CLI Reference Guide Argument Description which the command is run and is not propagated to other nodes in the cluster. (config) # configuration write to myconfig no-switch ● Saves the running configuration to the myconfig file and leaves the current configuration file active.
Page 157 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the configure command: Argument Description terminal Enters configuration mode. For example: co t(config) # Related Commands The following table summarizes other commands related to the configure command: Task Command Exits configuration mode.
Page 158 GigaVUE-OS CLI Reference Guide Argument Description For example: (config) # coreboot install Related Commands The following table summarizes other commands related to the coreboot command: Task Command Displays the BIOS image from which the system booted. (config) # show version crypto The GigaVUE-OS node by default generates and uses a self-signed certificate to provide HTTPS access for GigaVUE-FM to communicate and manage GigaVUE-OS node.
Page 159 <box-id> domain <xyz.gigamon.com> ca-url <url> |algorithm <rsa-2048 | rsa-4096 | ec-prime256v1 |ec-secp384r1>| |renew-days <1-365>| |root-cert <certificate_name>| acme renew box-id <box-id> domain <xyz.gigamon.com> acme revoke box-id <box-id>domain <xyz.gigamon.com> ca-list default-ca-list name <CA list name> [system-self-signed] default-cert name <cert name> [system-self-signed] generation default...
Page 160 <box-id> -Specifies the box-id for which the ● days <1-365>| |root-cert <certificate_ certificate needs to be issued. name>| domain <xyz.gigamon.com> -Specify the domain name, ● which will become the subject name as well as the alternate subject name in the certificate. ca-url <url>-The Certificate Authority URL.
Page 161 <box-id> -Specifies the box-id for which the ● certificate needs to be renewed. domain <xyz.gigamon.com> -Specify the domain name, ● which will become the subject name as well as the alternate subject name in the certificate.
Page 162 GigaVUE-OS CLI Reference Guide Argument Description certificate generation default Configures default values for certificate generation as follows: country-code <country code> country-code—Specifies the default value for country code, ● days-valid <number of days> in two alphanumeric characters. email-addr <email address> days-valid—Specifies the default value for days valid. The ●...
Page 163 GigaVUE-OS CLI Reference Guide Argument Description imported certificate. prompt-private-key—Prompts for a PEM-encoded string. ● public-cert—Specifies an alternate certificate, such as one ● issued by a trusted public signing authority. pem <PEM string>—Specifies a certificate data string in ● Privacy Enhanced Mail (PEM) format. fetch <url>—Specifies the remote private key location.
Page 164 Required Command-Line Mode = Configure Use the debug command to generate a system dump file for use with Gigamon Technical Support staff. You can generate the system dump files for all the nodes that are part of a cluster by logging into the leader. However, to download the system dump file for a node, you must log into the respective node.
Page 165 GigaVUE-OS CLI Reference Guide Task Command Generates an encrypted debug dump (sysdump) file. (config) # debug generate dump Generates a debug dump (sysdump) file for the specified (config) # debug generate dump box-id box ID that is part of the cluster. <box-id>...
Page 166 (by ● event default, Gigamon’s Technical Support Department) when failures specified with email <event name> autosupport event <event name> take place. ssl event—Specifies the events that will trigger an email to the auto support destination.
Page 167 GigaVUE-OS CLI Reference Guide Command Description tls-none> dead-letter Configures the handling of email notifications that could not be sent (for example, because cleanup the mail hub was not configured correctly), as follows: max-age cleanup—Specifies how long to save undeliverable emails. Dead letter files older than ●...
Page 168 GigaVUE-OS CLI Reference Guide Command Description <username> the address is used as-is (for example, email return-addr support@mycompany.com). If the @ character is not included, the system adds the <return-host>.<domain>. The default settings is do-not-reply. return-host Specifies whether or not to include the hostname in the return address for emails. This only takes effect if the return addr entry does not contain an @ character.
Page 169 GigaVUE-OS CLI Reference Guide Task Command list Does not verify server certificates. (config) # no email autosupport ssl cert- verify Resets autosupport email security mode to the default. (config) # no email autosupport ssl mode Does not clean up old dead letters based on age. (config) # no email dead-letter cleanup max-age Does not save dead letter for undeliverable emails.
Page 170 GigaVUE-OS CLI Reference Guide Use the enable command to enter Enable mode. Refer to Command Line Modes for more information. exit Required Command-Line Mode = Configure Use the exit command to leave Configure mode and return to Enable mode. Refer to Command Line Modes for more information.
Page 171 GigaVUE-OS CLI Reference Guide port6dst port6src portdst portsrc protocol ingressport none The following table describes the arguments for the fabric advanced-hash command: Argument Description box-id Identifies the chassis to which the advanced-hash algorithm will apply. (config) # fabric advanced-hash box-id 12 Enables all hash criteria fields, including Layer 2, Layer 3, and Layer 4 fields.
Page 172 GigaVUE-OS CLI Reference Guide Argument Description : Layer 2 hash criteria (ethertype, macdst, and macsrc) are only honored for Layer 2 packets. They are not used to hash TCP/IP packets. ipsrc, ipdst, ip6src, and ip6dst fields inside an MPLS tunnel can also be used for hashing across GigaStream ports.
Page 173 GigaVUE-OS CLI Reference Guide Use the show file debug-dump command to display a list of available debug dump files. Note that debug dump files may be deleted automatically if disk usage is low. The file command has the following syntax: file debug-dump delete <filename>...
Page 174 GigaVUE-OS CLI Reference Guide Argument Description <filename> upload—Sends a tcpdump file to a remote host using FTP, SCP, or SFTP. The format ● upload for the upload URL is as follows: <filename> [protocol]://username[:password]@hostname/path/filename <upload URL> Related Commands The following table summarizes other commands related to the file command: Task Command Displays the debug dump files stored on the node.
Page 175 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the filter-template command: Argument Description alias <alias> Supplies an alias for the filter template. The maximum number of characters supported in an alias is 128. Each alias should be unique across the configured filter templates.
Page 176 GigaVUE-OS CLI Reference Guide Task Command Displays all filter templates in table format. show filter-template Displays a specified filter template. show filter-template alias filt1 Displays a specified filter template in brief format. show filter-template alias filt1 brief Displays all filter templates, including default and user-defined show filter-template all templates.
Page 177 GigaVUE-OS CLI Reference Guide gigasmart Required Command-Line Mode = Configure Use the gigasmart command to configure a stack port interface to provide Internet connectivity for a GigaSMART card or module. Internet connectivity is needed for SSL Decryption for inline tools for the URL categorization database. For URL categorization, an IP address must be configured to query the Webroot service.
Page 178 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the gigasmart command: Argument Description engine <port-list> Specifies the GigaSMART engine port on which to configure a stack port interface to provide Internet connectivity for a GigaSMART card or module for SSL Decryption for inline tools.
Page 179 GigaVUE-OS CLI Reference Guide Argument Description on GigaVUE-HC3 for Internet connectivity with VLAN: (config) # gigasmart engine 1/1/e1 interface eth3 vlan 200 1.1.1.2 /24 gateway 1.1.1.1 dns 1.1.1.1 For example, to configure the default stack port interface using DHCP: (config) # gigasmart engine 1/1/e1 interface dhcp For example, to configure the eth3 stack port interface on GigaVUE-HC3 using DHCP:...
Page 180 GigaVUE-OS CLI Reference Guide Argument Description 64 bytes from sfo07s13-in-f174.1e100.net (216.58.194.174): icmp_seq=2 ttl=53 time=3.78 64 bytes from sfo07s13-in-f14.1e100.net (216.58.194.174): icmp_seq=3 ttl=53 time=3.18 64 bytes from sfo07s13-in-f174.1e100.net (216.58.194.174): icmp_seq=4 ttl=53 time=3.15 64 bytes from sfo07s13-in-f14.1e100.net (216.58.194.174): icmp_seq=5 ttl=53 time=3.18 --- google.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4002ms rtt min/avg/max/mdev =...
Page 181 GigaVUE-OS CLI Reference Guide Task Command Displays ARP information for the GigaSMART engine port. show gigasmart engine 1/1/e1 arp Displays detailed information for the GigaSMART engine show gigasmart engine 1/1/e1 details port. Displays statistics for the GigaSMART engine port. show gigasmart engine 1/1/e1 stats Displays ARP information for a specified GigaSMART engine show gigasmart engine 1/1/e1 interface port interface and VLAN ID.
Page 182 GigaVUE-OS CLI Reference Guide Weighted GigaStream provides you the ability to distribute traffic to the ports by assigning either an equal weight or a custom weight to the ports. For more information about the Weighted GigaStream, refer to the "Weighted GigaStream" section in the GigaVUE-FM User's Guide.
Page 183 GigaVUE-OS CLI Reference Guide Argument Description (config) # gigastream alias stream2 (config gigastream alias stream1) # hash-size 10 (config gigastream alias stream2) # hash-bucket-id 1 port 1/2/x1 (config gigastream alias stream2) # hash-bucket-id 2 port 1/2/x2 (config gigastream alias stream2) # hash-bucket-id 3 port 1/2/x3 (config gigastream alias stream2) # hash-bucket-id 4 port 1/2/x4 This parameter applies to controlled GigaStream only.
Page 184 GigaVUE-OS CLI Reference Guide Argument Description select the criteria for the advanced-hash. Refer to gigastream advanced-hash details. Refer to the “Regular GigaStream Failover Protection” section in the GigaVUE Fabric Management Guide for details on how traffic hashing changes depending on the number of ports in the GigaStream.
Page 185 GigaVUE-OS CLI Reference Guide ethertype gtpteid ip6dst ip6nextHeader ip6src ipdst ipsrc macdst macsrc mpls port6dst port6src portdst portsrc protocol ingressport none The following table describes the arguments for the gigastream advanced-hash command: Argument Description slot <slot On the GigaVUE-HC3, and GigaVUE-HC1, GigaStream hashing is per chassis, not per line number>...
Page 186 GigaVUE-OS CLI Reference Guide Argument Description default Sets the advanced-hash algorithm to its default settings. By default, the advanced-hash algorithm includes source/destination IPv4/IPv6 addresses and ports (ipsrc, ipdst, ip6src, ip6dst, protocol). For example: (config) # gigastream advanced-hash slot 1/1 default fields Specifies the hash criteria: ethertype—Adds L2 ethertype field.
Page 187 GigaVUE-OS CLI Reference Guide Task Command Displays regular GigaStream advanced hash fields. show gigastream advanced-hash Displays regular GigaStream advanced hash fields for a specified show gigastream advanced-hash box ID. box-id 24 Displays regular GigaStream advanced hash fields for a specified show gigastream advanced-hash box ID in table format.
Page 188 GigaVUE-OS CLI Reference Guide alias <alias> variance-threshold <threshold percent value> The following table describes the arguments for the gigastream command: Argument Description alias <alias> Specifies an alias for the GigaStream. The maximum number of characters supported in an alias is 128. Each GigaStream name should be unique across the configured GigaStreams.
Page 189 GigaVUE-OS CLI Reference Guide Notes: You cannot combine different generations of GigaSMART cards in the same GigaSMART group. ● You should always allow a maximum of 3 minutes time gap when you delete and recreate a gsgroup. ● The following table describes the arguments for the gsgroup command: Argument Description alias <alias>...
Page 190 GigaVUE-OS CLI Reference Guide Argument Description download Download persistence data base file from the remote server pause Pause GTP Persistence data base sync up resume Resume GTP Persistence data base sync up upload Upload persistence data base file to the remote server hc3-01 [clusterId: normal] (config) # gsgroup alias <GSGROUP-ALIAS>...
Page 191 GigaVUE-OS CLI Reference Guide hc3-01 [clusterId: normal] (config) # gsgroup alias <GSGROUP-ALIAS> gtp-persistence pause ? <Pause Parameter> Specify time (number of mins) for which Persistence data base will be paused hc3-01 [clusterId: normal] (config) # gsgroup alias <GSGROUP-ALIAS> gtp-persistence pause 120 ? <cr>...
Page 192 GigaVUE-OS CLI Reference Guide hc3-01 [clusterId: normal] (config) # gsgroup alias <GSGROUP-ALIAS> gtp-persistence upload scp://username[:password]@hostname/path/ slot 3 ? engine GigaSMART Card Engine Number for which file needs to be uploaded hc3-01 [clusterId: normal] (config) # gsgroup alias <GSGROUP-ALIAS> gtp-persistence upload scp://username[:password]@hostname/path/ slot 3 engine ? <Engine Number of the GigaSMART Card>...
Page 193 GigaVUE-OS CLI Reference Guide Task Command Use the card slot command to reload a GigaSMART line card or module. Displays GTP stateful session recovery information for a # show gsgroup gtp-persistence alias specified GigaSMART group. gsg1 Displays GTP stateful session recovery information for all # show gsgroup gtp-persistence all GigaSMART groups.
Page 194 GigaVUE-OS CLI Reference Guide asf enhanced <enhanced asf alias> port-list <gsgroup name> asf <ASF alias> dedup set flow-ops <flow-filtering <gtp> | flow-sampling | gtp-flowsample | gtp-whitelist | netflow | sip- flowsample | sip-whitelist | 5g-whitelist | 5g-flowsample> inline-ssl <inline SSL profile alias> lb ...
Page 195 GigaVUE-OS CLI Reference Guide ssl-decrypt in-port <<ingress port> | any> out-port <<egress port> | auto> strip-header erspan <0-1023> fabric-path <dst-switch-id <0-(2^12-1)>> <src-switch-id <0-(2^12-1)>> fm6000-ts <gs | none | x12-ts> generic anchor-hdr1 <none | eth | vlan | mpls | ipv4 | ipv6><offset <start | end | <integer>>...
Page 196 GigaVUE-OS CLI Reference Guide Argument Description the specified VLAN tag. This feature can be used in conjunction with the strip-header operation to differentiate stripped packets using common IP ranges (10.x.x.x or 192.168.x.x) from non-stripped packets in the same IP range. Refer to the “GigaSMART Header Addition”...
Page 197 GigaVUE-OS CLI Reference Guide Argument Description the time interval within which an identical packet will ● be considered a duplicate. whether duplicates should be counted or dropped. ● the packet fields that are used to detect duplicates. ● For details of the gsparams command, refer to gsparams.
Page 198 GigaVUE-OS CLI Reference Guide Argument Description Management Guide for details and examples. gtp-whitelist—Enables GTP forward listing. ● For example: (config) # gsop alias wlf1 flow-ops gtp- whitelist port-list gsgrp4 Refer to the “GigaSMART GTP Whitelisting and GTP Flow Sampling” section in the GigaVUE Fabric Management Guide details and examples.
Page 199 GigaVUE-OS CLI Reference Guide Argument Description traffic | wt-lt-bw | wt-lt-pkt-rate | wt- following stateful load balancing metrics for ASF, GTP, round-robin | wt-lt-conn | wt-lt-tt- or tunnel: traffic | | wt-lt-tt-traffic | wt-imsi | wt-supi | ■ lt-bw—least bandwidth. Not supported for hashing [key <imsi | imei | tunnel.
Page 200 GigaVUE-OS CLI Reference Guide Argument Description ■ inner—second occurrence of header or field : There is no inner or outer field location for gtpu- teid. Refer to the “GigaSMART Load Balancing” section in the GigaVUE Fabric Management Guide for details. lbapp <sip>...
Page 201 GigaVUE-OS CLI Reference Guide Argument Description (config) # gsop alias sip-content-mask masking protocol sip content-type message/cpim port-list gsgrp (config) # gsop alias sip-fs-lb flow-ops sip- flowsample lb app sip metric hashing key caller-id masking protocol sip content-type message/cpim port-list gsgrp (config) # gsop alias sip-wl-lb flow-ops sip- whitelist lb app sip metric hashing key caller- id masking protocol sip content-type...
Page 202 GigaVUE-OS CLI Reference Guide Argument Description ssl-decrypt in-port <<ingress port> | any> Specifies the Passive SSL decryption GigaSMART out-port <<egress port> | auto> operation as follows: in-port—Specifies the destination port on which to ● listen. It can be an ingress port number between 1 and 65535 or any, which means that traffic will be accepted on any server port from 1-65535.
Page 203 GigaVUE-OS CLI Reference Guide Argument Description o gs—Specifies to strip the FM6000 timestamp, convert to UTC, and add the UTC timestamp to the GigaSMART trailer. o none—Specifies to strip the FM6000 timestamp. o x12-ts—Specifies to strip the FM6000 timestamp, convert to UTC, and add the UTC timestamp to the PRT-H00-X12TS trailer.
Page 204 <enable | disable> remove include or remove the GigaSMART trailer with this operation. The Gigamon trailer is mandatory for some features (for example, including a Source ID field indicating the port where a packet arrived on the GigaVUE HC Series node) and optional for others (slicing and masking).
Page 205 GigaVUE-OS CLI Reference Guide Argument Description Observability Pipeline. remove—Specifies the trailer to remove. This ● argument cannot be combined with other operations. It is useful in situations where you have cascade connections—a tool port receiving packets with a GigaSMART trailer is physically cabled to a GigaVUE-OS network port, sending the packets received on the tool port back into aGigaVUE HC Series node.
Page 206 GigaVUE-OS CLI Reference Guide Argument Description option when decapsulating traffic from a GigaSMART- enabled node. The setting must match the configuration of the portdst configured on the sending end of the tunnel. Refer to the “GigaSMART IP Encapsulation/Decapsulation (GigaSMART Tunnel)” section in the GigaVUE Fabric Management Guide for details.
Page 207 GigaVUE-OS CLI Reference Guide Argument Description portdst—Specifies the UDP port, from 0 to 65535, on ● which the network port that is associated with an IP interface and residing on the destination node is listening. The portdst must match the configuration of the corresponding tunnel-decap operation’s portdst.
Page 208 GigaVUE-OS CLI Reference Guide Argument Description flow-label—Specifies a label to identify a particular ● flow. The flow label is a 20-bit value. The range is from zero (0) to 2 - 1. prec—Specifies a decimal precedence value from 0 to ●...
Page 209 GigaVUE-OS CLI Reference Guide Argument Description combination of ipv4-src, ipv4-dst, l4port-src, l4port-dst, ipv4-protocol. ■ 5-tuple-ipv6—Specifies an IPv6 5-tuple-based session. The hash value is extracted from the combination of ipv6-src, ipv6-dst, l4port-src, l4port-dst, ipv6-protocol. ■ ip-any—Specifies any IPv4/IPv6-based session. ■ ipv4-only—Specifies an IPv4-only-based session. The hash value is extracted from the combination of ipv4-src, ipv4-dst ■...
Page 210 GigaVUE-OS CLI Reference Guide Argument Description the destination GigaSMART-enabled node. For example: (config) # gsop alias en-tunnel tunnel-encap type vxlan portsrc 100 portdst 100 vni 10 ip6dst 2001:0db8:85a3:0000:0000:8a2e:0370:7334 tunnel-encap type tls-pcapng Specifies the type of tunnel, tls-pcapng, to encapsulate the packet. The arguments are as follows: exporter <exporter alias>|exporter-group <exporter group alias>...
Page 211 GigaVUE-OS CLI Reference Guide gsparams Required Command-Line Mode = Configure ® Use the gsparams command to set options for GigaSMART operations on GigaVUE-OS HC Series nodes. This command does not apply to GigaVUE TA Seriesnodes. The gsparams command has the following syntax: gsparams gsgroup <GigaSMART group alias>...
Page 212 GigaVUE-OS CLI Reference Guide add <HSM group alias> delete ip-frag forward <disable | enable> frag-timeout <5-180 sec> head-session-timeout <15-240 sec> lb failover <disable | enable> failover-thres lt-bw <threshold bandwidth 50-90%> | lt-pkt-rate <packet rate 500- 5000kpps> replicate-gtp-c <disable | enable> use-link-spd-wt <disable | enable>...
Page 213 GigaVUE-OS CLI Reference Guide dstport <destination port for UDP> enable interval <5-600> protocol <icmp | udp> rcvport <receive port on decapsulation side> retries <1-5> roundtriptime <1-4> srcport <source port for UDP> : To enable 3 or 5-tuple hashing, use the command: gsparams gsgroup <GigaSMART group alias>...
Page 214 GigaVUE-OS CLI Reference Guide Argument Description drop—Drops the duplicate packets. ● The default is drop. ● For example: (config) # gsparams gsgroup gs2port1 dedup-action count Refer to the GigaSMART De-duplication section in the GigaVUE Fabric Management Guide for details. dedup-timer <10-500000μs> Configures the time interval within which an identical packet will be considered a duplicate.
Page 215 GigaVUE-OS CLI Reference Guide Argument Description Refer to the “GigaSMART De-duplication” section in the GigaVUE Fabric Management Guide for details. eflow <enable | disable> Specifies the elephant flow options as follows: eflow interval <0- 3600> enable—Enables the detection of elephant flow in the traffic in ●...
Page 216 GigaVUE-OS CLI Reference Guide Argument Description none | x12-ts> decapsulation as follows: gs—Specifies GigaSMART timestamp trailer format. ● none—Specifies no timestamp trailer. ● x12-ts—Specifies PRT-H00-X12TS timestamp trailer format. ● The default is none. ● For example: (config) # gsparams gsgroup gsg_erspan erspan3- timestamp format gs Refer to the “GigaSMART ERSPAN Tunnel Decapsulation”...
Page 217 GigaVUE-OS CLI Reference Guide Argument Description flow-sampling-type—Specifies whether inner or outer IP ● addresses are used for FlowVUE sampling as follows: device-ip—Specifies a sample subset of devices based on IP ● address. device-ip-in-gtp—Specifies a sample subset of devices based ● on inner IP address in the GTP-u tunnel.
Page 218 GigaVUE-OS CLI Reference Guide Argument Description Management Guide. gtp-randomsample <disable | Enables or disables sampling of GTP random sample as follows: enable> enable—Specifies that GTP will be random sampled. ● disable—Specifies that GTP will not be random sampled. ● The default is disable. ●...
Page 219 GigaVUE-OS CLI Reference Guide Argument Description file to associate with a GigaSMART group (add). For example: (config) # gsparams gsgroup gg1 gtp-whitelist add wlf1 (config), add w2f2 (config), add w2f2 (config)# add w3f3 (config) hsm-group Configures an SSL Hardware Security Module (HSM) group as add <HSM group alias>...
Page 220 GigaVUE-OS CLI Reference Guide Argument Description goes down. When a tool port goes down, traffic is rehashed to another tool port in the port group. No rehashing is done to the existing session flow when a port comes up, even if it was previously a down port.
Page 221 GigaVUE-OS CLI Reference Guide Argument Description LTE—specifies the control role for 3G, LTE traffic. The default session limit is 5000, the maximum session limit for GigaVUE-HC3 is 12000, and GigaVUE-OS-HD is 5000. user — specifies the user role for both 5G and LTE traffic as ●...
Page 222 GigaVUE-OS CLI Reference Guide Argument Description The default is 90. Examples: (config) # gsparams gsgroup gsg1 resource cpu overload-threshold 70 (config) # gsparams gsgroup gsg1 resource cpu overload-threshold disable resource packet-buffer overload- Specifies an overload threshold for packet buffer resources for threshold <<50-80>...
Page 223 GigaVUE-OS CLI Reference Guide Argument Description buffer 2 (config) # gsparams gsgroup gsg1 resource hsm-ssl buffer disable resource hsm-ssl packet-buffer <20- Configures resources for the HSM SSL packet buffer as follows: 3000> 20-3000—Adds resources for the HSM SSL packet buffer, from ●...
Page 224 GigaVUE-OS CLI Reference Guide Argument Description add—Adds a SIP forward list. Specify the alias of the SIP ● forward list file containing IMSIs. delete—Delete the SIP forward list. ● Examples: (config) # gsparams gsgroup gsg1 sip-whitelist add whitelist1 (config) # gsparams gsgroup gsg1 sip-whitelist delete ssl-decrypt decrypt-fail-action Specifies Passive SSL decryption failover options as follows:...
Page 225 GigaVUE-OS CLI Reference Guide Argument Description For example: (config) # gsparams gsgroup grp ssl-decrypt hsm- pkcs11 load-sharing disable hsm-timeout <2-5000> Configures the HSM timeout in milliseconds. The HSM timeout specifies a period of time for the communication between the HSM and GigaSMART. The values are from 2 to 5000ms.
Page 226 GigaVUE-OS CLI Reference Guide Argument Description A service can be mapped to different keys on different GigaSMART groups. ssl-decrypt non-ssl-traffic <drop | Specifies how to handle non-SSL traffic as follows: pass> drop—Drops all non-SSL packets. ● pass—Passes all non-SSL packets. ● The default is drop.
Page 227 GigaVUE-OS CLI Reference Guide Argument Description ssl-decrypt pending-session- Specifies Passive SSL decryption timeout options as follows: timeout <30-120> session-timeout pending-session-timeout—Configures a pending session ● <30-3600> tcp-syn-timeout <20- timeout, from 30 to 120 seconds, for when SSL handshake is 600> not completed. The default is 60. session-timeout—Configures a session timeout, from 30 to ●...
Page 228 GigaVUE-OS CLI Reference Guide Argument Description (config) # gsparams gsgroup grp1 tunnel-health- check enable (config) # gsparams gsgroup grp1 tunnel-health- check protocol icmp (config) # gsparams gsgroup grp1 tunnel-health- check interval 300 (config) # gsparams gsgroup grp1 tunnel-health- check retries 3 (config) # gsparams gsgroup grp1 tunnel-health- check action pass (config) # gsparams gsgroup grp1 tunnel-health-...
Page 229 GigaVUE-OS CLI Reference Guide hb-profile Required Command-Line Mode = Admin Use the hb-profile command to configure a heartbeat profile, which is a group of attributes that you can apply to an inline tool to configure the heartbeat operation of the inline tool. For a negative heartbeat profile, refer tonhb-profile.
Page 230 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the hb-profile command. Argument Description <alias <alias> | Specifies the name of the heartbeat profile. Use the alias to configure a heartbeat profile to default> associate with an inline tool. The alias must be unique and can contain up to 128 characters.
Page 231 GigaVUE-OS CLI Reference Guide Argument Description For example: (config hb-profile alias hb_5) # packet-format custom period Specifies the period of the heartbeat packet. This is the number of milliseconds between <period> sending subsequent heartbeat packets. The range is from 30 to 5000 milliseconds. The default is 1000 milliseconds.
Page 232 GigaVUE-OS CLI Reference Guide header-strip Required Command-Line Mode = Configure Use the command to configure the header stripping protocol for a chassis. For header-strip more information about the header stripping protocol, refer to the "About VXLAN Header Stripping" and "About MPLS Header Stripping" sections in the GigaVUE-FM User's Guide. command has the following syntax: header-strip header-strip box id <box id|all> vxlan aging-interval <300 to 1000000 seconds and 0 to...
Page 233 GigaVUE-OS CLI Reference Guide Task Command Displays the VXLAN aging interval configured for # show header-strip box-id 1 aging-interval the specified box ID. Displays the statistical data such as the list of # show header-strip box-id 1 stats vxlan-id VXLAN IDs, number of incoming packets that match the VXLAN IDs, and the incoming bytes.
Page 234 GigaVUE-OS CLI Reference Guide hrot upgrade primary-firmware key-hash bios-hash hrot logging warning notice info The following table describes the arguments for the hrot command : Argument Description hrot upgrade Configures HRoT in the firmware. primary-firmware| primary-firmware-Upgrade HRoT primary-firmware. key-hash| key-hash-Upgrade HRoT primary firmware's key- hash.
Page 235 GigaVUE-OS CLI Reference Guide Use the hostname command to specify the GigaVUE HC Series node’s hostname. The hostname will appear in the system prompt. It will also be used to form the return address of automatic notification emails sent from the system. Refer to email return-host under email for more information.
Page 236 GigaVUE-OS CLI Reference Guide image Required Command-Line Mode = Enable Required User Level = Admin ® Use the image command to manage software images for the GigaVUE-OS HC Series node. The image command has the following syntax: image boot <location <1 | 2> | next> delete <image filename>...
Page 237 GigaVUE-OS CLI Reference Guide Argument Description fetch Retrieves the specified image file from the named location using HTTP, HTTPS, FTP, TFTP, <download SCP, SFTP URL> : It is recommended that you use only secured protocols. [filename] Optionally, you can include a filename for the local image. The format for the download URL is as follows: [protocol]://username[:password]@hostname/path/filename newfilename For example, the following command uses SCP to retrieve the ta100xx image from the...
Page 238 GigaVUE-OS CLI Reference Guide Use the inline-network command to configure an inline network. An inline network is an arrangement of two ports of the inline-network type. The arrangement facilitates access to a bidirectional link between two networks (two far-end network devices) that need to be linked through an inline tool.
Page 239 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the inline-network command. Argument Description alias <alias> Specifies the name of the inline network. The alias must be unique and can contain up to 128 characters. Aliases are case-sensitive. Protected inline network aliases are created automatically on bypass combo modules.
Page 240 GigaVUE-OS CLI Reference Guide Argument Description passively coupled with the fiber or copper connected to the side B port without any transceivers or switching fabric. Therefore, any traffic coming in is exchanged between the two inline network ports without being noticed by the system. open—Specifies that the fiber or copper connected to the inline network ports is ●...
Page 241 GigaVUE-OS CLI Reference Guide Argument Description consideration as follows: o If there are no inline maps associated with the inline network or if the set of inline maps associated with the inline network guarantees that no traffic is dropped when the traffic path is set to to-inline-tool, then setting the traffic path to monitoring leads to the following: all traffic is forwarded as for bypass, but a copy of the traffic is forwarded to the inline tool or tools according to the configured maps between the...
Page 242 GigaVUE-OS CLI Reference Guide Argument Description With the traffic path monitoring, for each sequence originating from the inline network, the system guides two copies of the traffic but only the bypass copy reaches the opposite inline network port. The other copy visits all the inline tools and inline tool groups in the sequence just as if the inline network was set to to-inline-tool, but the supply of traffic from the inline tool returning any traffic is redirected to a null VLAN (with no member ports).
Page 243 GigaVUE-OS CLI Reference Guide Task Command inNet Clears the heartbeat statistics for all the inline networks that are part of the (config) # clear hb- flexible inline flow deployment. counters inline-net all Configures the port speed for an inline network. (config) # port 4/1/x17 params speed 1000 This command only applies to protected ports.
Page 244 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the inline-network-group command. Argument Description alias <alias> Specifies the name of the inline network group. The alias must be unique and can contain up to 128 characters. Aliases are case-sensitive. For example: (config) # inline-network-group alias inNetGroup (config inline-network-group alias inNetGroup) #...
Page 245 GigaVUE-OS CLI Reference Guide Task Command Deletes a specified inline network group. (config) # no inline-network-group alias inNetGroup Deletes the network list for the specified inline network group. (config) # no inline-network-group alias inNetGroup network-list Deletes all inline network groups. (config) # no inline-network-group inline-serial Required Command-Line Mode = Admin...
Page 246 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the inline-serial command. Argument Description alias <alias> Specifies the name of the inline tool series. The alias must be unique and can contain up to 128 characters. Aliases are case-sensitive. For example: (config) # inline-serial alias inSer (config inline-serial alias inSer) #...
Page 247 GigaVUE-OS CLI Reference Guide Argument Description network-port-forced-down—Specifies that when the inline tool series fails, the inline ● network ports of the respective inline network are forced down. per-tool—Specifies that when an individual inline tool in the series fails, the action ●...
Page 248 GigaVUE-OS CLI Reference Guide Argument Description The default is reverse. ● For example: (config inline-serial alias inSer) # per-direction-order forward : Traffic from network A to network B for both reverse and forward flows from the first tool, to the second tool, to the third tool. Refer to the “Inline Tool Series Per- Direction Order”...
Page 249 GigaVUE-OS CLI Reference Guide Use the inline-tool command to configure the inline tool software construct. An inline tool consists of inline tool ports, always in pairs, running at the same speed, on the same medium (fiber or copper). The inline tool ports must be on the same GigaVUE-HC3, or GigaVUE-HC1 node.
Page 250 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the inline-tool command. Argument Description alias <alias> Specifies the name of the inline tool. The alias must be unique and can contain up to 128 characters. Aliases are case-sensitive. For example: (config) # inline-tool alias inTool (config inline-tool alias inTool) #...
Page 251 GigaVUE-OS CLI Reference Guide Argument Description network-bypass—Specifies that when the inline tool fails, all traffic that would not ● have been dropped when the inline network or networks had a NORMAL forwarding state is directed to the bypass path. That is, all such traffic arriving at the side A inline network port or ports is forwarded to the side B inline network port or ports and all traffic arriving at the side B inline network port or ports is forwarded to the side A inline network port or ports.
Page 252 GigaVUE-OS CLI Reference Guide Argument Description profile alias | used if the heartbeat mechanism is enabled for this inline tool. The default heartbeat default> profile alias is default. For example, to specify the heartbeat profile to associate with this inline tool: (config inline-tool alias inTool) # hb-profile hb_5 (config inline-tool alias inTool) # hb-profile default For example, to delete the heartbeat profile associated with this inline tool:...
Page 253 GigaVUE-OS CLI Reference Guide Argument Description recover Puts an inline tool back into service if the recovery mode is configured as manual and the inline tool has an operational state of ready. For example: (config inline-tool alias inTool) # recover recovery mode Configures the recovery mode for each inline tool.
Page 254 # show inline-tool all Displays all inline tools in brief format. # show inline-tool brief Displays the Gigamon VLAN IDs for all inline tools. # show inline-tool vlan-mapping Displays the Rx and Tx statistics for all the inline tools that are part # show inline-tool traffic-rate all of the inline flow deployment.
Page 255 GigaVUE-OS CLI Reference Guide Task Command Deletes all inline tools. (config) # no inline-tool all Clears all the heartbeat statistics for the specified inline tool. (config) # clear hb-counters inline- tool alias inTool Clears the heartbeat statistics for all the inline tools that are part (config) # clear hb-counters inline- of the flexible inline flow deployment.
Page 256 GigaVUE-OS CLI Reference Guide spare-inline-tool <spare inline tool alias> tool-list <inline-tool list> hash-weights <inline-tool weights> The following table describes the arguments for the inline-tool-group command. Argument Description alias <alias> Specifies the name of the inline tool group. The alias must be unique and can contain up to 128 characters.
Page 257 GigaVUE-OS CLI Reference Guide Argument Description respective inline network (or inline network group) is dropped. network-port-forced-down—Specifies that when the inline tool group fails, the inline ● network ports of the respective inline network (or inline network group) are forced down. The default is tool-bypass.
Page 258 GigaVUE-OS CLI Reference Guide Argument Description source IP and destination IP addresses. This produces a hash value that sends all traffic associated with the same session to the same inline tool in the inline tool group. a-srcip-b-dstip—Specifies asymmetrical hashing, which is derived from the source IP ●...
Page 259 GigaVUE-OS CLI Reference Guide Argument Description <spare inline occurs in the set of primary inline tools. The default is blank (not specified). tool alias> If a spare inline tool is configured, the inline tool group becomes a redundant arrangement of inline tools. For example: (config inline-tool-group alias inToolGroup) # spare-inline-tool IT_004 tool-list <inline-...
Page 260 GigaVUE-OS CLI Reference Guide Task Command that are part of the inline flow deployment. Displays the Rx and Tx statistics for the specified inline tool # show inline-tool-group traffic-rate group alias that is part of the inline flow deployment. alias <alias_name> Deletes a specified inline tool group.
Page 261 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the interface command: Argument Description interface Configures settings for the eth0 Mgmt port, as well as the loopback (lo) interface, <interface> and eth1 and eth2 interface. bond <bonded Adds a peer interface to a specified bonded interface. For example: interface>...
Page 262 GigaVUE-OS CLI Reference Guide Argument Description mtu <MTU in bytes> Specifies the MTU for the Mgmt port. Specify a value in bytes (1518 is the largest size for a standard Ethernet packet). The range is 1280–9400. The default is 1500. It is recommended that you set the MTU value to 9400 on all platforms to avoid fragmentation.
Page 263 GigaVUE-OS CLI Reference Guide Task Command Resets the MTU for the specified interface to the (config) # no interface eth0 mtu default. Enables the specified interface. (config) # no interface eth0 shutdown Resets the speed setting for the specified interface to (config) # no interface eth0 speed the default.
Page 264 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the ip command: Argument Description default-gateway <next hop IP Specifies the default gateway for the Mgmt port (eth0). The default address> [interface name (eth0, gateway is where the Mgmt port will send IP packets for distribution eth1...)] to remote networks.
Page 265 GigaVUE-OS CLI Reference Guide Argument Description For configuration examples, refer to the IP Filter Chains for Security. rule <append tail | insert <rule Specifies the position of a rule, which is determined by the arguments number> | set <rule number> | that follow rule, as follows: modify <rule number>>...
Page 266 GigaVUE-OS CLI Reference Guide Argument Description map-hostname Enables the map-hostname argument to ensure a static host mapping for the current hostname. name-server <IPv4 or IPv6 Adds another DNS name server address to the GigaVUE HC Series address> node’s list. route <network prefix> Configures a static routing entry for the GigaVUE HC Series node’s <netmask | mask length>...
Page 267 GigaVUE-OS CLI Reference Guide Task Command If you specify a chain and rule, deletes the rule and renumbers rules to close the (config) # no ip filter gap. If you specify a chain only, deletes all the rules in that chain and resets the chain INPUT rule 3 chain's policy to the default.
Page 268 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the ip interface command: Argument Description ip interface alias <alias> Specifies the IP interface alias on the GigaVUE HC Series node to be used as the encapsulation or decapsulation port. attach <port-id>...
Page 269 GigaVUE-OS CLI Reference Guide (config ip interface alias test) # mtu 9400 (config ip interface alias test) # gsgroup add (config ip interface alias test) # netflow- exporter add exp1,exp2 (config ip interface alias test) # exit The following table summarizes other commands related to the ip interface command: Task Command Displays all IP interfaces.
Page 270 GigaVUE-OS CLI Reference Guide clear policy <policy> rule <append tail | insert <rule number> | set <rule number> | modify <rule number>> target <target> move <old rule number> to <new rule number> [comment <comment> | dest-addr <network prefix> <netmask> | dest-port <port or port range>...
Page 271 GigaVUE-OS CLI Reference Guide Argument Description FORWARD clear WARNING !! Clearing the ip filter INPUT chain may impact mgmt and clustering ports and operations!! Enter 'YES' to confirm this operation: o policy <policy>—Sets the policy (the default target) for a specified chain.
Page 272 GigaVUE-OS CLI Reference Guide Argument Description state <states> Netmask can be specified either as a netmask or a mask length (for example: 255.255.255.0 or /24). Dup-delete specifies that after adding or modifying a rule, delete all other existing rules that are duplicates of it. (Duplicates are otherwise not detected.) The available protocols are as follows: tcp, udp, icmp, igmpv6, ah, esp, all...
Page 273 GigaVUE-OS CLI Reference Guide Task Command Displays IPv6 information. # show ipv6 Displays active IPv6 default routes. show ipv6 default-gateway Displays configured IPv6 default routes. show ipv6 default-gateway static Displays DHCP configuration information. show ipv6 dhcp Displays IP filtering configuration or status. show ipv6 filter Displays IP filtering state (including unconfigured rules).
Page 274 GigaVUE-OS CLI Reference Guide Required User Level = Admin Use the job command to configure scheduled jobs. The job command has the following syntax: job <job ID> command <sequence #> <CLI command> comment <string> enable execute fail-continue name <friendly name> schedule type <daily | monthly | once | periodic | type | weekly>...
Page 275 GigaVUE-OS CLI Reference Guide Argument Description By default, a job halts as soon as any command in the job fails. name <friendly name> Configures a friendly name for a job. For example: (config) # job 12 name MyJob schedule type <daily | monthly | once | Configures the type of schedule on which a job periodic | weekly>...
Page 276 GigaVUE-OS CLI Reference Guide Argument Description (config) # job 12 schedule monthly time 10:03:22 (config) # job 12 schedule monthly interval 3 (config) # job 12 schedule monthly start date 2014/12/2 (config) # job 12 schedule monthly end date 2014/12/2 For day-of-month, you can specify days as a number from 1 to 28.
Page 277 GigaVUE-OS CLI Reference Guide Argument Description schedule periodic interval <time Sets the time interval between executions of the periodic interval> | schedule periodic start date job, or sets the date and time range within which the <yyyy>/<mm>/<dd> [time periodic job is eligible to execute. <hh>:<mm>:<ss>] schedule periodic end For example: date...
Page 278 GigaVUE-OS CLI Reference Guide Task Command Deletes a comment associated with a job. (config) # no job 12 comment Disables a job. (config) # no job 12 enable Returns execution to the default behavior. (config) # no job 12 fail-continue Deletes the name of a job.
Page 279 GigaVUE-OS CLI Reference Guide Refer to the “LDAP” section in the GigaVUE Fabric Management Guide for examples of adding and configuring an LDAP server. The ldap command has the following syntax: ldap base-dn <string> bind-dn <string> bind-password <string> extra-user-params roles enable group-attribute <<string>...
Page 280 GigaVUE-OS CLI Reference Guide Argument Description <<string> | member | specify a value for group-dn, the attribute you name here will be checked to see uniqueMember> whether it contains the user’s distinguished name as one of the values in the LDAP server.
Page 281 GigaVUE-OS CLI Reference Guide Argument Description admin : If a user account exists on the remote server as well as on the local device, the remote user will be mapped to the local account, regardless of the LDAP mapping policy. scope <one-level | Specifies the search scope for the user under the base distinguished name (dn): subtree>...
Page 282 GigaVUE-OS CLI Reference Guide Task Command additional roles for a remotely authenticated user enable in the response. Resets group membership attribute to use default (config) # no ldap group-attribute (member). Deletes the distinguished name group required for (config) # no ldap group-dn authorization.
Page 283 CD5H-NJUK-77XC-0UB1-EDMN-JUK7-7XC0-W3JC-5LNQ-RBJ7-XHY1-T7AU-KECM-N6JU-K741- 6L2G-RW60-Q3LC-A479-0L6E-HH70-W30E-9T8G-V20Q-UFEM-P78F-9Q86-GT6B-BH3Y-N8QQ- 9H20-056C-BHQQ-8KUV The key is generated by Gigamon. It consists of a long string beginning with LK2, which is a protocol, followed by the card or module (SMT_HC0_R), followed by the content of the license key. The following table describes the arguments for the license command:...
Page 284 GigaVUE-OS CLI Reference Guide Task Command Displays all installed # show license licenses. : The license type is displayed in the show license command output. For licenses obtained before 5.7 release, the license type field is displayed as NA. Displays the installed # show license box-id 1 licenses on a specified node.
Page 285 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the logging command: Argument Description <hostname, IPv4 or IPv6 Specifies the IP address for logging. Logged events are always written to the address> local log file. In addition, you can optionally specify an external syslog server as a destination for the GigaVUE HC Series node’s logging output.
Page 286 GigaVUE-OS CLI Reference Guide Argument Description (config) # logging 192.168.1.25 trap crit For example, the following commands specify a minimum severity level of information for events sent to an IPv6 hostname or IPv6 address: (config) # logging syslog.ipv6 trap info (config) # logging 2001:db8:a0b:12f0::85 trap info files delete <current | Deletes log files, configures the rotation of log files, and uploads log files to an...
Page 287 GigaVUE-OS CLI Reference Guide Argument Description level audit mgmt Specifies the minimum severity for a CLI command to be logged to the local <severity level> cli and remote syslogs. It also specifies the minimum severity of audit log commands <severity messages. level>...
Page 288 GigaVUE-OS CLI Reference Guide Severity Levels for Logging Commands Use the following severity levels with the logging local, logging trap, and logging level cli command commands: Log-Level Description emerg Emergency—the system is unusable. The severity level with the least logging. Only emergency level events/commands are logged.
Page 289 GigaVUE-OS CLI Reference Guide add gtp <apn <pattern>> [comment <comment>] <imei <number[*]>> <imsi <number[*]>> <interface <Gn | S11 | S5 | S10>> <msisdn <number[*]>> <eci><pattern> <plmn-id> <mcc.mnc> <tac><pattern> <percentage <percentage range>> <qci <value>> <version <1 | 2>> add sip <caller-id <caller ID>> <percentage <percentage range>> delete <gtp | sip>...
Page 290 GigaVUE-OS CLI Reference Guide add 5g <dnn <pattern>| type <supi | ran | all > add gtp <apn <pattern> | interface <Gn | S10 | S11 | S5> | version <1 | 2>> | type <imsi | ran | all > delete all add sip <all | callee-id | caller-id | dest-ip | ip-addr | src-ip>...
Page 291 GigaVUE-OS CLI Reference Guide Argument Description b-to-a <<ordered list of inline tools and For flexible inline arrangements, specifies the sequence of inline tool groups> | bypass | same | inline tools or inline tool groups through which the traffic reverse> will be guided between the respective inline network ports, as follows: ordered list of inline tools and inline tool groups—...
Page 292 GigaVUE-OS CLI Reference Guide Argument Description | S5 | S10> | version <1 | 2>] delete specified IMSI, IMEI, MSISDN subscriber IDs, Evolved <all | rule-id <rule ID>> Packet Core (EPC) interface or GTP version can also be specified. delete—Deletes all flowrules or a specified flowrule in a ●...
Page 293 GigaVUE-OS CLI Reference Guide Argument Description (config map alias to_vp) # type firstLevel byRule (config map alias to_vp) # to vp1 (config map alias to_vp) # from 1/1/x3 (config map alias to_vp) # rule add pass portsrc 2123 (config map alias to_vp) # rule add pass portsrc 2152 (config map alias to_vp) # exit Create a second level map that takes traffic from the...
Page 294 GigaVUE-OS CLI Reference Guide Argument Description <msisdn <number[*]>> <interface <Gn o To specify EPC interface types, use: Gn for Gn/Gp, S11 | S11 | S5 | S10>> <percentage for S11/S1-U, S5 for S5/S8, S10. <percentage range>> | <qci : Version and interface cannot be specified in <patttern>...
Page 295 GigaVUE-OS CLI Reference Guide Argument Description (config) # map alias map1 flowsample delete gtp (config) # map alias map1 flowsample delete gtp priority-id 2 insert—Inserts a new rule into a flow sampling map ● either before or after a specified priority ID. A priority ID indicates the order of rules in the map.
Page 296 GigaVUE-OS CLI Reference Guide Argument Description <5g> <dnn<pattern>> [comment value allowed for SST is 3 and SSD is 6. <comment>] <pei<number[*]>> o To specify NCI, use hexadecimal format and supports <supi<number[*]>> wildcard. The maximum characters allowed are 9, and the minimum length is 4. o To specify TAC, use hexadecimal format and supports wildcard.
Page 297 GigaVUE-OS CLI Reference Guide Argument Description <priority index> <sip> <caller-id sampling map to match specified caller IDs. Wildcard <caller ID>> <percentage <percentage suffixes are supported. The percentage of the flow to be range>> sampled must also be specified. For example: (config) # map alias map1 flowsample add sip caller-id * percentage 50 delete—Deletes all existing rules from a flow sampling...
Page 298 GigaVUE-OS CLI Reference Guide Argument Description Management Guide for details on inline-network-alias and inline-network-group-alias. For example: (config) # map alias map1 from port1 gsrule Adds or deletes a gsrule (GigaSMART rule). GigaSMART rules use Adaptive Packet Filtering to match specified add <drop | pass>...
Page 299 GigaVUE-OS CLI Reference Guide Argument Description (config map alias m1) # from vp1 (config map alias m1) # gsrule add pass pmatch string "\xff\xff\xfe" 29 (config map alias m1) # exit : The maximum number of gsrules that can be specified in a map is 5.
Page 300 GigaVUE-OS CLI Reference Guide Argument Description o b-to-a—Taps traffic from the b-to-a side of the source. to—Specifies the destination inline tools. The to ● parameter can be a regular tool port, a hybrid port, or a GigaStream on the same GigaVUE-OS node. tag—Specifies the OOB copy tag as follows: ●...
Page 301 GigaVUE-OS CLI Reference Guide Argument Description for rule criteria details. For example: (config) # map alias map1 (config map alias map1) # from 1/1/q1 (config map alias map1) # to 1/1/q2 (config map alias map1) # rule add pass vlan 100 comment “comment for rule”...
Page 302 GigaVUE-OS CLI Reference Guide Argument Description (config) # map alias add_header_1 rule delete rule-id 10..12 To delete multiple rules including ranges, use the ● following syntax: (config) # map alias add_header_1 rule delete rule-id 1,3,10..12 You can also obtain the rule ID for a specified map rule with the show map alias <alias>...
Page 303 GigaVUE-OS CLI Reference Guide Argument Description no rewrite-dstip | no rewrite-srcip rewrite-dstip x.x.x.x — Configure destination IP rewrite ● for all the pass rules associated with the map. rewrite-srcip x.x.x.x— Configure source IP rewrite for all ● the pass rules associated with the map. : The IP addresses 0.0.0.0, 255.255.255.255, and multicast are not accepted.
Page 304 GigaVUE-OS CLI Reference Guide Argument Description vport-alias—Sends matching GigaSMART traffic to the ● virtual port associated with the GigaSMART group. null-port—Drops traffic after the GigaSMART operation ● is performed on the traffic. This is applicable for regular maps and second-level maps. Refer to the “Associating Inline Networks with Inline Tools Using Inline Maps”...
Page 305 GigaVUE-OS CLI Reference Guide Argument Description Also specifies the optional map subtype, as follows: byRule—Specifies a rule-based map subtype, which is ● supported on the following: o firstLevel, inline, flexInline, and regular map types when using the map rule parameter. o secondLevel map type when using the gsrule parameter.
Page 306 GigaVUE-OS CLI Reference Guide Argument Description details on creating GigaSMART operations. For example: (config) # map alias map1 use gsop gsfilter whitelist add gtp <apn <pattern> | Adds or deletes a rule in a forward list map as follows: interface <Gn | S10 | S11 | S5>...
Page 307 GigaVUE-OS CLI Reference Guide Argument Description ● Each forward list map can contain only one rule, with ● either a GTP version or an EPC interface. The rule can also specify an APN. The rule cannot be edited. To edit a rule, first delete it, ●...
Page 308 GigaVUE-OS CLI Reference Guide Argument Description map based on callee or caller id. ip-addr—Specifies adding a rule (a pass rule) to a ● forward list map based on destination IP address. src-ip—Specifies adding a rule (a pass rule) to a forward ●...
Page 309 GigaVUE-OS CLI Reference Guide Task Command Displays all map counters. # show map stats Displays all flexible inline maps. # show map- flexinline Displays detailed information for a specified flexible inline map. # show map- flexinline alias FLEX1 Displays all flexible inline maps. # show map- flexinline all Deletes a specified map.
Page 310 GigaVUE-OS CLI Reference Guide Task Command Deletes the configured destination and source MAC Address. (config)# no rewrite-dstmac | no rewrite-srcmac Deletes the configured destination and source IP Address. (config)# no rewrite-dstip | no rewrite-srcip map rule The map rule command has the following syntax: rule add <drop | pass>...
Page 311 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the map rule command: Argument Description <drop | pass> Adds a map drop rule or a map pass rule. bidir Mirrors source and destination rules on Layer 2-Layer 3 address and port number. The bidir argument automatically creates a second map rule mirroring source arguments to destination (and vice-versa).
Page 312 GigaVUE-OS CLI Reference Guide Argument Description <comment> special characters. Comments longer than one word must be enclosed in double quotation marks. For example: (config) # map alias m1 rule add drop ipver 6 comment “Drop IPv6” dscp <af11 | af12 | af13 Creates a map rule pattern for a particular decimal DSCP value.
Page 313 GigaVUE-OS CLI Reference Guide Argument Description ip6src <IPv6 Creates a rule for either a source or destination IPv6 address or netmask. Enter address> <IPv6 IPv6 addresses as eight 16-bit hexadecimal blocks separated by colons. For netmask> example: ip6dst <IPv6 2001:0db8:3c4d:0015:0000:0000:abcd:ef12 address>...
Page 314 GigaVUE-OS CLI Reference Guide Argument Description first first- all-frag—Matches any fragment. ● frag first-or-no-frag all-frag-no-first—Matches all fragments except the first fragment in a packet. ● first-frag—Matches the first fragment of a packet. ● first-or-no-frag—Matches unfragmented packets or the first fragment of a ●...
Page 315 GigaVUE-OS CLI Reference Guide Argument Description : Rule based MAC rewrite feature is applicable only on pass rules To delete a rule based MAC address, re-write utilize the rule edit or delete command. rewrite-dstip <value> For IP Address rewrite, configure the destination and Source fields as follows: | rewrite-srcip rewrite-dstip x.x.x.x —...
Page 316 GigaVUE-OS CLI Reference Guide Argument Description Protocol number 17 used by IPv6, the next layer of protocol data is not always at a fixed offset as it is in IPv4. Protocol number 41 To address this, the GigaVUE HC Series node provides the <1-byte-hex> option to Protocol number 46 match against the standard hex values for these protocols in the Next Header field.
Page 317 GigaVUE-OS CLI Reference Guide Argument Description : Most network equipment now uses DSCP to interpret the TOS byte instead of the IP precedence and TOS value fields. For example: (config map alias mymap) # rule add pass tosval 0000 ttl <ttl | ttl1..ttl2> Creates a rule for the Time to Live (TTL—IPv4) or Hop Limit (IPv6) value in an IP packet, as a number between 0 and 255 as follows: If there is no ipver argument included in the map rule (or if it is set to 4),...
Page 318 GigaVUE-OS CLI Reference Guide The map gsrule command has the following syntax: gsrule add <drop | pass> comment <comment> erspan id <range <erspanid1..erspanid2>> | <value <1-1024>> ethertype <any | pos <1-6>> <range <2-byte-hex..2-byte-hex> <subset <even | odd | none>> | <value <2-byte-hex>>...
Page 319 GigaVUE-OS CLI Reference Guide vlan id <any | pos <1-4>> <range <vlan1..vlan2>> <subset <even | odd | none>> | <value <0- 4094>> vntag dvifid <any | pos <1-3>> <range <dvifid1..dvifid2>> <subset <even | odd | none>> | <value <0- 16384>> svifid <any | pos <1-3>>...
Page 320 GigaVUE-OS CLI Reference Guide Argument Description <af11 | af12 | af13 | af21 | af22 | You can also specify the field position for the attribute. Refer to af23 | af31 | af32 | af33 | af41 | af42 | Specifying Field Position for GSRule Criteria for details.
Page 321 GigaVUE-OS CLI Reference Guide Argument Description <netmask>> Specifying Field Position for GSRule Criteria for details. ipv4 tosval <any | pos <1-3>> <range Specifies an IPv4 ToS value Flow as a three-byte hex value. You <1-byte-hex..1-byte-hex>> can enter either a range or a single value. The TOS value is how <value <1-byte-hex..1-byte-hex>>...
Page 322 Use the string to pass all packets including the string ● begin..end> www.gigamon.com: (config map alias m1) # gsrule add pass pmatch string “www.gigamon.com” 0..1750 Use the RegEx to pass packets matching any phone number ● in the nnn-nnn-nnnn format: (config map alias m1) # gsrule add pass pmatch RegEx "^\d{3}-\d{3}-\d{4}$"...
Page 323 GigaVUE-OS CLI Reference Guide Argument Description to indicate that the pattern can be anywhere in the packet in that range. The begin..end specifies the start and end value of the range. ● Note the following: If a string is used in a rule (RegEx or string arguments) and ●...
Page 324 GigaVUE-OS CLI Reference Guide Argument Description start-of-match <offset>—specifies that masking will start at ● the offset number of bytes after the beginning of the matching pattern. The offset is from 0 to 1749. to—specifies that the next parameter (either end-of-match or ●...
Page 325 GigaVUE-OS CLI Reference Guide Argument Description For example: (config map alias mymap) # gsrule add pass pmatch RegEx a[gG]igamon|aGIMO\\s[a-f]\\d{4} 0..1750 pmatch-hint “gamon|GIM” For details on the pattern matching hint, refer to the “Pattern Matching Hint” section in the GigaVUE Fabric Management Guide.
Page 326 GigaVUE-OS CLI Reference Guide Refer to the following table for a summary of the maximum value allowed in the field position (pos argument) for each attribute supported. Maximum Attribute Occurrences Attributes in IPv4 header Attributes in IPv6 header Attributes in MAC header VLAN ID MPLS Label Attributes in Layer 4 port (l4port)
Page 327 GigaVUE-OS CLI Reference Guide Argument Description (config) # map-group alias mg1 comment Specifies a unique text string that describes the map group. Comments can be up to 128 <comment> characters. Comments longer than one word must be enclosed in double quotation marks. For example: (config) # map-group alias mg1 comment “Shared collector”...
Page 328 GigaVUE-OS CLI Reference Guide Use the map-passall command to send all packets on a network port to one or more tool ports or tool GigaStream irrespective of the maps already in place for the ports. Refer to the section “Working with Map-Passalls and Port Mirroring” in the GigaVUE Fabric Management Guide for a discussion of use cases for map-passalls.
Page 329 GigaVUE-OS CLI Reference Guide Argument Description (config) # map-passall alias map2 from port1 roles <assign | replace> <role> [to Assigns a user role to a map access list or replaces a map access <role list>] list. For example: (config) # map-passall alias map2 roles replace monitor to view_roles to <tool port list | gigastream-alias | Specifies the destination(s) for packets matching this map-...
Page 330 GigaVUE-OS CLI Reference Guide Command Comments (config) # map-passall alias mypass from 1/1/x1..x4 (config) # map-passall alias mypass to 1/1/x5 Map Prefix Mode Technique Configures a map passall from 1/2/x1 to 1/2/x2, 1/2/x3, 1/2/x4, and 1/2/x5. (config) # map-passall alias mypass2 (config map-passall alias mypass2) # from 1/2x1...
Page 331 GigaVUE-OS CLI Reference Guide Task Command Displays all map-passalls. # show map-passall all Display all map-passalls in table format. # show map-passall brief Deletes a specified map-passall. (config) # no map-passall alias mymap Deletes the comments for a specified map-passall. (config) # no map-passall alias mymap comment Deletes all sources configured for a specified map-...
Page 332 GigaVUE-OS CLI Reference Guide Argument Description For example: (config) # map-scollector alias scoll <port-id | port-alias | port-list | Specifies the destination(s) for packets matching this shared gigastream-alias | gigastream-alias-list collector map. Use one of the following: | inline-tool-alias | inline-tool-group- port-id, port-alias, port-list—Sends traffic to one or more tool ●...
Page 333 GigaVUE-OS CLI Reference Guide Argument Description For example: (config) # map-scollector alias scoll from inNet rewrite-dstmac <value> | rewrite-src For MAC Address rewrite ,configure the destination and mac <value> Source fields as follows: rewrite-dstmac xx:xx:xx:xx:xx:xx — Configure destination ● MAC rewrite for all the pass rules associated with the map. rewrite-srcmac xx:xx:xx:xx:xx:xx—...
Page 334 GigaVUE-OS CLI Reference Guide Task Command collector map. assign monitor Deletes all assigned roles from a specified shared (config) # no map-scollector alias mycoll roles collector map. assign all Deletes the configured destination and source MAC (config)# no rewrite-dstmac | no rewrite- Address.
Page 335 GigaVUE-OS CLI Reference Guide ipver <4 | 6> macdst <MAC address> <MAC netmask> macsrc <MAC address> <MAC netmask> portdst <0-65535 | x..y> portdst-subset <even | odd> portsrc <0-65535 | x..y> portsrc-subset <even | odd> protocol <ipv6-hop | icmp-ipv4 | igmp | ipv4ov4 | tcp | udp | ipv6 | rsvp | gre | icmp-ipv6> <1- byte-hex>...
Page 336 GigaVUE-OS CLI Reference Guide Also refer to inline-tool for information on enabling negative heartbeat and associating a negative heartbeat profile with an inline tool. The maximum number of negative heartbeat profiles supported is equal to the maximum number of inline tools, which is 48 on the GigaVUE-HC3, and 8 on the GigaVUE-HC1. This command is used in the inline bypass solutions described in Configure Inline Bypass Solutions...
Page 337 GigaVUE-OS CLI Reference Guide Argument Description not use the same PCAP file for both. The supported formats for download are HTTP, HTTPS, FTP, TFTP, SCP, and SFTP. Use the show nhb-profile command to display the name of the PCAP file from which the custom heartbeat packet was imported.
Page 338 GigaVUE-OS CLI Reference Guide Required Command-Line Mode = Configure Use the no command to clear, delete, or reset configuration settings in the GigaVUE-OS. Do this by prefacing the corresponding configuration command with the word no. For example, no map alias mymap deletes the map named mymap. : The GigaVUE HC Series replaces the delete command with the no command common to Cisco products.
Page 339 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the no service command: Argument Description no service tcp-small-servers Disables all small server services on TCP (including echo, chargen, discard, daytime, and time). For example: (config) # no service tcp-small-servers no service udp-small-servers Disables all small server services on UDP (including echo, chargen, discard, daytime, and time).
Page 340 GigaVUE-OS CLI Reference Guide Use the notifications command to configure notification settings. The notification receiver target is the consumer of the notifications, such as GigaVUE-FM. Log in to each GigaVUE-OS node individually to configure the settings. The notifications command has the following syntax: notifications enable target host <IPv4 address or hostname>...
Page 341 GigaVUE-OS CLI Reference Guide Related Commands The following table summarizes other commands related to the notifications command: Task Command Displays notification settings and connection # show notifications status. Disables notifications on a particular (config) # no notifications enable GigaVUE-OS node. Deletes a specified notification receiver target.
Page 342 GigaVUE-OS CLI Reference Guide Argument Description example: (config) # ntp disable enable Enables the use of NTP for synchronization of the system’s clock. For example: (config) # ntp enable server <hostname, IPv4 or IPv6 address> [disable | key Adds an NTP server to the GigaVUE HC <key number>...
Page 343 GigaVUE-OS CLI Reference Guide Task Command Disables NTP. (config) # no ntp enable Deletes the specified NTP server by IPv4 address. (config) # no ntp server 1.1.1.1 Deletes the specified NTP server by hostname. (config) # no ntp server time.windows.com Re-enables a specified NTP server.
Page 344 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the onie command: Argument Description reboot mode <debug | Specifies the ONIE reboot modes as follows: reinstall | uninstall | debug—reboots the white box into ONIE debug mode. ● update>...
Page 345 GigaVUE-OS CLI Reference Guide Packet capture is supported on GigaVUE-HC1, GigaVUE-HC1-Plus, GigaVUE-HC3, and GigaVUE TA Series nodes. It is supported on both standalone nodes and clusters. The port type used for packet capture can be tool, network, hybrid, inline tool, or inline network.
Page 346 GigaVUE-OS CLI Reference Guide Inline network groups are not supported. Specify up to 4 individual ports for packet ■ capturing. Q-in-Q packets cannot be captured in the egress port. ■ Bursty traffic (size > 6 MB per second) cannot be captured in the PCAP file. ■...
Page 347 GigaVUE-OS CLI Reference Guide ttl <ttl> vlan <vlan> The following table describes the arguments for the pcap command: Argument Description alias <alias> Specifies the name of the packet capture filter. For example: (config) # pcap alias issl_ack channel-port <port ID> Specifies the channel port identifier for the packet capture filter, in the format <bid/sid/pid>.
Page 348 GigaVUE-OS CLI Reference Guide Argument Description (config pcap alias issl_ack) # port 1/1/x1 tx filter Specifies the rules on which to filter traffic as follows: dscp <af11 | af12 | dscp—Specifies the decimal DSCP value. You can select any value within the ●...
Page 349 GigaVUE-OS CLI Reference Guide Argument Description o gre (0x2F) o icmp-ipv6 (0x3A) o A custom-defined value can also be defined in 1 byte hex. tcpctl—Specifies TCP control bits, such as SYN, FIN, ACK, URG, as 1 byte hex ● values. Rules using the tcpctl parameter must also specify the protocol as tcp. ttl—Specifies the Time to Live (TTL—IPv4) or Hop Limit (IPv6) value in an IP ●...
Page 350 GigaVUE-OS CLI Reference Guide ping6 Required Command-Line Mode = Enable Use the ping6 command to send a standard ICMPv6 ping message from the Mgmt port. The ping6 command has the following syntax: ping [-LUdfnqrvVaA] [-c count] [-i interval] [-w deadline] [-p pattern] [-s packetsize] [-t ttl] [-I interface] [-M mtu discovery hint] [-S sndbuf] [-F flow label] [-Q traffic class] [hop1 ...] destination...
Page 351 GigaVUE-OS CLI Reference Guide command. After a PLD upgrade, the node must be hard reloaded. This is also known as a hard power recycle. Issue the show pld command to display the PLDs that need to be upgraded, then only upgrade those. The pld command for GigaVUE-HC3,GigaVUE-HC1-Plus has the following syntax: upgrade slot <slot ID>...
Page 352 GigaVUE-OS CLI Reference Guide When a policy is triggered, an SNMP event can optionally be generated. The policy command has the following syntax: policy alias <alias> action add <action name> [param <param name> <param value>] .. [param <param name> <param value>] delete <action ID>...
Page 353 GigaVUE-OS CLI Reference Guide Argument Description policyAlias - The policy alias. Policy aliases specified in actions are ● not validated. Ensure that they exist and are valid. For details, refer to Specifying Keyword, policyAlias. portId - The port identifier, in the one of the following formats: ●...
Page 354 GigaVUE-OS CLI Reference Guide Argument Description the inline network. For details, refer to Specifying Keyword, oobTag. A policy is triggered if all the conditions are met, then all the actions are executed. Examples: (config) # policy alias p1 action add PortEnable param portId 1/1/x1 (config) # policy alias p1 action add MapDisable param mapId m1...
Page 355 GigaVUE-OS CLI Reference Guide Argument Description inlineToolGrpAlias - Alias of the inline tool group. For CLI commands ● to create an inline tool group, refer to inline-tool-group period - The number of seconds from 1 to 7200 (integers only). For ●...
Page 356 GigaVUE-OS CLI Reference Guide Argument Description For example: (config) # policy alias p1 reset all <enable | reset> Enables all policies or resets all policies. Examples: (config) # policy all enable (config) # policy all reset Related Commands The following table summarizes other commands related to the policy command: Task Command Displays all actions in brief format.
Page 357 GigaVUE-OS CLI Reference Guide Task Command Displays all specified Active Visibility policies. The output of the show # show policy policy command displays the following: if a policy has been triggered ● how many times a policy has run ● the last time a policy has run, which provides a history of the last 5 ●...
Page 358 (config) # no policy all enable port Required Command-Line Mode = Configure Use the port command to configure settings for ports on GigaVUE-OS HC Series line cards and modules, including aliases, port-filters, port parameters, and port types. The port command has the following syntax: port <port-id | port-alias | port-list>...
Page 359 GigaVUE-OS CLI Reference Guide vlan <value> announce-interval <value> delay-req-interval <value> sync-interval <value> tag-protocol-id <TPID value> timestamp <append-ingress | source-id <0-65535> | strip-egress> threshold [rx | tx] [drop | error] [count | percent] [value <value>] timestamp ingress insert ingress source-id <value> egress insert egress source-id <value>...
Page 360 GigaVUE-OS CLI Reference Guide Argument Description (config) # port 1/1/e1 alarm low-utilization-threshold 20 alias <alias Specifies an alias for a particular port. Aliases can be used in place of the numerical string> bid/sid/pid identifier required in many packet distribution commands in the CLI. For example, instead of configuring a map from, say, 1/1/x1 to 1/2/x4, you could create a map from Gb_In to Stream-to-Disk.
Page 361 GigaVUE-OS CLI Reference Guide Argument Description egress-vlan Enables outer VLAN stripping on specified egress ports. The egress port type must be tool or strip hybrid. Use the show egress-vlantag command to display the configuration of outer VLAN stripping on egress ports. Examples: (config) # port 1/2/x1 egress-vlan strip (config) # port 1/2/x2..x3 egress-vlan strip...
Page 362 GigaVUE-OS CLI Reference Guide Argument Description : Egress port filters are supported on GigaVUE-TA25, GigaVUE-TA25E,GigaVUE-HCT, and GigaVUE-HC1-Plus, except that a) VLAN rules are not supported with port filters and b) either IPv4 or IPv6 type port filter rules are supported only if L2 circuit encapsulation tunnels or GS maps are used else both IPv4 and IPv6 rules are supported.
Page 363 GigaVUE-OS CLI Reference Guide Argument Description support the breakout functionality 4x25G—Specifies the 4x25G port breakout mode. This mode provides a 4 x 25Gb breakout ● option for 100Gb QSFP28 SR ports. The 4x25G mode only applies to GigaVUE-TA200 , GigaVUE-TA25 and the PRT-HC3-C08Q08, PRT-HC3-C16, and SMT-HC3-C05 modules on GigaVUE-HC3.
Page 364 GigaVUE-OS CLI Reference Guide Argument Description mode <none The following is a 4x10G mode example: | 4x10G | (config) # port 1/1/c2 mode 4x10G 4x25G | In this example, the subports will be: 1/1/c2x1, 1/1/c2x2, 1/1/c2x3, and 1/1/c2x4. Once the 1/1/c2 2x40G>...
Page 365 GigaVUE-OS CLI Reference Guide Argument Description cannot change the port mode from 4x10G or 2x40G to none if there is an egress port filter configured on the subport. Remove the filter first, then change the mode. You cannot change the port mode from none to 4x10G or 2x40G if there is any traffic ●...
Page 366 GigaVUE-OS CLI Reference Guide Argument Description specification. o For 1Gb fiber ports, auto-negotiation is not supported on Gigamon Platforms.. Examples: (config) # port 7/1/x1 params autoneg disable (config) # port 1/2/g7 params autoneg enable discov Configures port discovery options on network, tool, or circuit type ports, as follows: cpd—Enables CDP port discovery.
Page 367 Gigamon discovery (GDP) on the port. ● disabl Gigamon discovery is disabled on the port by default. e> Gigamon discovery cannot be enabled on inline-tool and inline-network type ports. speed Sets the line speed of a port as follows: <10 | 10—10Mbps ●...
Page 368 GigaVUE-OS CLI Reference Guide Argument Description GigaVUE-TA25Edevices. In order to resolve this problem, first enable 40G speed in the GigaVUE-TA25 and GigaVUE-TA25E devices, then configure speed in the GigaVUE-HC3 device. Indicates whether the port is enabled for unidirectional (Ude) or bidirectional traffic. Enabled <enab means Ude;...
Page 369 GigaVUE-OS CLI Reference Guide Argument Description interv range is between -7 and 0 log seconds. For Domain 0, the default is -5. ● <valu For Domain 24-43, the default is -4. ● e> For example: (config) # port 1/1/c1 ptp sync-interval -4 thre <rx>...
Page 370 GigaVUE-OS CLI Reference Guide Argument Description ingres Configures ingress timestamp on a port. esta : Use these arguments for GigaVUE-TA200 devices. insert : Use the show timestamp brief command to display the PTP based timestamp information. For example: (config) # port 1/1/c3 timestamp ingress insert ingres Specifies a unique ID for the ingress timestamp.
Page 371 GigaVUE-OS CLI Reference Guide Argument Description Refer to the “Working with Hybrid Ports” section in the GigaVUE Fabric Management Guide. The inline-network and inline-tool type of ports can only be configured on GigaVUE HC Series nodes. Refer to the “Configuring Inline Bypass Solutions” chapter in the GigaVUE Fabric Management Guide.
Page 372 GigaVUE-OS CLI Reference Guide Task Command Displays all port parameters in table format. # show port Displays all port access. # show port access all Displays port access for a specified box. # show port access box-id 2 Displays port access for a specified box in table format. # show port access box-id 2 brief Displays port access for a specified port list.
Page 373 GigaVUE-OS CLI Reference Guide Task Command table format. 2/1/x1..x4 brief Displays port discovery information for the specified slot. # show port discovery slot 4 Displays port discovery information for the specified slot in # show port discovery slot 4 brief table format.
Page 374 GigaVUE-OS CLI Reference Guide Task Command port. Displays all port parameters that are in use by any maps for the # show port params box-id 2 in-use specified box. Displays all port parameters that are in use by any maps for the # show port params box-id 2 in-use specified box, in table format.
Page 375 GigaVUE-OS CLI Reference Guide Task Command Displays all port parameters for a specified port list in table # show port params port-list format. It also displays the ports and sub-ports in the specified 2/1/x1..x4 brief range. Displays all port parameters for a specified slot. # show port params slot 3 Displays all port parameters for a specified slot in table format.
Page 376 GigaVUE-OS CLI Reference Guide Task Command gs for GigaSMART engine port. Displays all port parameters that are not in use by any maps. # show port params unused Displays all port parameters that are not in use by any maps for # show port params unused type the specified port type: network, stack, tool, circuit, hybrid, inline-tool...
Page 377 GigaVUE-OS CLI Reference Guide Task Command Displays the VXLAN ID configured for the network port. # show port vxlan Displays buffer profile current information. # show profile current buffer all Displays a minute of buffer profile history information. # show profile history buffer 2/1/x1 Displays ports with modified buffer index.
Page 378 GigaVUE-OS CLI Reference Guide Task Command Unlocks a specified port. (config) # no port 1/1/x1 lock Does not allow any user to share lock privilege. (config) # no port 1/1/x1 lock-share all Does not allow a specified user to share lock privilege. (config) # no port 1/1/x1 lock-share user operator Clears the port breakout mode.
Page 379 GigaVUE-OS CLI Reference Guide Use the port-group command to create groups of network or tool ports. Ports can belong to multiple groups. However, you cannot mix port types in a single group, and the ports within a port group must be on the same chassis. Starting in software version 4.8, port groups used in GTP overlapping maps support GigaStream.
Page 380 GigaVUE-OS CLI Reference Guide Argument Description Refer to the “GigaSMART GTP Whitelisting and GTP Flow Sampling” section in the GigaVUE Fabric Management Guide. port-list <port-id | Specifies the ports to include in this port group. Use one of the following: port-alias | port-list | port-id, port-alias, port-list—Specifies a port using the standard conventions ●...
Page 381 GigaVUE-OS CLI Reference Guide Related Commands The following table summarizes other commands related to the port-group command: Task Command Displays port groups. # show port-group Displays detailed information for a specified port # show port-group alias pg1 group. Displays all port groups. # show port-group all Displays all port groups in table format.
Page 382 GigaVUE-OS CLI Reference Guide Use the port-pair command to configure a pair of network ports within the same ® GigaVUE-OS HC Series node. A port pair is a bidirectional connection in which traffic arriving on one port in the pair is transmitted out the other (and vice-versa) as a passthrough TAP.
Page 383 Required Command-Line Mode = Configure Required User Level = Admin Refer to the following sections for information about how to use the ptp command on the various Gigamon devices: Use ptp on GigaVUE-TA200 Devices ■ Use ptp on GigaVUE-TA200 Devices Use the ptp command to configure the PTP domain, clock mode, and priority on the GigaVUE-TA200 devices.
Page 384 GigaVUE-OS CLI Reference Guide mode <ordinary | boundary> local-priority <value> // Range is 1—255 priority2 <value> // Range is 0—255 The following table describes the arguments for the ptp command: Argument Description alias <string> Specifies the name of the PTP for a device. For example: (config) # ptp alias <string>...
Page 385 GigaVUE-OS CLI Reference Guide Argument Description <value> example, if there are two clocks in a network that match the default criteria, the clock that has the lower priority value will be selected as the primary source. The valid range is between 0 and 255.
Page 386: Radius Server
GigaVUE-OS CLI Reference Guide Task Command Clears the statistical counters for the specified PTP. (config) # clear ptp alias <string> counters Clears the PTP statistical counters for the specified (config) # clear ptp box-id <box-id/all> alias cluster. <string> counters Clears the PTP statistical counters for a list of PTP- (config) # clear ptp port-list <port-list>...
Page 387 Description Examples: (config) # radius-server host 1.1.1.1 (config) # radius-server host 2001:db8:a0b:12f0::11 key gigamon enableconfig) # radius-server host www.MyCo.com Specifies the UDP port number on which the RADIUS server is running. If included, the auth- port must be specified immediately after the host IP address. If you do not specify a port, the auth-port default RADIUS authentication port number of 1812 is used.
Page 388 GigaVUE-OS CLI Reference Guide Argument Description shared- Specifies a global shared secret string to be used for encryption of authentication packets secret sent between theGigaVUE HC Series node and all RADIUS servers. The global value can be <string> overridden with the shared secret specified in the radius-server host command. For example: (config) # radius-server shared-secret admin12 retransmit...
Page 389 Refer to the “Configure Gigamon Resiliency for Inline Protection” section in the GigaVUE Fabric Management Guide for details. The redundancy-profile command has the following syntax: redundancy-profile alias <alias>...
Page 390 GigaVUE-OS CLI Reference Guide Related Commands The following table summarizes other commands related to the redundancy-profile command: Task Command Displays redundancy profile and redundancy control state for an # show inline-network inline network. Displays all redundancy profiles. # show redundancy-profile Displays a specified redundancy profile.
Page 391 GigaVUE-OS CLI Reference Guide Argument Description (config) # reload (config) # reload force (config) # reload force immediate halt Stops all system activities without powering the system down. For example: (config) # reload halt reset Required Command-Line Mode = Configure Required User Level = Admin ®...
Page 392 GigaVUE-OS CLI Reference Guide Command Description (config) # reset factory all (config) # reset factory keep-all-config (config) # reset factory only-traffic : Using reset factory deletes passwords on user accounts. When you login with the admin account, you will be prompted for a new password through the jump-start script.
Page 393 GigaVUE-OS CLI Reference Guide After setting the console port to 9600 or 115,200 bps using the serial baudrate ■ command, the bootloader output will appear correctly on the connected serial console during a system boot provided the client application is set to run at a matching speed. When the serial baudrate is set to 9600 bps, you will need to press the spacebar twice ■...
Page 394 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the sffp profilecommand: Argument Description sffp-profile Specifies the name of the sffp profile. The alias must be unique and can contain up to 128 alias <alias> characters. Aliases are case-sensitive. For example: (config) # sffp-profile alias sffp-profile-1 profile <add |...
Page 395 GigaVUE-OS CLI Reference Guide Use the show command to view configuration and status information for GigaVUE-OS nodes. Configuration commands in the CLI have corresponding show commands that display the configured values and the current status. To match a keyword or a regular expression in the show command, use the option matching <regex>...
Page 396 GigaVUE-OS CLI Reference Guide Show Command Description to policy. box <box ID> [brief] | brief | slot <slot ID> [brief]] For usage examples, refer to filter-template. show apps show apps <asf | enhanced -asf | enhanced- lb | enhanced-slicing | exporter | gtp-whitelist | hsm | hsm-group | inline-ssl | keystore | listener | metadata | netflow | port-throttle | regex-profile | sip-whitelist | split-dms | ssl>...
Page 397 GigaVUE-OS CLI Reference Guide Show Command Description profile <alias <alias> [decryptlist | nodecryptlist] decryption is supported <domain name> | all> only for GEN 3 cards. session Refer to the GigaVUE- HC1 Hardware debug vport <vport alias> Installation Guide and match ipv4-src <IP addr/mask> ipv4-dst <IP addr/ GigaVUE-HC3 Hardware mask>...
Page 398 GigaVUE-OS CLI Reference Guide Show Command Description show apps split-dns profile <alias <alias> | all> For usage examples, refer apps split-dns show apps ssl For usage examples, refer key <alias <alias> | all> apps ssl. service <alias <alias> | all> stats [alias <alias> | all] show crypto acme client info Displays the acme client information and the status...
Page 399 GigaVUE-OS CLI Reference Guide Show Command Description show clock For usage examples, refer to clock. show cluster For usage examples, refer box-id <box ID> to cluster. configured global [brief] history [box-id <box ID>] local [error-status] leader node <node ID> standby show condition [alias <alias>...
Page 400 GigaVUE-OS CLI Reference Guide Show Command Description show environment Displays environment box-id <box ID> slot <slot ID> type <fan | information. temperature | voltage | psu> Command Line Reference show...
Page 401 GigaVUE-OS CLI Reference Guide Show Command Description show environment type psu psu-detail [all | psu-id] Displays the PSU diagnostic attributes parameters for all the PSU modules or for the specified PSU module id (psu-id). Depending on the number of PSU modules in the chassis, psu-id can be 1, 2, etc.
Page 402 GigaVUE-OS CLI Reference Guide Show Command Description state. This behavior is due to a voltage leak. In GigaVUE-HC3 node, the input under "voltage fault" is set only when there is a real under- voltage condition. In some modules, the ● temperature fault is latched, which means that if an over-...
Page 403 GigaVUE-OS CLI Reference Guide Show Command Description all brief show gsgroup For usage examples, refer alias <alias> to gsgroup. all Refer to “Viewing flow-ops-report alias <alias> type GigaSMART Statistics” flow-sampling | ssl-decryption <any | device-ip- section in the GigaVUE mask <IP address> <netmask> |flow-filtering <gtp- Fabric Management Guide imsi-pattern | imei-pattern | msisdn-pattern > ...
Page 404 GigaVUE-OS CLI Reference Guide Show Command Description show gsgroup flow-ops-report alias <alias> type flow- This command provides filtering any statistics the information about number of active sessions and number of maximum sessions available. Session Capacity Gen 2 Cards The session capacity is determined from the command: gsparam 3gpp-node-role-user...
Page 405 GigaVUE-OS CLI Reference Guide Show Command Description sampling | flow-filtering | lb | masking | slicing | strip- header | trailer | tunnel-decap | ssl-decrypt] by- gsgroup <GS group alias>> show gsparams [alias <alias> | all] For usage examples, refer to gsparams. Refer to the “Viewing GigaSMART Statistics”...
Page 406 GigaVUE-OS CLI Reference Guide Show Command Description show inline-serial [alias <alias> | all] For usage examples, refer to inline-serial. show inline-tool [alias <alias> | all] [brief] [vlan- For usage examples, refer mapping] to inline-tool. show inline-tool-group [alias <alias> | all] For usage examples, refer to inline-tool-group.
Page 407 GigaVUE-OS CLI Reference Guide Show Command Description show license [box-id <box ID>] For usage examples, refer to license. show load-balance port-group stats <alias> <port- For usage examples, refer group name> | all> to port-group. show log For usage examples, refer continuous [matching <reg exp> | not matching to logging.
Page 408 GigaVUE-OS CLI Reference Guide Show Command Description show ntp [configured] For usage examples, refer to ntp. show pld [slot <slotID>] For usage examples, refer to pld. show policy [alias <alias> | detail] For usage examples, refer to policy. show port access [all | box-id <box ID> [brief] | port- For usage examples, refer list <port list>...
Page 409 GigaVUE-OS CLI Reference Guide Show Command Description show profile <current | history> buffer [port-list For usage examples, refer <min | hour | day | week | cur>] | <all> port [port- card (GigaVUE-OS® list <min | hour | day | week | cur>] | HC Series) and port.
Page 410 GigaVUE-OS CLI Reference Guide Show Command Description show tacacs For usage examples, refer to tacacs-server. show terminal For usage examples, refer to terminal. show timestamp [box-id <box ID>] For usage examples, refer to timestamp. show tool-mirror [alias <alias> | all | brief] For usage examples, refer to tool-mirror.
Page 411 GigaVUE-OS CLI Reference Guide GigaVUE V Seriesshow Required Command-Line Mode = Standard Use the show command to view configuration and status information for GigaVUE V Series Nodes Configuration commands in the CLI . The following table describes the show diag commands: Show Command Description show diag...
Page 412: Snmp-Server
GigaVUE-OS CLI Reference Guide snmp-server Required Command-Line Mode = Configure Use the snmp-server command to configure all SNMP-related functionality on the GigaVUE-OS node, including enabling SNMP generally, adding notification destinations, specifying notification events, adding standard MIB-II contact/location info, and enabling the system’s SNMP server so that management stations can poll the GigaVUE-OS node remotely using standard SNMP commands (Get, GetNext, Walk, and so on).
Page 413 GigaVUE-OS CLI Reference Guide On upgrading GigaVUE-OS devices from software version 6.3.00 to 6.4.00: SNMPv3 host requires SNMPv3 users to be created in the system. If SNMPv3 users are not already created in software version 6.300 or lower, then on upgrading to software version 6.4.00, the users will be created by the system based on SNMPv3 host configuration.
Page 414 GigaVUE-OS CLI Reference Guide Argument Description host Adds a destination for SNMP notifications. <IPv4 / IPv6 address or Hostname> Specifies the IPv4 address, IPv6 address, or the hostname of this destination for SNMP traps. You can specify multiple destinations, each with its own trap version and community string.
Page 415 GigaVUE-OS CLI Reference Guide Argument Description Also specifies the version of SNMP to use. You can specify either version 2c or 3. The default is version 2c. For example: (config) # snmp-server host 1.1.1.1 traps If you specify 3, you must specify user name and other settings to be sent with the notification.
Page 416 GigaVUE-OS CLI Reference Guide Argument Description destinations in the following situations: Each time a port’s link status changes from up ● to down or vice-versa. Each time a port’s speed changes. ● : The portlinkchange trap is not sent when the Management port’s link status changes.
Page 417 GigaVUE-OS CLI Reference Guide Argument Description Description—provides the description of the ● trap Port Name—specifies the port name of the ● interface where the packet was dropped Counter—provides the number of packets ● dropped during the 30 seconds interval gsisslresourceutilization Sends a SNMP notification to all configured destinations when there is an Inline SSL resource utilization overload in the GigaSMART.
Page 418 GigaVUE-OS CLI Reference Guide Argument Description Utilization alarms are written to syslog and forwarded to all SNMP management stations configured as trap destinations. : Network ports always use an Rx threshold; tool ports always use Tx. Refer to the “Working with Port Utilization Measurements”...
Page 419 The user can then manually put the inline tool back into service. gdpupdate Sends an SNMP notification to all configured destinations each time a new Gigamon discovery neighbor is discovered or Gigamon discovery information for an existing neighbor is changed or expired.
Page 420 GigaVUE-OS CLI Reference Guide Argument Description GigaVUE-HC1-Plus, GigaVUE-HC3,GigaVUE-TA25,GigaVUE-TA25E, GigaVUE-OS-TA100, , GigaVUE-TA200, or GigaVUE-TA200E ambient temperature reaches warning, alert, and critical thresholds. Refer to the device Hardware Installation Guide for details. netflowoutofresource Sends an SNMP notification to all the configured destinations each time when the resource allocation fails in the NetFlow application.
Page 421 GigaVUE-OS CLI Reference Guide Argument Description GigaSMART engine reaches warning, alert, and critical thresholds. Refer to the device Hardware Installation Guide for details. eporttemp * Sends an SNMP notification to all configured destinations each time the temperature of the GigaVUE-HC1, GigaVUE-HC1-Plus, GigaVUE-HC3 GigaSMART engine ports (e1 and e2) reach warning, alert, and critical thresholds.
Page 422 GigaVUE-OS CLI Reference Guide Argument Description cluster-role-change Sends an SNMP notification to all configured destinations each time there is a cluster role change event. cluster-node-leave Sends an SNMP notification to all configured destinations each time a node leaves a cluster. cluster-node-join Sends an SNMP notification to all configured destinations each time a node joins a cluster.
Page 423 GigaVUE-OS CLI Reference Guide Argument Description process threshold values. Refer to the device Hardware Installation Guide for details. process-mem-threshold Sends an SNMP notification to all configured destinations each time the control card memory utilization exceeds the pre-configured process threshold values. system-cpu-threshold Sends an SNMP notification to all configured destinations each time the control card CPU...
Page 424 GigaVUE-OS CLI Reference Guide Argument Description throttled. Type throttle event ? to see the list of available events. interval—Configures the throttling time ● interval. report-threshold—Configures the threshold ● count to enable throttle reporting. Sents the report only when the number of traps exceeds or matches the configured threshold count.
Page 425 GigaVUE-OS CLI Reference Guide Related Commands The following table summarizes other command related to the snmp-server command: Task Command Displays SNMP configuration information. # show snmp Displays the SNMP engine ID for the local system. # show snmp engineID Displays the events for which SNMP traps will be sent. # show snmp events Displays SNMP host settings.
Page 426 GigaVUE-OS CLI Reference Guide Task Command Disables the sending of a trap for a specified event. (config) # no snmp-server notify event cputemp Disables the throttling for a specified event (config) # no snmp-server throttle event Disables the SNMP traps notification when the GigaSMART engine (config) # no snmp-server notify port utilization reaches the high threshold value.
Page 427 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the spine-link command: Argument Description alias <alias> Specifies an alias for the spine link. For example: (config) # spine-link alias leaf1spine comment Adds a comment to a spine link. Comments can be up to 128 characters. Comments longer <comment>...
Page 428 GigaVUE-OS CLI Reference Guide client ciphers <aes128-cbc | aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc | aes256-ctr | aes256-gcm> global <host-key-check <yes | no | ask> | known-host <known host entry>> user <username> <authorized-key sshv2 <public key> | identity <rsa2 | ecdsa> <generate | private-key [private key] | public-key <public-key>>| known-host <known host>...
Page 429 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the ssh command: Argument Description client ciphers Configures the ciphers to be used by the ssh client in the machine. The following ciphers are allowed in the "classic mode": aes128-cbc * aes128-ctr aes128-gcm@openssh.com...
Page 430 GigaVUE-OS CLI Reference Guide Argument Description ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 rsa-sha2-256 rsa-sha2-512 The following hostkey algos are allowed in the "secure crypto mode": ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 The following hostkey algos are allowed in the secure " FIPS mode": ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 client kex Configures the kex to be used by the ssh client in the machine.
Page 431 GigaVUE-OS CLI Reference Guide Argument Description hmac-sha2-512 The following macs are allowed in the "FIPS mode": hmac-sha2-256 hmac-sha2-512 client user <username> Adds the specified key to the list of authorized SSHv2 RSA or DSA public keys for <authorized-key sshv2 this user account. <public key>>...
Page 432 GigaVUE-OS CLI Reference Guide Argument Description The following ciphers are allowed in the "FIPS mode": aes128-cbc aes128-gcm@openssh.com aes256-cbc aes256-gcm@openssh.com server host-key Changes the SSH server host keys provided with the GigaVUE HC Series node, as rsa2 <private-key follows: [private key] | generate—Generates new RSA and DSA host keys.
Page 433 GigaVUE-OS CLI Reference Guide Argument Description The following kex are allowed in the "FIPS mode": ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 server macs Configures the macs to be used by the ssh server in the machine. The following macs are allowed in the "classic mode": hmac-sha2-256 hmac-sha2-512 The following macs are allowed in the "secure crypto mode":...
Page 434 GigaVUE-OS CLI Reference Guide Task Command Deletes a public key from an authorized key list for a (config) # no ssh client user monitor specified user. authorized-key sshv2 <public key ID> Deletes all SSH client identity keys for a specified (config) # no ssh client user monitor identity user.
Page 435 GigaVUE-OS CLI Reference Guide When using stack GigaStream for stack-links, you must create a stack GigaStream on each side of the stack-link and each side must consist of the same number of ports running at the same speed. The stack-link command is also used as part of the configuration of the leaf and spine architecture with multiple paths for achieving high availability in a cluster environment.
Page 436 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the stack-link command: Argument Description stack-link alias <stack alias> Specifies an alias for the stack-link. between <gigastreams <stack-link Specifies the two sides of the stack-link, either between gigastream> and <stack-link GigaStream or between ports.
Page 437 GigaVUE-OS CLI Reference Guide Use the system command to restart or expedite the relaunching of individual system processes, enable secure cryptography mode, secure passwords mode, or configure arp/ndp refresh interval on the GigaVUE-OS node. The system command has the following syntax: system process <process name>...
Page 438 GigaVUE-OS CLI Reference Guide Argument Description (config) # system process restapid restart snmpd Restarts the SNMP agent daemon (snmpd) process or expedites the relaunching of this restart process. For example: (config) # system process snmpd restart sshd restart Restarts the SSH daemon (sshd) process or expedites the relaunching of this process. For example: (config) # system process sshd restart ugwd...
Page 439 GigaVUE-OS CLI Reference Guide Argument Description hmac-sha1 MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1 By default the device is in classic mode, the following algorithms are enabled: KexAlgorithms ecdh-sha2-nistp256 ecdh-sha2-nistp384 ,ecdh-sha2-nistp521 diffie-hellman-group14-sha256 MACs hmac-sha2-512 hmac-sha2-256 MACs hmac-sha2-512,hmac-sha2-256 : This configuration is allowed only when system is running in the classic mode. To check the system mode use show system security command.
Page 440 GigaVUE-OS CLI Reference Guide Argument Description (config) # system stacking-mode legacy Selects the default stacking mode. : After user confirmation the system stacking-mode legacy command immediately resets the traffic configuration and initiates a cluster reload of all nodes. After the cluster is up, the configuration saved in the backup file must be applied manually to restore the traffic configuration.
Page 441 GigaVUE-OS CLI Reference Guide Argument Description <3~30> When an IP interface is configured, Neighbor Solicitation (NS) packets are sent out on the IP interface associated with tool port to find the gateway MAC address, and Neighbour Solicitation (NS) packets are sent out on the IP interface to find the local tool address. In response, the gateway sends an Neighbor Advertisement (NA) packet and the control card tries to match the IP interface's IP address with the IP address of the received NA message.
Page 442: System-Health
GigaVUE-OS CLI Reference Guide system-health Use the system-health command to enable system health threshold checks for a specified node or for each node in a cluster. The system-health command has the following syntax: system-health box-id <box ID> threshold enable threshold enable The following table describes the arguments for the system-health command: Argument Description...
Page 443: Tacacs-Server
The tacacs-server command has the following syntax: tacacs-server extra-user-params roles enable host <IPv4/IPv6 address or hostname> [auth-port <port number> auth-type <ascii | pap> enable shared-secret <string> prompt-secret retransmit <retries> timeout <seconds>] shared-secret <nstring> retransmit <retries> service <gigamon | shell> timeout <seconds> Command Line Reference tacacs-server...
Page 444 Examples: (config) # tacacs-server host 192.168.0.93 (config) # tacacs-server host 2001:db8:a0b:12f0::11 key gigamon enable (config) # tacacs-server host www.MyCo.com auth-port Specifies the UDP port number on which the TACACS+ server is running. If <port- included, the auth-port must be specified immediately after the host IP address.
Page 445 Specifies the authorization service that will be used for TACACS. By default, this is shell> set to shell, which works for Cisco ACS 3.x. You must set it to gigamon for successful integration with Cisco ACS 5.3 or later. The gigamon setting also works for ACS 3.x.
Page 446 GigaVUE-OS CLI Reference Guide Related Commands The following table summarizes other commands related to the tacacs-server command: Task Command Displays TACACS+ servers and settings. # show tacacs Disables handling of extra user parameters sent from the (config) # no tacacs-server extra-user- TACACS+ server.
Page 447 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the terminal command: Argument Description length <number of lines> Specifies an override of the auto-detected length of the terminal. Specify the length in number of lines. For example: (config) # terminal length 80 resize Specifies a reset of the terminal dimensions to the current window.
Page 448: Time Stamp
GigaVUE-OS CLI Reference Guide The following table describes the arguments for the threshold command: Argument Description Configures threshold parameters for rx direction. Configures threshold parameters for tx direction. drop Configures the drop threshold parameters. error Configures the error threshold parameters. global | circuit | hybrid | inline-net | inline- Configures threshold parameters as follows: tool | network | stack | tool | gs...
Page 449 GigaVUE-OS CLI Reference Guide Use the timestamp command to select the input on the HCCv2 control card used for the external PPS source and, if necessary, configure an offset for the PPS source. The system automatically uses its internal PPS source until an external source is selected using the timestamp command.
Page 450 GigaVUE-OS CLI Reference Guide valid signal is not present on the selected external input. Related Commands The following table summarizes other commands related to the timestamp command: Task Command Displays time and PPS source. # show timestamp Displays timestamp information for a specified box. # show timestamp box-id 1 tool-mirror Required Command-Line Mode = Configure...
Page 451 GigaVUE-OS CLI Reference Guide Argument Description inline-network-alias—Specifies the source tool ports using the ● specified inline network alias. inline-network-group-alias—Specifies the source tool ports using ● the specified inline network group alias. to <port-id | port-alias | port-list | Specifies the destination tool port(s) for the tool-mirror. Use one of gigastream-alias | gigastream- the following: alias-list | inline-tool-alias |...
Page 452 GigaVUE-OS CLI Reference Guide Task Command Displays all tool-mirrors. # show tool-mirror all Displays all tool-mirrors in table format. # show tool-mirror brief Deletes a specified tool-mirror. (config) # no tool-mirror alias Tmirr Deletes all tool-mirrors. (config) # no tool-mirror all traceroute Required Command-Line Mode = Enable Use the traceroute command to trace the route packets take to a destination.
Page 453 GigaVUE-OS CLI Reference Guide L2-Circuit Tunnel L2-Circuit tunnel is a type of tunnel that uses circuit-ID to encapsulate the traffic. These tunnels are bidirectional. For details about the L2-Circuit tunnels, refer to the “About Circuit- ID Tunnels” section in the GigaVUE Fabric Management Guide. Configure L2-Circuit Tunnel for Encapsulation Create an L2-Circuit tunnel for encapsulation using the tunnel command, which has the following syntax:...
Page 454 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the L2-Circuit tunnel for decapsulation using the tunnel command: Argument Description tunnel alias <alias> decap l2- Specifies an alias for the circuit tunnel. The alias must be unique and circuit can contain up to 128 characters.
Page 455 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the L2GRE tunnel for encapsulation using the tunnel command: Argument Description tunnel alias <alias> Specifies an alias for the L2GRE tunnel. The alias must be unique and can contain up encap l2gre to 128 characters.
Page 456 GigaVUE-OS CLI Reference Guide The following table describes the arguments for the L2GRE tunnel for decapsulation using the tunnel command: Argument Description tunnel alias <alias> Specifies an alias for the L2GRE tunnel. The alias must be unique and can contain up decap l2gre to 128 characters.
Page 457 GigaVUE-OS CLI Reference Guide Argument Description <l2gre-group-name> add <l2gre-id-list> Adds the L2GRE IDs for the device. The range is 1 to 4294967295. For example: (config tunnel l2gre [box-id <id|all>] l2gre-group alias <l2gre- group-name>) #add <l2gre-id-list> comment <description> Specifies the description for the L2GRE group. For example: (config tunnel l2gre [box-id <id|all>] l2gre-group alias <l2gre- group-name>) #comment <description>...
Page 458 GigaVUE-OS CLI Reference Guide Argument Description exit Exits the L2GRE ID configuration. For example: (config) # tunnel l2gre box-id <id> global-encap-id <l2gre ID> #exit : To configure L2GRE ID for a network port, refer toport. Virtual Extensible LAN (VXLAN) Tunnel VXLAN is a simple tunneling mechanism that allows overlaying a Layer 2 (L2) network over a Layer 3 (L3) underlay with the use of any IP routing protocol.
Page 459 GigaVUE-OS CLI Reference Guide Argument Description attach <ip-interface- Specifies the IP interface to which you have attached the circuit port you have name> configured on the device. For example: (config tunnel alias <alias> encap vxlan) # attach <ip-interface- name> ipdst <destination IP Specifies the IP address of the destination device of the tunnel.
Page 460 GigaVUE-OS CLI Reference Guide Argument Description comment Specifies a description for the VXLAN tunnel. <description> For example: (config tunnel alias <alias> decap vxlan) # comment <description> attach <ip- Specifies the IP interface to which you have attached the circuit port you have interface-name>...
Page 461 GigaVUE-OS CLI Reference Guide Argument Description For example: (config tunnel vxlan [box-id <id|all>] vxlan-group alias <vxlan- group-name>) #comment <description> delete <vxlan-id-list> Deletes the specific VXLAN group. For example: (config tunnel vxlan [box-id <id|all>] vxlan-group alias <vxlan- group-name>) #delete <vxlan-id-list> exit Exits the VXLAN group configuration.
Page 462 GigaVUE-OS CLI Reference Guide The following table summarizes other commands related to the tunnel command: Task Command Displays all circuit tunnels. (config) # show tunnel Displays the specific tunnel alias. (config) # show tunnel <alias> Displays statistics specific to the given tunnel alias. (config) # show tunnel stats <alias>...
Page 463 GigaVUE-OS CLI Reference Guide Use the tunnel-endpoint command to configure a tunnel endpoint that is a destination for traffic from a L2GRE tunnel. Using stateless or stateful load balancing, GigaSMART can be configured to distribute the traffic from a tunnel to multiple tunnel endpoints. There is no mapping of a tunnel endpoint to a GigaSMART group (gsgroup).
Page 464 GigaVUE-OS CLI Reference Guide Task Command Displays all tunnel endpoints. # show tunnel-endpoint Displays a specified tunnel endpoint by the alias. # show tunnel-endpoint alias Tunnel-endpoint1 Displays tunnel endpoints status. # show ip destination gsgroup <gsgroup-alias> Displays tunnel endpoints statistics. # show ip destination stats gsgroup <gsgroup- alias>...
Page 465 GigaVUE-OS CLI Reference Guide Use the username command to manage local user accounts on GigaVUE-OS nodes. You can configure different user account levels admin and monitor so that each user has — — rights that are appropriate for the type of work they will be doing with the system. You can also remove user accounts (or parts of their configuration) with the no username command.
Page 466 GigaVUE-OS CLI Reference Guide Argument Description : You cannot disable the admin account. full-name <full Specifies the full name for the account (sometimes referred to as the gecos). The full name name> string may contain spaces and other characters, but must be contained in quotation marks.
Page 467 GigaVUE-OS CLI Reference Guide Task Command Deletes the full name of the specified user. (config) # no username monitor full-name Deletes a specified authorization role from a specified (config) # no username monitor roles add user account. admin Deletes all authorization roles from a specified user (config) # no username monitor roles all account.
Page 468: Change Passwords
GigaVUE-OSGigaVUE-OS configuration wizardStep 1: Hostname? [gigamon] MyNodeStep 2: Management interface? [eth0]Step 3: Use DHCP on eth0 interface? noStep 4: Use zeroconf on eth0 interface? [no]Step 5: Primary IPv4 address and masklen? [0.0.0.0/0] 10.10.10.10/24Step 6: Default gateway? 10.10.10.1Step 7: Primary DNS server?
Page 469 GigaVUE-OS CLI Reference Guide Policy Description Password Standards Passwords must meet the following standards: include 8-64 characters ● include at least one numeral ● include at least one lower case letter ● include at least one upper case letter ● include at least one special character (for ●...
Page 470 GigaVUE-OS CLI Reference Guide Policy Description failure of some CLI commands, such as image fetch or configuration upload. : The monitor account is designed to give a read-only access to the GigaVUE-OS. The monitor account is disabled by default. To enable it, assign a password to the account.
Page 471 GigaVUE-OS CLI Reference Guide Reserved Characters in Passwords This section describes how to use the following reserved characters in passwords: ■ ■ " ■ There are two ways to include these characters in a password: 1. Enter the username without specifying the password In this technique, you issue the username command and include the password argument, but do not actually specify the password.
Page 472 GigaVUE-OS CLI Reference Guide vport Use the vport command to configure a GigaSMART virtual port used as an aggregation point for traffic directed to second level maps. Second level maps include an Adaptive Packet Filtering component (gsrule) or a GTP rule (flow-rule). This command does not apply to GigaVUE TA Seriesnodes.
Page 473 GigaVUE-OS CLI Reference Guide Argument Description (config) # vport alias vport1 failover-action vport-bypass : To configure the failover-action, first assign a gsgroup to the vport. mode gtp-overlap Specifies the GTP overlap mode. This is an optional mode to use with GTP forward listing and GTP flow sampling when multiple copies of a GTP packet need to be sent to more than one tool.
Page 474 Use the web command and its arguments to enable and configure the GigaVUE HC Series node’s onboard Web server used for GigaVUE-FM access to the node. GigaVUE-FM is Gigamon’s Web-based GUI for the GigaVUE HC Series node, providing graphical user interface configuration.
Page 475 GigaVUE-OS CLI Reference Guide session auto-logout <number of minutes> renewal <number of minutes> The following table describes the arguments for the web command. Argument Description auto-logout Specifies the maximum duration of user inactivity before a Web session is logged <number of out automatically.
Page 476 GigaVUE-OS CLI Reference Guide Argument Description port <port certificate system-self-signed—Specifies the system-self-signed certificate, ● number> which is automatically generated. require-dod-cert certificate regenerate—Regenerates the system-self-signed certificate used ● with HTTPS communications. enable—Enables the use of HTTPS for access to GigaVUE-FM. This setting does ●...
Page 477 GigaVUE-OS CLI Reference Guide Argument Description proxy Configures Web proxy settings to be used for HTTP or FTP downloads. auth First, set a proxy to be used with the web proxy host <IPv4 or IPv6 address> authtype <none | command. If you do not specify a port, the default is 1080. basic>...
Page 478 GigaVUE-OS CLI Reference Guide Task Command Deletes supplemental CA certificates from the HTTPS client. (config) # no web client ca- list Disables verification of server certificates during HTTPS file transfers. (config) # no web client cert-verify Disables the availability of the Web-based GigaVUE-FM GUI for (config) # no web enable GigaVUE-OS nodes.
Page 479 GigaVUE-OS CLI Reference Guide write Required Command-Line Mode = Configure Use the write command to save changes to the running configuration as well as to display the commands necessary to recreate the current running configuration. : The write command provides similar functionality to the configuration write command.
Page 480 GigaVUE-OS CLI Reference Guide GigaVUE-OS CLI—Configuration Examples This chapter provides examples of how to configure the different features using the GigaVUE-OS CLI. Refer to the following sections: Configure Flow Mapping® ■ Configure Active Visibility ■ Configure GigaStream ■ Configure Ingress and Egress VLAN ■...
Page 481 GigaVUE-OS CLI Reference Guide How to Create Map Rules for RTP Traffic ■ IPv4 Criteria with GigaSMART Operation ■ MAC Address Criteria with GigaStream ■ IPv6 Criteria ■ Related Topics Refer to the “Managing Maps” section in the GigaVUE Fabric Management Guide for ■...
Page 482 GigaVUE-OS CLI Reference Guide Figure 1 Using the ? Mark Technique with the Map Prefix Mode You can use the exit command to exit the map prefix mode. The changes only take effect when you exit. : It is recommended that you do not rename the maps with a prefix, “FM-Auto” through GigaVUE-OS CLI to avoid issues in using the Fabric maps solution.
Page 483 GigaVUE-OS CLI Reference Guide Description Command configure the destination ports using standard port-list collector) # collector 14/6/x8 conventions. : You could also specify a GigaStream as the shared-collector destination. Exit the map prefix mode. (config map-scollector alias shared_ collector) # exit Once the shared collector is set up, the CLI will display the newly configured map using the show map command.
Page 484 GigaVUE-OS CLI Reference Guide Refer to map-scollector on page 1276 the reference section for details on the syntax of ■ the flow map CLI command. Map Priority Packets matching multiple maps in a configuration are sent to the map with the highest priority when the network ports are shared among multiple maps with pass-by map rules.
Page 485 GigaVUE-OS CLI Reference Guide Maps sharing the same source port list are grouped together for the purpose of prioritizing their rules. Traffic is subjected to the rules of the highest priority map first and then the rules of the next highest priority map and so on. Within a map, drop rules are applied first and then pass rules, in other words, drop rules always have higher priority than pass rules.
Page 486 GigaVUE-OS CLI Reference Guide Currently when a map's source port list is defined the map is grouped/prioritized with other maps sharing the same source port list. Newly configured maps are added as the lowest priority map within the group when initially configured unless changed by the user. The command show map all displays maps within a group top to bottom from highest ■...
Page 487 GigaVUE-OS CLI Reference Guide Packets Matching Multiple Rules in Same Map Example Figure 2Packet Matching Multiple Rules in Same Map illustrates how Flow Mapping® handles a case where a packet matches multiple rules in the same map. In cases like this, the packet is sent to all configured destinations when the first pass rule is matched (assuming there were no matching drop rules –...
Page 488: Port Lists
GigaVUE-OS CLI Reference Guide Port Lists Many map commands require a port-list (for example, rule and shared-collector arguments all require them). You can define the port lists using any combination of the standard conventions: port-id <bid/sid/pid> port-alias <port-alias> port-list <bid/sid/pid_x..pid_y> (range) | <bid/sid/pid_x,bid/sid/pid_y,bid/sid/pid_z> (list) In the from argument of the map-passall command, you can specify a network port list ■...
Page 489 GigaVUE-OS CLI Reference Guide Command Comments (config map alias GbCnx) # to Stream-to-Disk Stream-to-Disk, respectively. (config map alias GbCnx) # rule add pass ipver 4 (config map alias GbCnx) # type regular byRule (config map alias GbCnx) # exit How to Add Comments to Map Rules You can add comments to map rules.
Page 490 GigaVUE-OS CLI Reference Guide Command (config) # map alias 1 gsrule add drop ipv6 flow-label any value 6 comment "Drop IPv6" (config) # map alias 1 flowrule add pass gtp imsi 123456 comment "Allow imsi 123456" (config) # map alias 1 flowrule add drop gtp imsi 123456 comment "Drop imsi 123456" (config) # map alias 1 rule add pass ipver 4 comment “Allow \“IPv4\””...
Page 491 GigaVUE-OS CLI Reference Guide Mixing Pass and Drop Rules GigaVUE-OS lets you mix pass and drop rules on a single port. Mixing pass and drop rules can be useful in a variety of situations. The following example shows a pass rule set up to include all traffic matching a particular source port range combined with a drop rule configured to exclude ICMP traffic.
Page 492 GigaVUE-OS CLI Reference Guide Command Comments (config) # port 1/1/x4 alias Stream- Configures port 1/1/x4 with the alias of Stream-to-Disk to-Disk (config) # map alias Gbmap Creates a regular map from 1/1/x1 to 1/1/x4 using their aliases of Gb_In and Stream-to-Disk, respectively. Notice that this map (config map alias Gbmap) # type does not have any rules –...
Page 493 GigaVUE-OS CLI Reference Guide User-Defined Pattern Match Syntax The user-defined pattern match syntax is as follows: [uda1-data <16-byte-hex>] [uda1-mask1 <16-byte-hex>][uda1-offset <2~110 bytes>][uda2-data <16-byte-hex>] [uda2-mask2 <16-byte-hex>][uda2-offset <2~110 bytes>] Both the udax-data and udax-mask arguments are specified as 16-byte hexadecimal ■ sequences. Specify the pattern in four 4-byte segments separated by hyphens. For example: 0x01234567-89abcdef-01234567-89abcdef Masks specify which bits in the pattern must match.
Page 494 GigaVUE-OS CLI Reference Guide You can use user-defined pattern matches as either standalone map rules or in tandem ■ with the other available predefined criteria for map rules (for example, port numbers, IP addresses, VLAN IDs, and so on). You can use up to two separate user-defined pattern matches in a single map rule. ■...
Page 495 GigaVUE-OS CLI Reference Guide User-Defined Pattern Match Examples In this example, a 3G carrier is monitoring the Gn interface between the SGSN and the GGSN in the mobile core network and wants to split traffic from different subscriber IP address ranges to different tool ports.
Page 496 GigaVUE-OS CLI Reference Guide Description Command The second rule matches the same address range (10.218.0.0) (config map alias GTP_Map218) # rule add but at the destination address offset of 66 in the GTP tunnel. passuda1-data 00000000-0ada0000- Notice that we have still specified the offset as 62 and have 00000000-00000000 uda1-mask 00000000- simply masked out to the correct location of the destination ffff0000-00000000-00000000 uda1-offset 62...
Page 497 GigaVUE-OS CLI Reference Guide UDA Pattern Match Criteria ■ Null Port in Maps ■ In addition, refer to the following sections for more examples of creating maps: User-Defined Pattern Match Examples ■ How to Handle Overlaps when Sending VLANs and Subnets to Different Tools Figure 4Sending Subnets and VLANs to Different Ports shows how to use map priority when...
Page 498 GigaVUE-OS CLI Reference Guide Figure 4 Sending Subnets and VLANs to Different Ports How to Create Map Rules for RTP Traffic You can use GigaVUE-OS to set map rules matching even or odd port numbers to focus on different aspects of VoIP traffic. VoIP implementations typically send RTP on even port numbers and RTCP on the next available odd port number.
Page 499 GigaVUE-OS CLI Reference Guide Table 1: Blocking RTP Traffic on Common Ports Command Description (config) # map alias no_rtp Enters the map prefix mode for a new map with the alias of no_rtp. (config map alias no_rtp) # type Specifies the map type and subtype. regular byRule (config map alias no_rtp) # from Applies the map to traffic arriving on network ports 1/4/x1 and 1/4/x2.
Page 500 GigaVUE-OS CLI Reference Guide Command: (config map macmap) # rule add drop macsrc 00:00:00:00:00:03 ffff.ffff.fffe Result: Packets with the following two MAC source addresses are dropped: 00:00:00:00:00:02 ■ 00:00:00:00:00:03 ■ All other MAC addresses will pass this filter. Example 2 – Pass Rule In this example, we will change the map rule action we set up in Example 1 –...
Page 501 GigaVUE-OS CLI Reference Guide 00:00:00:00:00:03 ■ 00:00:00:00:00:05 ■ 00:00:00:00:00:07 ■ 00:00:00:00:00:09 ■ 00:00:00:00:00:0b ■ 00:00:00:00:00:0d ■ 00:00:00:00:00:0f ■ All other MAC addresses will pass this map rule. Example 4 – Dropping Odd-Numbered MAC Addresses In this example, set up a rule that denies packets with a source MAC address matching that specified in the map rule.
Page 502 GigaVUE-OS CLI Reference Guide Result: Only packets from odd-numbered MAC source addresses will pass through this rule. All the even-numbered MAC source addresses are dropped. Example 6 – Allowing All Traffic to Pass Through Based on Wild-card MAC Address In this example, we will change the map rule action we set up a wild card MAC address for all traffic.
Page 503 GigaVUE-OS CLI Reference Guide (config) # gigastream alias gs1 port-list 1/2/x28..x32 params hash advanced (config) # map alias gigamon2 (config map alias gigamon2) # type regular byRule (config map alias gigamon2) # from 1/1/g1..g4 (config map alias gigamon2) # to 1/2/x4,1/2/x6,1/2/x8,gs1 (config map alias gigamon2) # rule add pass vlan 100 protocol tcp (config map alias gigamon2) # rule add pass macsrc 00:11:22:33:44:55 ffff.ffff.ffff (config map alias gigamon2) # exit...
Page 504 GigaVUE-OS CLI Reference Guide (config) # map alias map_null (config map alias map-null) # type regular (config map alias map-null) # from 1/2/x4 (config map alias <map-alias>) # to null-port (config map alias <map-alias>) # use gsop gsop apf (config map alias <map-alias>) # rule add pass/drop vlan 10 (config map alias <map-alias>) # exit map-passalls and port mirrors How to Send All Traffic to IDS: map-passall...
Page 505 GigaVUE-OS CLI Reference Guide Figure 6 Existing Map on Network Port 1/2/x1 Complaints of slow response times on the network monitored by network port 1/2/x1 lead you to want to see all of the traffic rather than just the portions broken out by your maps. Because a packet goes only to the destination specified by the map with the highest priority, you cannot just create a new map with no rules to see all of the traffic on the port.
Page 506 GigaVUE-OS CLI Reference Guide Figure 7 Adding a Map-passall for Temporary Troubleshooting Example: How to work with Multiple Rules in the Same Map Rules created in the same map work as “AND”. This means, the Rule1 logic will use the cumulative "AND"...
Page 507 GigaVUE-OS CLI Reference Guide How to Send Tool-Port Filtered Traffic to Multiple Destinations: tool-mirror You can use the tool-mirror command to see the same tool-port-filtered data on multiple tool ports. Consider the following scenario: Network ports 1/3/x1..x3 have maps sending different data to tool port 1/3/x5. ■...
Page 508 GigaVUE-OS CLI Reference Guide Figure 9 Adding tool-mirrors to Multiple Tool Ports Example of Hybrid Ports In this example, the hybrid ports duplicate traffic from one network source after removing the MPLS header. Step Description Command Configure ports. (config) # port 17/1/x1 type network (config) # port 17/1/x2..x3 type hybrid (config) # port 17/1/x5..x6 type tool Create a GigaSMART group and...
Page 509 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias map1) # exit (config) # Create a second map. (config) # map alias map2 (config map alias map2) # type regular byRule (config map alias map2) # roles replace admin to owner_roles (config map alias map2) # rule add pass ipsrc 10.120.7.12 255.255.255.0...
Page 510 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias map3) # from 17/1/x3 (config map alias map3) # exit (config) # Display the configuration. show gsgroupshow gsopshow map Use the following command to display the GigaSMART group configuration: (config) # show gsgroup Port-Filter Examples The following table provides some examples of egress port-filters: Description...
Page 511 GigaVUE-OS CLI Reference Guide Refer to the policy in the reference section for details on the syntax of the policy CLI ■ command. Conditions Conditions in a policy are events that can trigger actions. Use the policy command with condition add to define the conditions in a policy. For example: (config) # policy alias MapMonitor condition add PortDown param portId 2/3/q2 For example, refer to the template for the PortDown condition as follows: The link of port <$portId$>...
Page 512 GigaVUE-OS CLI Reference Guide Specifying Keyword, inlineToolGrpAlias The mandatory keyword, inlineToolGrpAlias, specifies an inline tool group configured, for example: (config) # policy alias p1 condition add InlineToolGrpDn param inlineToolGrpAlias itg1 Specifying Keyword, period The optional keyword, period, specifies a time in seconds, for example: (config) # policy alias MapMonitor condition add PortDown param portId 2/3/q2 param period Refer to the template for the PortDown condition as follows: The link of port <$portId$>...
Page 513 GigaVUE-OS CLI Reference Guide : For any discard, drop, or error condition, the values can only go up because they are counters that start at zero and are then incremented. Note that the counters for any discard, drop, or error condition can be cleared. To clear counters, use the following command: (config) # clear port stats Specifying Keyword, threshPct...
Page 514 GigaVUE-OS CLI Reference Guide Table 2: Cron Format Description Range Notes minute 0-59 hour 0-23 day of the month 1-31 month of the year 1-12 or Jan, Feb...Dec day of the week where 1 = Monday, or Mon, Tue...Sun year 1900-3000 In addition to the numbers listed in the Range column, each field supports a wildcard (*) character.
Page 515 GigaVUE-OS CLI Reference Guide (config) # policy alias SingleUpPort condition add PortUp param portId 1/1/x1 Refer to the template for the PortUp condition as follows: The link of port <$portId$> is up for a period of [$period$] second(s). The following is an example of a range of ports. When all ports match, the condition is met. In this case, all ports means x1, x2, and x3.
Page 516 GigaVUE-OS CLI Reference Guide In the output of the show action command, the Template column displays the parameters that must be specified when defining the action in a policy. The template contains mandatory keywords, for example, <$mapAlias$>. The strings enclosed in dollar signs ($) are parameters that must be specified as part of configuring a policy.
Page 517 GigaVUE-OS CLI Reference Guide Enabling port <$portId$> admin. The following is an example of multiple ports. When all ports match, the action is executed. In this case, all ports means x1 and x3. (config) # policy alias policy3 action add PortEnable param portId 1/1/x1,1/1x3 Specifying Keyword, ruleId The mandatory keyword, ruleId, specifies a map rule identifier, for example: (config) # policy alias policy2 action add MapRuleDelete param ruleId 2 param mapAlias map1...
Page 518 GigaVUE-OS CLI Reference Guide (config) # policy alias p1 action add InlineToolEnable param inlineToolAlias IT1 Refer to the template for the InlineToolEnable action as follows: Enabling inline tool <$inlineToolAlias$> Specifying Keyword, inlineNetTrafficPath The mandatory keyword, inlineNetTrafficPath, specifies the traffic path for the inline network, for example: (config) # policy alias p1 action add InlineNetTrafficPath param inlineNetTrafficPath bypass param inlineNetAlias IN1...
Page 519 GigaVUE-OS CLI Reference Guide (config) # policy alias AddM1 action add FlexInlineOOBAddWithDirTag param mapAlias flexmap1 param oobFromAlias IN1 param oobDir a-to-b param oobTag as-inline param portId 20/3/q5 Refer to the template for the FlexInlineOOBAddWithDirTag action as follows: Create OOBCopy for map <$mapAlias$> from <$oobFromAlias$> for direction <$oobDir$> to OOBTool <$portId$>...
Page 520 GigaVUE-OS CLI Reference Guide Revert a Redundant Map Policy ■ Save Memory Policy ■ High Availability Policy ■ Tool Optimization Policy ■ Automated Monitoring Policy ■ Enable Map Based on Time Policy ■ Refer also to the following sections: Parameter Passing ■...
Page 521 GigaVUE-OS CLI Reference Guide (config policy alias OverloadedToolPort) # action add PortDisable param portId 1/1/x2 (config policy alias OverloadedToolPort) # enable (config policy alias OverloadedToolPort) # exit (config) # Weekend Policy Use the following steps to configure a weekend policy. The map, WeekendMap, would also have to be configured.
Page 522 GigaVUE-OS CLI Reference Guide Map Disable Policy Use the following steps to configure a policy for disabling a map when a tool port is down: Create the map and enable it: (config) # map alias map1 (config map alias map1) # from 2/3/g1 (config map alias map1) # to 2/3/g2 (config map alias map1) # rule add pass vlan 100 (config map alias map1) # enable...
Page 523 GigaVUE-OS CLI Reference Guide Save Memory Policy Use the following steps to configure a policy for saving memory: (config) # policy alias SaveMemory (config policy alias SaveMemory) # condition add TimeOfDay param timeStr “( 45 10 * * * * )” (config policy alias SaveMemory) # action add WriteMemory (config policy alias SaveMemory) # enable (config policy alias SaveMemory) # exit...
Page 524 GigaVUE-OS CLI Reference Guide (config policy alias HA2) # action add MapDisable param mapAlias map2 (config policy alias HA2) # action add MapEnable param mapAlias map1 (config policy alias HA2) # enable (config policy alias HA2) # exit (config) # Tool Optimization Policy Use the following steps to configure policies for tool optimization.
Page 525 GigaVUE-OS CLI Reference Guide Configure a map: (config) # map alias map1 (config map alias map1) # from 1/1/x1 (config map alias map1) # to 1/1/x2 (config map alias map1) # no enable (config map alias map1) # exit (config) # Configure the policy: (config) # policy alias AutoMon (config policy alias AutoMon) # condition add PortRxUtilHigh param portId 1/1/x1 param...
Page 526 GigaVUE-OS CLI Reference Guide Parameter Passing Parameters can be passed from a condition to an action in a policy. Parameter passing is currently only for ports. For example: (config) # policy alias PortPolicy (config policy alias PortPolicy) # condition add PortUp param portId any(1/1/x1..x3) (config policy alias PortPolicy) # action add PortDisable param portId &PortUp.portId&...
Page 527 GigaVUE-OS CLI Reference Guide Using the prefix mode is not recommended The changes only take effect when you exit. The following is an example of the prefix mode: (config) # policy alias policy1 (config policy alias policy1) # no enable (config policy alias policy1) # exit Edit the policy.
Page 528 You will get the following error message when you try to delete a IP profile that is associated with a gsgroup. gigamon-330312 [SA-UPN: leader] (config) # no upn-interface-profile alias test % UPN Interface profile test is in use, cannot remove.
Page 529 GigaVUE-OS CLI Reference Guide Regular GigaStream Configuration To configure a regular tool GigaStream, refer to the following example: Step Description Command Configure ports using type tool for a regular tool GigaStream. (config) # port 1/3/q2..q3 type tool Configure a regular GigaStream. (config) # gigastream alias stream1 port-list 1/3/q1..q4 Configure a comment for the...
Page 530 GigaVUE-OS CLI Reference Guide Advanced Hashing Both regular GigaStream and controlled GigaStream use advanced hashing, which lets you select the criteria on which the hash is based, such as source and destination IP address, source and destination MAC address, source and destination port, and The following table shows some different advanced-hash examples for regular GigaStream.
Page 531 GigaVUE-OS CLI Reference Guide VLAN Tags in Maps ■ Configure Egress Port VLAN Stripping ■ Related Topics Refer to the “Using Ingress and Egress VLAN” section in the GigaVUE Fabric ■ Management Guide for details on using ingress and egress VLAN. Refer to the port in the reference section for details on the syntax of the commands for...
Page 532 GigaVUE-OS CLI Reference Guide Table 6: Showing Ingress Port VLAN Tags Command Description (config) # show port params port-list 7/1/x1 Shows the VLAN tag associated with a specific port. (config) # show ingress-vlan-tag Shows all configured VLAN tags. TPID for Ingress Port VLAN Tagging The following example configures a TPID for ingress port VLAN tag: Table 7: Configuring Tag Protocol ID (TPID) Command...
Page 533 GigaVUE-OS CLI Reference Guide Table 10: Showing Tag Protocol ID (TPID) Command Description (config) # show tag-protocol-id Shows all configured TPID values. VLAN Tags in Maps Ingress port VLAN tags are supported in first level maps, including the following: ■ map-passall ■...
Page 534 GigaVUE-OS CLI Reference Guide Table 11: Enabling Egress Port VLAN Stripping Command Description (config) # port 1/1/c2 egress-vlan strip Enables outer VLAN stripping on a specified egress port. (config) # port 1/1/c3..c4 egress-vlan strip Enables outer VLAN stripping on a range egress ports. Once egress port VLAN stripping is enabled, it can be disabled with the no port <port ID>...
Page 535: Configuration Steps
GigaVUE-OS CLI Reference Guide Inline Bypass solutions involve bidirectional traffic between two networks, intercepted by a GigaVUE-OS node, and guided through one or more inline tools. Inline Bypass is supported on all GigaVUE HC Series nodes: GigaVUE-HC3, and GigaVUE-HC1. Refer to the following sections for details and examples of how to configure inline bypass solutions: Configuration Steps ■...
Page 536 GigaVUE-OS CLI Reference Guide Figure 10 Configuration Steps for Inline Bypass Solutions The configuration details for an inline bypass solution are as follows: 1Configure inline network ports. (Optional for protected inline network.) The configuration begins with defining the inline network ports that will participate in the inline network.
Page 537 GigaVUE-OS CLI Reference Guide For a protected inline network, the inline network is created automatically when the bypass combo modules are recognized by the GigaVUE HC Seriesnode. In either case, the inline network will have parameters set to default values, such as, the traffic-path parameter will be set to bypass and the physical-bypass parameter will be set to enable.
Page 538 GigaVUE-OS CLI Reference Guide The next configuration step is to configure inline maps that specify how to direct the traffic from the configured inline networks and inline network groups to the configured inline tools, inline tool groups, and inline tool series. You can configure either a map passall, a map (rule-based), or a map shared collector.
Page 539 Example 16: Asymmetrical Hashing in Inline Tool Group ■ Example 17: Maps to Individual Inline Tool Group Members ■ Example 18: Gigamon Resiliency for Inline Protection ■ Example 1: Unprotected Inline Bypass Example 1 is a simple, unprotected inline bypass solution. In the example, aliases are used for inline network ports (iN1 and iN2), inline tool ports (iT1 and iT2), inline network (inNet), inline tool (inTool), and inline map (inMap).
Page 540 GigaVUE-OS CLI Reference Guide Figure 11 Logical Bypass On GigaVUE-HC1, an unprotected inline bypass solution can be configured on the base module, with the inline networks and inline tools on ports 1/1/x1..x12 and 1/1/g1..g4, or on the bypass combo module on ports x1..x4. Step Description Command...
Page 541 GigaVUE-OS CLI Reference Guide Step Description Command (config map-passall alias inMap) # to inTool (config map-passall alias inMap) # exit Configure the path of the (config) # inline-network alias inNet traffic-path to- traffic to inline tool. inline-tool Display the configuration (config) # show port for this example.
Page 542 GigaVUE-OS CLI Reference Guide Step Description Command and enable heartbeat. (config) # inline-tool alias inTool heart-beat Configure map passall, from (config) # map-passall alias inMap inline network to inline tool. (config map-passall alias inMap) # from inNet (config map-passall alias inMap) # to inTool (config map-passall alias inMap) # exit (config) # Configure the path of the...
Page 543 GigaVUE-OS CLI Reference Guide Step Description Command (config) # port iT4 params admin enable Configure a custom (config) # hb-profile alias hb_custom heartbeat profile. (config hb-profile alias hb_custom) # custom-packet http://1.1.1.1/tftpboot/hbpackets/MyHBPacket.pcap (config hb-profile alias hb_custom) # packet-format custom (config hb-profile alias hb_custom) # exit (config) # Configure inline tools (config) # inline-tool alias inTool1 pair tool-a iT1 and tool-...
Page 544 GigaVUE-OS CLI Reference Guide Protected inline networks are based on the pairs of ports associated with the physical protection switches located on the bypass combo modules. Unlike the unprotected examples, you do not need to configure inline network ports because they are created automatically.
Page 545 GigaVUE-OS CLI Reference Guide Step Description Command Configure inline tool. Also (config) # inline-tool alias inTool1 specify the heartbeat (config inline-tool alias inTool1) # pair tool-a iT1 and profile, the negative tool-b iT2 heartbeat profile, enable (config inline-tool alias inTool1) # hb-profile hb2 heartbeat and negative (config inline-tool alias inTool1) # nhb-profile nhb1 heartbeat, and also enable...
Page 546 GigaVUE-OS CLI Reference Guide Step Description Command administratively enable (config) # port 3/1/x2 alias iN2 inline network ports. (config) # port iN2 type inline-network (config) # port iN2 params admin enable Configure inline network. (config) # inline-network alias inNet pair net-a iN1 and net-b iN2 Configure inline tool ports, (config) # port 3/1/x3 alias iT1...
Page 547 GigaVUE-OS CLI Reference Guide Step Description Command (config inline-tool-group alias inToolGroup) # hash advanced (config inline-tool-group alias inToolGroup) # minimum- group-healthy-size 2 (config inline-tool-group alias inToolGroup) # enable (config inline-tool-group alias inToolGroup) # failover- action tool-bypass (config inline-tool-group alias inToolGroup) # exit (config) # Configure map passall, (config) # map-passall alias inMap...
Page 548 GigaVUE-OS CLI Reference Guide Step Description Command administratively enable (config) # port iT1 params admin enable inline tool ports. (config) # port 3/1/x4 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable (config) # port 3/1/x5 alias iT3 (config) # port iT3 type inline-tool (config) # port iT3 params admin enable (config) # port 3/1/x6 alias iT4...
Page 549 GigaVUE-OS CLI Reference Guide Step Description Command action tool-bypass (config inline-tool-group alias inToolGroup) # exit (config) # Configure inline tool series (config) # inline-serial alias inSer and enable it. Then (config inline-serial alias inSer) # inline-tool-list configure failover action. inTool1,inToolGroup,inTool4 (config inline-serial alias inSer) # enable (config inline-serial alias inSer) # failover-action tool- bypass...
Page 550 GigaVUE-OS CLI Reference Guide Step Description Command Configure inline network. (config) # inline-network alias inNet pair net-a iN11 and net-b iN12 Configure inline tool ports, (config) # port 3/1/x3 alias iT1 port type (inline-tool), and (config) # port iT1 type inline-tool administratively enable (config) # port iT1 params admin enable inline tool ports.
Page 551 GigaVUE-OS CLI Reference Guide Step Description Command (config inline-serial alias inSer) # exit (config) # Configure map passall, (config) # map-passall alias inMap from inline network to (config map-passall alias inMap) # from inNet inline tool series. (config map-passall alias inMap) # to inSer (config map-passall alias inMap) # exit (config) # Configure the path of the...
Page 552 GigaVUE-OS CLI Reference Guide Step Description Command network), and (config) # port iN1 params admin enable administratively enable (config) # port 7/2/x20 alias iN2 inline network ports. (config) # port iN2 type inline-network (config) # port iN2 params admin enable Configure inline network.
Page 553 GigaVUE-OS CLI Reference Guide Step Description Command Disable physical bypass on (config) # inline-network alias default_inline_net_7_2_1 the default inline network physical-bypass disable aliases. (config) # inline-network alias default_inline_net_7_2_3 physical-bypass disable Display the configuration (config) # show inline-network-group for this example. (config) # show inline-tool (config) # show map Example 9: Inline Network Group (Many-to-Many)
Page 554 GigaVUE-OS CLI Reference Guide Step Description Command unprotected inline network network-list inNet,default_inline_net_7_2_1,default_ and two protected inline inline_net_7_2_3 networks. (config inline-network-group alias inNetGroup) # exit (config) # (Optional) Configure user- (config) # port 7/2/x1 ingress-vlan-tag 1201 defined VLAN tags. (config) # port 7/2/x20 ingress-vlan-tag 1202 (config) # port 7/2/x17 ingress-vlan-tag 1203 : The net-a and net- b ports can have the...
Page 555 GigaVUE-OS CLI Reference Guide Step Description Command (config map-passall alias inMap) # exit (config) # Configure the path of the (config) # inline-network alias inNet traffic-path to- traffic to inline tool. inline-tool (config) # inline-network alias default_inline_net_7_2_1 traffic-path to-inline-tool (config) # inline-network alias default_inline_net_7_2_3 traffic-path to-inline-tool Disable physical bypass on (config) # inline-network alias default_inline_net_7_2_1...
Page 556 GigaVUE-OS CLI Reference Guide Step Description Command (config) # port iT2 params admin enable Configure inline tool and (config) # inline-tool alias inTool pair tool-a iT1 and tool- enable it. b iT2 (config) # inline-tool alias inTool enable Enable default heartbeat. (config) # inline-tool alias inTool heart-beat Configure rule-based map, (config) # map alias inMap1...
Page 557 GigaVUE-OS CLI Reference Guide Step Description Command (config) # port iN2 type inline-network (config) # port iN2 params admin enable Configure inline network. (config) # inline-network alias inNet pair net-a iN1 and net-b iN2 Configure inline tool ports, (config) # port 7/2/x2 alias iT1 port type (inline-tool), and (config) # port iT1 type inline-tool administratively enable...
Page 558 GigaVUE-OS CLI Reference Guide the first inline tool, and a shared collector from the inline network to the second inline tool. Traffic that does not match the map rules will be sent to the shared collector, ensuring that all traffic is exchanged between side A and side B of the network. Step Description Command...
Page 559 GigaVUE-OS CLI Reference Guide Step Description Command (config) # Configure rule-based map, (config) # map alias inMap4 from inline network to first (config map alias inMap4) # type inline byRule inline tool. (config map alias inMap4) # from inNet (config map alias inMap4) # to inTool1 (config map alias inMap4) # rule add pass portdst 80 (config map alias inMap4) # exit (config) #...
Page 560 GigaVUE-OS CLI Reference Guide be 1/2/g1..g8 or 1/3/g1..g8. On the TAP module, you will need to configure inline network ports and the inline network because they are not created automatically (as they are on bypass combo modules). Step Description Command Configure an inline network (config) # inline-network-group alias inNetGroup group consisting of two...
Page 561 GigaVUE-OS CLI Reference Guide Step Description Command Configure inline tools as (config) # inline-tool alias inTool1 pair tool-a iT1 and follows: tool-b iT2 inTool1 and inTool2 will (config) # inline-tool alias inTool2 pair tool-a iT3 and ● be used in the inline tool tool-b iT4 group, inToolGroup (config) # inline-tool alias inTool3 pair tool-a iT5 and...
Page 562 GigaVUE-OS CLI Reference Guide Step Description Command group to the inline tool (config map alias inMap1) # from inNetGroup group. (config map alias inMap1) # to inToolGroup (config map alias inMap1) # rule add pass vlan 100 (config map alias inMap1) # exit (config) # Configure rule-based map, (config) # map alias inMap2...
Page 563 GigaVUE-OS CLI Reference Guide Step Description Command (config) # show inline-serial (config) # show inline-tool-group (config) # show map Example 14: OOB Maps Originating from Inline Network Example 14 combines out-of-band (OOB) maps with a map passall originating from an inline network on GigaVUE-HC3. In Example 14, the map passall sends all traffic to the inline tool. The OOB rule-based map sends traffic to an OOB tool.
Page 564 GigaVUE-OS CLI Reference Guide Step Description Command (config) # inline-tool alias inTool1 enable Configure a map passall, (config) # map-passall alias inline_map1 from the inline network to (config map-passall alias inline_map1) # from default_ the inline tool. This sends all inline_net_1_1_3 the traffic to the inline tool.
Page 565 GigaVUE-OS CLI Reference Guide In Example 15, two OOB maps send traffic from each inline network port (associated with default_inline_net_1_1_1) to the OOB tool. Two more maps would be needed to send traffic from each inline network port (associated with default_inline_net_1_1_2) to the OOB tool, but this is not included in Example 15.
Page 566 GigaVUE-OS CLI Reference Guide Step Description Command inline tool. (config map-passall alias inline_map1) # exit (config) # Configure the first rule- (config) # map alias OoB_map1 based map. This is an OOB (config map alias OoB_map1) # type regular byRule map from one inline (config map alias OoB_map1) # rule add pass ipver 4 network port (associated...
Page 567 GigaVUE-OS CLI Reference Guide Example 16: Asymmetrical Hashing in Inline Tool Group Example 16 is an inline bypass solution on GigaVUE-HC3 for an inline tool group with four tools. The inline tool group uses asymmetrical hashing (unlike Example 5: Inline Tool Group (N+1) Redundancy which uses symmetrical hashing).
Page 568 GigaVUE-OS CLI Reference Guide Step Description Command (config) # port 1/2/x23 alias iT7( config) # port iT7 type inline-tool (config) # port iT7 params admin enable (config) # port 1/2/x24 alias iT8 (config) # port iT8 type inline-tool (config) # port iT8 params admin enable Configure inline tools and (config) # inline-tool alias inTool1 pair tool-a iT1 and enable them.
Page 569 GigaVUE-OS CLI Reference Guide Step Description Command send it to bypass. inNet (config map-scollector alias inNet-to-bypass) # collector bypass (config map-scollector alias inNet-to-bypass) # exit (config) # Configure the path of the (config) # inline-network alias inNet traffic-path to- traffic to inline tool. inline-tool Display the configuration (config) # show inline-tool-group...
Page 570 GigaVUE-OS CLI Reference Guide Step Description Command Configure inline tool ports, (config) # port 1/2/x15 alias iT1 port type (inline-tool), and (config) # port iT1 type inline-tool administratively enable (config) # port iT1 params admin enable inline tool ports. (config) # port 1/2/x16 alias iT2 (config) # port iT2 type inline-tool (config) # port iT2 params admin enable (config) # port 1/2/x19 alias iT3...
Page 571 GigaVUE-OS CLI Reference Guide Step Description Command action. (config inline-tool-group alias inToolGroup) # hash a- srcip-b-dstip (config inline-tool-group alias inToolGroup) # minimum- group-healthy-size 4 (config inline-tool-group alias inToolGroup) # enable (config inline-tool-group alias inToolGroup) # failover- action network-bypass (config inline-tool-group alias inToolGroup) # exit (config) # Configure rule-based map, (config) # map alias inNet-to-inTool1...
Page 572 (config) # show map Example 18: Gigamon Resiliency for Inline Protection You can configure Gigamon Resiliency for inline protection on H Series nodes (GigaVUE-HC1, and GigaVUE-HC3). Example 18 is an inline bypass solution for GRIP using TAP-HC1-G10040 modules on GigaVUE-HC1 with copper ports. The same instructions apply to GigaVUE-HC3.
Page 573 GigaVUE-OS CLI Reference Guide Step Description Command Configure stack port (for (config) # port 1/1/x1 type stack signaling port/link) and (config) # port 1/1/x1 params admin enable enable it. Create the redundancy (config) # redundancy-profile alias RP_001 (config profile by giving it a name redundancy-profile alias RP_001) # signaling-port 1/1/x1 and configuring (config redundancy-profile alias RP_001) # protection-...
Page 574 GigaVUE-OS CLI Reference Guide Step Description Command passive (in passive mode, relays are closed). Also configure ports, port type (inline-network). Configure stack port (for (config) # port 1/1/x1 type stack signaling port/link) and (config) # port 1/1/x1 params admin enable enable it.
Page 575 GigaVUE-OS CLI Reference Guide Configure Inline Bypass Solution on GigaVUE-OS TAP Modules Network ports on the copper TAP modules, TAP-HC1-G10040 on the GigaVUE-HC1 can be configured through software to be inline network ports. This allows the GigaVUE-OS TAP modules to act as a copper bypass module, providing protected inline networks for copper ports.
Page 576 GigaVUE-OS CLI Reference Guide Configuring an inline network using ports on the TAP-HC0-G100C0 or TAP-HC1-G10040 ■ must enforce proper pairing of the net-a and net-b attributes of the inline network. This means that the ports selected as net-a and net-b must belong to the same pair of copper TAP ports.
Page 577 GigaVUE-OS CLI Reference Guide For example, the inline tools can be Web Application Firewall (WAF), Intrusion Prevention System (IPS), Advanced Persistent Threat (APT). The inline tool aliases are t0708 to t1516, based on ports x7 to x16. Use the following steps to configure Example 1: Step Description Command...
Page 578 GigaVUE-OS CLI Reference Guide Step Description Command defined tag, and enable (config map alias FLEX1) # a-to-b map. t0708,t0910,t1112,t1314,t1516 (config map alias FLEX1) # b-to-a reverse (config map alias FLEX1) # tag 100 (config map alias FLEX1) # enable (config map alias FLEX1) # exit (config) # Configure the path of the (config) # inline-network alias n0102 traffic-path to-...
Page 579 GigaVUE-OS CLI Reference Guide Step Description Command Configure inline tool ports, (config) # port 1/3/x7..x16 type inline-tool port type (inline-tool), and (config) # port 1/3/x7..x16 params admin enable administratively enable inline tool ports. Configure inline tools, (config) # inline-tool alias t0708 pair tool-a 1/3/x7 and specify that the inline tool tool-b 1/3/x8 is going to be shared by...
Page 580 GigaVUE-OS CLI Reference Guide sequence. The inline networks share these two tools. The inline network aliases are n0102 to n0304, based on ports x1 to x4. For example, the inline tools can be Web Application Firewall (WAF), Intrusion Prevention System (IPS), Advanced Persistent Threat (APT). The inline tool aliases are t0708 to t1516, based on ports x7 to x16.
Page 581 GigaVUE-OS CLI Reference Guide Step Description Command administratively enable inline tool ports. Configure inline tools, (config) # inline-tool alias t0708 pair tool-a 1/3/x7 and specify that the inline tool tool-b 1/3/x8 is going to be shared by (config) # inline-tool alias t0708 shared true different sources, and (config) # inline-tool alias t0708 enable enable them.
Page 582 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias FLEX2) # exit (config) # Configure the path of the (config) # inline-network alias n0102 traffic-path to- traffic to inline tools. inline-tool (config) # inline-network alias n0304 traffic-path to- inline-tool Example 3—Protected Flexible Inline, Two Collector Maps Example 3 is similar to Example 2 but with protected inline networks.
Page 583 GigaVUE-OS CLI Reference Guide Step Description Command (config) # inline-tool alias t1112 shared true (config) # inline-tool alias t1112 enable (config) # inline-tool alias t1314 pair tool-a 1/3/x13 and tool-b 1/3/x14 (config) # inline-tool alias t1314 shared true (config) # inline-tool alias t1314 enable (config) # inline-tool alias t1516 pair tool-a 1/3/x15 and tool-b 1/3/x16 (config) # inline-tool alias t1516 shared true...
Page 584 GigaVUE-OS CLI Reference Guide Example 4—Unprotected Flexible Inline, Rule-Based Map Example 4 adds a rule-based map to Example 2. It has the same two inline networks, the same five inline tools, but adds a rule-based map from the first inline network. In the rule- based map, two of the five tools are specified, sending traffic through those two tools, which are the second (t0910) and the fourth (t1314) tools in the sequence.
Page 585 GigaVUE-OS CLI Reference Guide Step Description Command Configure inline tool ports, (config) # port 1/3/x7..x16 type inline-tool port type (inline-tool), and (config) # port 1/3/x7..x16 params admin enable administratively enable inline tool ports. Configure inline tools, (config) # inline-tool alias t0708 pair tool-a 1/3/x7 and specify that the inline tool tool-b 1/3/x8 is going to be shared by...
Page 586 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias FLEX2) # enable (config map alias FLEX2) # exit (config) # (config) # map alias FLEX3 (config map alias FLEX3) # type flexInline byRule (config map alias FLEX3) # from n0102 (config map alias FLEX3) # a-to-b t0910,t1314 (config map alias FLEX3) # b-to-a reverse (config map alias FLEX3) # rule add pass ipver 4...
Page 587 GigaVUE-OS CLI Reference Guide Step Description Command (config) # inline-network alias n0304 pair net-a 1/3/x3 and net-b 1/3/x4 Configure inline tool ports, (config) # port 1/3/x7..x16 type inline-tool port type (inline-tool), and (config) # port 1/3/x7..x16 params admin enable administratively enable inline tool ports.
Page 588 GigaVUE-OS CLI Reference Guide Step Description Command configure a rule (one rule (config map alias FLEX1) # tag 100 only) to direct traffic to the (config map alias FLEX1) # enable tools. The rule can be based (config map alias FLEX1) # exit on any map rule criteria (config) # such as TCP port, IP subnet,...
Page 589 GigaVUE-OS CLI Reference Guide Figure 14Example 6 Inline Tool Sharing by Multiple Inline Flows illustrates Example 6. Traffic is only shown in one direction. Figure 14 Example 6 Inline Tool Sharing by Multiple Inline Flows Use the following steps to configure Example 6: Step Description Command Configure inline network...
Page 590 GigaVUE-OS CLI Reference Guide Step Description Command (config) # inline-tool alias t0910 flex-traffic-path monitoring (config) # inline-tool alias t0910 shared true (config) # inline-tool alias t0910 enable (config) # inline-tool alias t1112 pair tool-a 1/3/x11 and tool-b 1/3/x12 (config) # inline-tool alias t1112 shared true (config) # inline-tool alias t1112 enable (config) # inline-tool alias t1314 pair tool-a 1/3/x13 and tool-b 1/3/x14...
Page 591 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias FLEX3) # rule add pass ipver 4 (config map alias FLEX3) # tag 300 (config map alias FLEX3) # enable (config map alias FLEX3) # exit (config) # Configure the path of the (config) # inline-network alias n0102 traffic-path to- traffic to inline tools.
Page 592 GigaVUE-OS CLI Reference Guide Step Description Command will configure out-of-band (OOB) traffic to this hybrid port. Configure regular tool ports, port (config) # port 1/3/x20..x22 type tool type (tool), and administratively (config) # port 1/3/x20..x22 params admin enable tool ports. The flexible inline enable map will configure out-of-band (OOB) traffic to a regular tool port.
Page 593 GigaVUE-OS CLI Reference Guide Example 8—Flexible Inline Single Tag Configuration When you configure inline maps with single VLAN tag, the map rules must have the same VLAN tag as configured in the from parameter. The following is an example of a flexible inline single tag configuration. map alias map1_in1_100_11 type flexinline byRule rule add pass ipver 4 vlan 100...
Page 594 GigaVUE-OS CLI Reference Guide Step Description Command must be configured before installing certificates and keys. If the key has a passphrase, in order to install it, the keychain password and the passphrase must match. (Optional) Configure trust store, (config) # apps inline-ssl trust-store fetch which installs trusted certificate http://1.1.1.1/mitm/my_trust_store.pem authority (CA) for server...
Page 595 GigaVUE-OS CLI Reference Guide Step Description Command (config apps inline-ssl profile alias sslprofile) # no-decrypt tool-bypass disable (config apps inline-ssl profile alias sslprofile) # url-cache miss action decrypt (config apps inline-ssl profile alias sslprofile) # exit (config) # Configure a GigaSMART group (config) # gsgroup alias gs1 port-list 2/1/e1 and associate it with a GigaSMART engine port.
Page 596 GigaVUE-OS CLI Reference Guide Step Description Command (Optional) Configure inline (config) # inline-network-group alias ing1 network group. This example has (config inline-network-group alias ing1) # four inline networks in an inline network-list inline-net1,inline-net2, inline-net3, network group. inline-net4 (config inline-network-group alias ing1) # exit : If only one inline network is specified, the inline (config) #...
Page 597 GigaVUE-OS CLI Reference Guide Step Description Command This map (and the next) is for (config) # traffic that needs to be decrypted so the tools can inspect it, such as HTTPS traffic. The map type and subtype are determined by the from and to parameters (inLineFirstLevel, ingresstovp).
Page 598 GigaVUE-OS CLI Reference Guide Step Description Command combination of these. This (config map alias gs-oob) # exit example has multiple tool ports. (config) # Configure the path of the traffic (config) # inline-network alias inline-net1 traffic- to inline tool on the inline path to-inline-tool networks.
Page 599 The logged events are stored in the Common Event Format (CEF) as follows: <SYSLOG_HEADER> <Timestamp> <hostname:engine> CEF:0|Gigamon|<Device Model>|<GigaVUE-OS OS Version>|<Event ID>|<Event name>|<Severity>|[Extension] Here is an example of a logged event: Thu Jun 14 15:50:16 2018 hostname:hc3_test:1/1/e1CEF:0|Gigamon|HC3|5.5.0|102|SESSION_ DECRYPT|6|src=126.1.0.20dst=126.1.0.10 spt=34267 dpt=443 dhost=example.comcs1Label=Certificate Subject cs1=C\=US, ST\=CA, L\=Santa Clara,CN=*.example.com cs2Label=Cipher Suite cs2=DHE-RSA-AES128-GCM-SHA256 You can view and track these logs to troubleshoot system issues, maintain audit trails, and for compliance purpose.
Page 600 GigaVUE-OS CLI Reference Guide Step Description Command Configure the session log levels HC3 (config) # gsparams gsgroup <alias> session under the GigaSMART parameters logging level (gsparams). <err|warning|notice|info|debug|none> : If you set the session log level as None, the logs will not be sent to the inline SSL session logging server.
Page 601 GigaVUE-OS CLI Reference Guide Summary Command In this example, we have created a GigaSMART group called GS1 using virtual port e1 on the GigaSMART-HC0 line card in slot 2 of box 16 (16/2/e1). Next, you can create a GigaSMART operation – a (config) # gsop alias tcpmask masking combination of actions that can be used in a map –...
Page 602 GigaVUE-OS CLI Reference Guide GigaSMART De-duplication ■ GigaSMART Header Stripping ■ GigaSMART GTP Correlation ■ GigaSMART GTP Whitelisting and GTP Flow Sampling Examples ■ GigaSMART GTP Overlap Flow Sampling Maps ■ GigaSMART SIP/RTP Correlation ■ GigaSMART GTP Scaling ■ GigaSMART GTP Stateful Session Recovery ■...
Page 603 GigaVUE-OS CLI Reference Guide Following is an example of how you can configure GigaSMART Masking: Summary Command This example creates a GigaSMART masking operation (config) # gsop alias tunnel_mask named tunnel_mask. This example starts masking six bytes masking protocol gtp-tcp offset 6 after the end of the TCP layer in the GTP-encapsulated pattern FF length 150 port-list GS1 packet and continues for 150 bytes, writing over the existing...
Page 604 GigaVUE-OS CLI Reference Guide Refer to the “GigaSMART IP Encapsulation/Decapsulation (GigaSMART Tunnel)” section in the GigaVUE Fabric Management Guide for details about GigaSMART IP Encapsulation/Decapsulation details. The following example describes how to configure the sending end of the tunnel for the physical devices in different location.
Page 605 GigaVUE-OS CLI Reference Guide Configure the Receiving End of the Tunnel: GigaVUE-HC3 with GigaSMART in San Francisco Now we need to configure the receiving end of the tunnel with an IP interface associated with the network port. The GigaVUE-HC3 in this location will have an IP interface associated with the network port configured on network port 5/1/c2 with an IP address of 21.2.9.75 and a GigaSMART decapsulation operation that listens on UDP port 10000.
Page 606 GigaVUE-OS CLI Reference Guide ® Configure the Receiving End of the Tunnel: GigaVUE-OS HC Series with GigaSMART in Melbourne Now we need to configure the receiving end of the tunnel with an IP interface associated with the network port. TheGigaVUE HC Series in this location will have an IP interface associated with the network port configured on network port 1/1/3 with an IP address of 10.150.68.222 and a GigaSMART decapsulation operation that listens on UDP port 10000.
Page 607 GigaVUE-OS CLI Reference Guide Task Commands The to command specifies where ■ matching packets will be sent (tool port 1/1/x11). The rule add pass command specifies ■ that packets arriving on this port with an IP Source address of 10.10.10.10 /32 will be processed by the gv_ipdecap GSOP and sent to tool port 1/1/x11.
Page 608 GigaVUE-OS CLI Reference Guide Example 1 – GigaSMART L2GRE Tunnel Encapsulation In this example, an IP interface is configured on the tool port. A GigaSMART operation for tunnel encapsulation is configured to encapsulate the filtered packets. A map is configured that uses the L2GRE tunnel encapsulation GigaSMART operation, which sends packets from the remote site over the Internet to the main office using the IP interface with tool port.
Page 609 GigaVUE-OS CLI Reference Guide Step Description Command Display the configuration for this (config) # show gsgroup example. (config) # show ip interfaces (config) # show gsop (config) # show map Example 2 – GigaSMART L2GRE Tunnel Encap Stateful LB Example 2 configures stateful load balancing of tunnel traffic to three tunnel endpoints based on a metric.
Page 610 GigaVUE-OS CLI Reference Guide Step Description Command (Optional) Specify weights for each (config) # port-group alias pg1 weight te1 50 tunnel endpoint in the port group. (config) # port-group alias pg1 weight te2 20 (config) # port-group alias pg1 weight te3 30 Enable load balancing on the port (config) # port-group alias pg1 smart-lb enable group.
Page 611 GigaVUE-OS CLI Reference Guide Step Description Command Configure a tool type of port and a (config) # port 1/3/x2 type tool network type of port. (config) # port 1/3/x1 type network Configure a GigaSMART group and (config) # gsgroup alias gsport1 port-list 1/1/e1 associate it with a GigaSMART engine port.
Page 612 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias tun_encap) # roles replace admin to owner_roles (config map alias tun_encap) # use gsop gsop2 (config map alias tun_encap) # rule add pass ipver 4 (config map alias tun_encap) # from 1/3/x1 (config map alias tun_encap) # to 1/3/x2 (config map alias tun_encap) # exit (config) #...
Page 613 GigaVUE-OS CLI Reference Guide Step Description Command Create a map using the tunnel (config) # map alias tun_decap decapsulation GigaSMART operation, (config map alias tun_decap) # type regular with packets coming from the byRule Internet through the network port (config map alias tun_decap) # use gsop and being sent to the local tool port.
Page 614 GigaVUE-OS CLI Reference Guide Step Description Command Configure the GigaSMART operation (config) # gsop alias gsen tunnel-encap type for tunnel encapsulation and assign l2gre ip6dst 2001::3 key 5 port-list grp_en it to the GigaSMART group. Create a map using the tunnel (config) # map alias map_en encapsulation GigaSMART (config map alias map_en) # type regular byRule...
Page 615 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias map_de) # rule add pass ipver (config map alias map_de) # from 1/4/x24 (config map alias map_de) # to 1/4/x7 (config map alias map_de) # exit (config) # Display the configuration for this (config) # show gsop example.
Page 616 GigaVUE-OS CLI Reference Guide Tunnel Health Checks Starting in software version 5.3, there are tunnel health checks. The reachability of tunnel destinations is checked and, if the destinations are not reachable, packets will not be sent or will stop being sent. The tunnel health check on the GigaSMART card defines destinations as follows: IP destinations used for sending packets from a single IP interface with tool port to a ■...
Page 617 GigaVUE-OS CLI Reference Guide Step Description Command (config ip interface alias test) # gsgroup add gsgp1 (config ip interface alias test) # exit Configure the GigaSMART operation (config) # gsop alias er1 tunnel-decap type and assign it to the GigaSMART erspan flow-id 0 port-list gsgp1 group.
Page 618 GigaVUE-OS CLI Reference Guide Step Description Command 10.10.10.10 /29 (config ip interface alias test) # gw 10.10.10.1 (config ip interface alias test) # mtu 9400 (config ip interface alias test) # gsgroup add gsgp1 (config ip interface alias test) # exit Configure the GigaSMART operation (config) # gsop alias gsop_erspan tunnel-decap and assign it to the GigaSMART...
Page 619 GigaVUE-OS CLI Reference Guide VXLAN Tunnel Termination Example Step Description Command Configure a tool type of port. (config) # port 1/1/g1 type tool Configure a GigaSMART group (config) # gsgroup alias gsgp1 port-list 1/3/e1 and associate it with a GigaSMART engine port.
Page 620 GigaVUE-OS CLI Reference Guide Refer to the “GigaSMART Custom Tunnel Decapsulation” section in the GigaVUE Fabric Management Guide for detailed information. Custom Tunnel Termination Example Step Description Command Configure a tool type of port. (config) # port 1/1/g1 type tool Configure a GigaSMART group and (config) # gsgroup alias gsgp1 port-list 1/3/e1 associate it with a GigaSMART...
Page 621 GigaVUE-OS CLI Reference Guide GigaSMART Header Addition GigaSMART operations with an add_header component can add VLAN tags to packets. This operation is useful in the following situations: Differentiating stripped packets from non-stripped packets on common IP ranges (for ■ example,10.x.x.x; 192.168.x.x). Refer to the “GigaSMART Header Addition”...
Page 622 (config) # gsop alias fm6000_replace strip-header fm6000-ts none port-list gsgroup1 The following are example CLI commands to convert packets containing the FM6000 timestamp to UTC and append the UTC timestamp to either the Gigamon trailer or the PRT- H00-X12TS trailer:...
Page 623 GigaVUE-OS CLI Reference Guide (config map alias fm6000_map) # rule add pass ipver 4 (config map alias fm6000_map) # to 1/1/x1 (config map alias fm6000_map) # from 1/1/x2 (config map alias fm6000_map) # exit (config) # : There is one-to-one mapping between the GigaSMART operation (gsop) and the map.
Page 624 GigaVUE-OS CLI Reference Guide Example 2 – Retaining IPv4 Inner Header from the LISP Header Format Cisco LISP is used to carry original IP packets to support multi-homing. In this example, the IPv4 outer header, UDP header, and LISP header are stripped from the Cisco LISP header format.
Page 625 GigaVUE-OS CLI Reference Guide (config) # gsop alias remove_out_mac_vpls strip-header generic anchor-hdr1 none offset start header-count 2 anchor-hdr2 none port-list gsp Table 16: Components of L2 MPLS Encapsulated Packets Component Description anchor-hdr1 none Starts the header stripping operation from the start of the Ethernet header. offset start header-count 2 Strips the first and the second header from the packet.
Page 626 GigaVUE-OS CLI Reference Guide Example 5 – Retaining Inner Ethernet Frame from the VXLAN Encapsulated Frame VXLAN encapsulates Ethernet packets in IP using VXLAN header. In this example, the outer Ethernet header, outer IP header, outer UDP header, and VXLAN Header are stripped from the VXLAN encapsulated packets.
Page 627 GigaVUE-OS CLI Reference Guide The following is an example CLI command syntax to strip TRILL from the encapsulated packets: (config) # gsop alias remove_inner_mac_trill strip-header generic anchor-hdr1 eth offset end custom-len 20 anchor-hdr2 ipv4 port-list gsg Table 19: Componentsof TRILL Encapsulated Packets Component Description anchor-hdr1 eth...
Page 628 GigaVUE-OS CLI Reference Guide Example 8 – Stripping Inner Ethernet Header from the Avaya SPB Encapsulated Packets Using the same example as in Example 7 – Stripping Outer Ethernet Header from the Avaya SPB Encapsulated Packets, another scenario is explained. In this example, the ITAG, inner Ethernet header, and VLAN are removed from the packet structure.
Page 629 GigaVUE-OS CLI Reference Guide Example 3: Same Subscriber, Filter on Different Versions ■ Example 4: Same Subscriber, Filter on Different Interfaces ■ Example 5: EPC Filtering ■ Example 6: EPC Filtering ■ Example 1: Identifying High-Value and/or Roaming Subscribers Based on IMSI’s Use GTP correlation to identify high value subscribers based on an IMSI or group of IMSI’s.
Page 630 GigaVUE-OS CLI Reference Guide Step Description Command (config) # port 1/1/x5 type tool Configure a GigaSMART group and associate (config) # gsgroup alias gsg1 port-list it with a GigaSMART engine port. 1/1/e1 Configure the GigaSMART operation and (config) # gsop alias gtp_sf flow-ops assign it to the GigaSMART group to enable flow-filtering gtp port-list gsg1 GTP correlation.
Page 631 GigaVUE-OS CLI Reference Guide Step Description Command Display the configuration for Example 1. (config) # show gsgroup (config) # show gsop (config) # show map Display statistics. (config) # show gsgroup flow-ops- report alias gsg1 type flow-filtering any Display the session tables for flow-ops- (config) # show gsgroup flow-ops- reports.
Page 632 GigaVUE-OS CLI Reference Guide In Example 2, EMEI traffic is distributed based on GTP versions as follows: Filter and forward GTPv1 to a tool port ■ Filter and forward GTPv2 to another tool port ■ Step Description Command Configure one network and two tool type (config) # port 1/1/x3 type network of ports.
Page 633 GigaVUE-OS CLI Reference Guide Step Description Command (config) # Create a second level map that takes traffic (config) # map alias IMEI-list1 from the virtual port, applies the (config map alias IMEI-list1) # type GigaSMART operation, matches IMEIs secondLevel flowFilter specified by the flow rule, and sends (config map alias IMEI-list1) # use gsop matching traffic to a tool port.
Page 634 GigaVUE-OS CLI Reference Guide Step Description Command Configure the GigaSMART operation (config) # gsop alias gtpfilter lb app gtp metric and assign it to the GigaSMART group. hashing key imsi flow-ops flow-filtering gtp port-list gsgrp1 Configure a virtual port and assign it (config) # vport alias vp1 gsgroup gsgrp1 to the GigaSMART group.
Page 635 GigaVUE-OS CLI Reference Guide Step Description Command gtp imsi * version 2 (config map alias map2_2) # exit (config) # Example 4: Same Subscriber, Filter on Different Interfaces In this example, traffic from the same subscriber is forwarded to two different load balancing groups based on interface.
Page 636 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias map1_1) # exit (config) # Create another first level map. (config) # map alias map1_2 (config map alias map1_2) # type firstLevel byRule (config map alias map1_2) # from 1/2/g1 (config map alias map1_2) # to vp2 (config map alias map1_2) # rule add pass vlan 1611..1612...
Page 637 GigaVUE-OS CLI Reference Guide Step Description Command type of ports. (config) # port 1/2/g5..g6 type tool Configure a GigaSMART group and (config) # gsgroup alias gsgrp1 port-list 1/3/e2 associate it with a GigaSMART engine port. Configure the GigaSMART operation (config) # gsop alias gtpLB lb app gtp metric and assign it to the GigaSMART group.
Page 638 GigaVUE-OS CLI Reference Guide Example 6: EPC Filtering In this example, traffic for all subscribers from all interfaces except S5/S8 is sent to the same load balancing group. Traffic from the S5/S8 interface is dropped. Step Description Command Configure one network and two tool (config) # port 1/2/g1 type network type of ports.
Page 639 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias map2_1) # exit (config) # GigaSMART GTP Whitelisting and GTP Flow Sampling Examples GTP whitelisting selects specific subscribers based on IMSI. The whitelist contains up to 500,000 subscriber IMSIs. For subscribers in the whitelist, 100% of their traffic is always sent to a specified tool port.
Page 640 GigaVUE-OS CLI Reference Guide gsop ■ gsparams ■ ■ port-group ■ vport ■ Example 1: GigaSMART GTP Whitelisting Example 1 is a GTP whitelisting configuration example. Traffic from network ports go to the three first level maps (GTP-Control, GTP-User, and Fragments-Not-First) and then to the virtual port (vport1).
Page 641 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias GTP-User) # roles replace admin to owner_roles (config map alias GTP-User) # rule add pass portdst 2152 bidir (config map alias GTP-User) # to vport1 (config map alias GTP-User) # from 8/1/x40,8/1/x6 (config map alias GTP-User) # exit (config) # (config) # map alias Fragments-Not-First...
Page 642 GigaVUE-OS CLI Reference Guide Step Description Command Configure a GigaSMART group (config) # gsgroup alias gsg1 port-list 10/7/e1 and associate it with a GigaSMART engine port. Create a virtual port. (config) # vport alias vport1 gsgroup gsg1 Create the GTP whitelist. (config) # apps gtp-whitelist alias MyIMSIs create Fetch whitelist files from a (config) # apps gtp-whitelist alias MyIMSIs fetch add...
Page 643 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias Fragments-Not-First) # rule add pass ipfrag all-frag-no-first (config map alias Fragments-Not-First) # to vport1 (config map alias Fragments-Not-First) # from 8/1/x40,8/1/x6 (config map alias Fragments-Not-First) # exit (config) # Configure one second level (config) # map alias GTP-Whitelist_v1 map for GTP whitelisting, the (config map alias GTP-Whitelist_v1) # type...
Page 644 GigaVUE-OS CLI Reference Guide the percentage to sample. Packets are then accepted or rejected. Accepted packets are forwarded to a port. Rejected packets are dropped. Packets that do not match a rule will be passed to subsequent maps. Step Description Command Configure a GigaSMART group (config) # gsgroup alias gsg1 port-list 10/7/e1...
Page 645 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias Fragments-Not-First) # exit (config) # Configure the GigaSMART (config) # gsop alias gtp-flowsample flow-ops gtp- operation for GTP flow sampling. flowsample lb app gtp metric hashing key imsi port-list gsg1 Configure a second level map for (config) # map alias GTP-Sample-01 GTP flow sampling, the flow...
Page 646 GigaVUE-OS CLI Reference Guide If there is not a match to an IMSI in the whitelist, the traffic flow is sampled based on the rules in the flow sampling map (GTP-Sample-01). The flow sampling rules specify IMSI, IMEI, and MSISDN numbers, as well as the percentage to sample. Packets are then accepted or rejected.
Page 647 GigaVUE-OS CLI Reference Guide Step Description Command (config) # map alias Fragments-Not-First (config map alias Fragments-Not-First) # type firstLevel byRule (config map alias Fragments-Not-First) # roles replace admin to owner_roles (config map alias Fragments-Not-First) # rule add pass ipfrag all-frag-no-first (config map alias Fragments-Not-First) # to vport1 (config map alias Fragments-Not-First) # from 8/1/x40,8/1/x6...
Page 648 GigaVUE-OS CLI Reference Guide Step Description Command Configure a second level map (config) # map alias GTP-Sample-01 for GTP flow sampling, the (config map alias GTP-Sample-01) # type secondLevel flow sampling map. If there is flowSample not a match to an IMSI in the (config map alias GTP-Sample-01) # roles replace whitelist, the traffic flow is admin to owner_roles...
Page 649 GigaVUE-OS CLI Reference Guide Example 5: GigaSMART GTP Flow Sampling with Multiple Maps Example 5 includes multiple GTP flow sampling maps, which provide a more granular selection of tool ports for flow sampling. In Example 5, traffic from network ports go to the three first level maps (GTP-Control, GTP- User, and Fragments-Not-First) and then to the virtual port (vport1).
Page 650 GigaVUE-OS CLI Reference Guide Step Description Command Configure a GigaSMART group (config) # gsgroup alias gsg1 port-list 10/7/e1 and associate it with a GigaSMART engine port. Create a virtual port. (config) # vport alias vport1 gsgroup gsg1 Configure three first level maps. (config) # map alias GTP-Control (config map alias GTP-Control) # type firstLevel : In the rules, 2123 is...
Page 651 GigaVUE-OS CLI Reference Guide Step Description Command create Fetch whitelist files from a (config) # apps gtp-whitelist alias VoLTE_1MM fetch specified location to populate add http://10.1.1.100/tftpboot/myfiles/IMSI_file1.txt the GTP whitelist. (config) # apps gtp-whitelist alias VoLTE_1MM fetch add http://10.1.1.100/tftpboot/myfiles/IMSI_file2.txt (Optional) Add a single IMSI to (config) # apps gtp-whitelist alias VoLTE_1MM add the GTP whitelist.
Page 652 GigaVUE-OS CLI Reference Guide Step Description Command gtp imsi 31826098351* imei 35609* percentage 20 (config map alias GTP-Sample-1) # flowsample add gtp imsi 31826098352* imei 3560* percentage 20 (config map alias GTP-Sample-1) # flowsample add gtp imsi 31826098353* imei 356* percentage 20 (config map alias GTP-Sample-1) # flowsample add gtp imsi 31826098354* imei 35* percentage 20 (config map alias GTP-Sample-1) # flowsample add...
Page 653 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias GTP-Sample-2) # flowsample add gtp imsi 31826098384* imei 35* percentage 50 (config map alias GTP-Sample-2) # flowsample add gtp imsi 31826098385* imei 356* percentage 50 (config map alias GTP-Sample-2) # flowsample add gtp imsi 31826098386* imei 3560* percentage 50 (config map alias GTP-Sample-2) # flowsample add gtp imsi 31826098387* imei 35609* percentage 50...
Page 654 GigaVUE-OS CLI Reference Guide Step Description Command Configure a second level map (config) # map alias GTP-Sample-4 for GTP flow sampling, the (config map alias GTP-Sample-4) # type secondLevel fourth flow sampling map. This flowSample map has one rule. (config map alias GTP-Sample-4) # roles replace Traffic flow is sampled based on admin to owner_roles the rules in this map.
Page 655 GigaVUE-OS CLI Reference Guide : When the show load-balance port-group stats all command is executed from the leader, statistics for all the attached load balanced port groups are displayed. When the command is executed from another node in the cluster (standby or normal), only the statistics for the load balanced port group in the map attached to the GigaSMART operation on that node are displayed.
Page 656 GigaVUE-OS CLI Reference Guide Step Description Command specify four tool ports each, for load (config port-group alias PG-Filter-Version1) # balancing. Also, enable load port-list 2/8/x1..x4 balancing on each port group. (config port-group alias PG-Filter-Version1) # The port groups are as follows: smart-lb enable (config port-group alias PG-Filter-Version1) # The first port group is...
Page 657 GigaVUE-OS CLI Reference Guide Step Description Command are on a different node than the port groups. Configure virtual ports and assign (config) # vport alias VP-Filter gsgroup GSG- them to the same GigaSMART Filter groups. (config) # vport alias VP-Sample gsgroup GSG- Sample Create a first level map that directs (config) # map alias Map-Lev1-GTP-Filter...
Page 658 GigaVUE-OS CLI Reference Guide Step Description Command Configure a second level map for (config) # map alias Map-Lev2-GTP-Filter- GTP flow filtering for version 1 traffic Version1 coming from the virtual port for (config map alias Map-Lev2-GTP-Filter-Version1) flow filtering and going to the port # type secondLevel flowFilter group for version 1.
Page 659 GigaVUE-OS CLI Reference Guide Step Description Command flowsample add gtp percentage 80 (config map alias Lev2-GTP-Sample) # to PG- Sample (config map alias Lev2-GTP-Sample) # from VP- Sample (config map alias Lev2-GTP-Sample) # exit (config) # Add a shared collector for any (config) # map-scollector alias Collector-Filter unmatched traffic from the virtual (config map-scollector alias Collector-Filter) #...
Page 660 GigaVUE-OS CLI Reference Guide Example 7: APN for GigaSMART GTP Whitelisting, APN and QCI for GigaSMART GTP Flow Sampling Example 7 specifies APN patterns for GTP whitelisting and GTP flow sampling. It also specifies QCI for GTP flow sampling. In Example 7, traffic from network ports go to the two first level maps (gtp_to_v1_c and gtp_ to_v1_u) and then to the virtual port (v1).
Page 661 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias gtp_to_v1_c) # from 22/3/x3 (config map alias gtp_to_v1_c) # exit (config) # (config) # map alias gtp_to_v1_u (config map alias gtp_to_v1_u) # type firstLevel byRule (config map alias gtp_to_v1_u) # roles replace admin to owner_roles (config map alias gtp_to_v1_u) # rule add pass portdst 2152 bidir...
Page 662 GigaVUE-OS CLI Reference Guide Step Description Command sampling map. If there is not a (config map alias from_vp_fs1) # roles replace admin match to an IMSI in the to owner_roles whitelist, the traffic flow is (config map alias from_vp_fs1) # use gsop gtp- sampled based on the APN corelate_gsg_fs pattern in this map.
Page 663 GigaVUE-OS CLI Reference Guide Step Description Command (config) # map alias SA-UPN-WL-ITFC Configure interface (config map alias SA-UPN-WL-ITFC) # use gsop WL-Lb based filtering (config map alias SA-UPN-WL-ITFC) # whitelist add gtp Send traffic from the interface N9 interface N9 only for all (config map alias SA-UPN-WL-ITFC) # to pgLB subscribers to the tool (config map alias SA-UPN-WL-ITFC) # from vp 1...
Page 664 GigaVUE-OS CLI Reference Guide Flow-Ops for Unsupported Interfaces The Flow-ops table displays statistics of the interfaces not supported by the GTP correlation engine. Interface Pkts =============== =========== S11U Unknown Flow-Ops for PFCP Node Related Messages PFCP messages stats =================== Msg Type Pkt Count ===================================== Heart Beat Req...
Page 665 GigaVUE-OS CLI Reference Guide In this scenario, once traffic matches a map, it will be sent to the destination for that map. However, the matched traffic will also be evaluated by subsequent maps and, if a match occurs, it will be sent to each of the destinations pointed to by the subsequent maps. Example 1: GTP Overlap Mode Example 1 is a GTP overlap flow sampling map example.
Page 666 GigaVUE-OS CLI Reference Guide Step Description Command Create GigaStream that will be (config) # gigastream alias gs1 port-list 1/1/x16..x17 part of the port groups. (config) # gigastream alias gs2 port-list 1/1/x1..x2 Create port groups and specify (config) # port-group alias pg1 port-list 1/1/x6..x7 the tool ports.
Page 667 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias mapLevel1-GTP) # exit (config) # Create the GTP whitelist. (config) # apps gtp-whitelist alias Whitelist create Fetch whitelist files from a (config) # apps gtp-whitelist alias Whitelist fetch specified location to populate add http://10.1.1.100/tftpboot/myfiles/MyIMSIs_ the GTP whitelist.
Page 668 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias FSMAP1) # from VP31 (config map alias FSMAP1) # exit (config) # Configure the next second level (config) # map alias WLMAP2 GTP overlap map for GTP (config map alias WLMAP2) # type secondLevel whitelisting.
Page 669 GigaVUE-OS CLI Reference Guide Step Description Command Display the configuration for (config) # show port-group this example. (config) # show gsgroup (config) # show vport (config) # show gsop (config) # show gsparams (config) # show map (config) # show map-group GigaSMART GTP Scaling GTP can be scaled as follows: GigaSMART Cards in GigaVUE-HC3...
Page 670 GigaVUE-OS CLI Reference Guide Step Description Command Configure ports as follows: (config) # port 22/3/x3 type network one network type of port. This will (config) # port 22/3/x1 type tool ● be used as the from attribute in (config) # port 22/1/x11 type tool two first level maps in Step 5 (config) # port 22/3/x3 params admin enable...
Page 671 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias gtp_to_vp1-c) # from 22/3/x3 : The order of configuration (config map alias gtp_to_vp1-c) # exit is important. Configure param traffic control before any map (config) # rules. Create another first level map that (config) # map alias gtp_to_vp1 directs GTP user traffic from the (config map alias gtp_to_vp1) # type firstLevel...
Page 672 GigaVUE-OS CLI Reference Guide GTP Engine Grouping Configuration Complex Example This is a more complex example of GTP engine grouping than the previous example. This example has four engine ports on two GigaSMART line cards on the same GigaVUE-HC3 node. The GigaSMART line cards are in slots 1 and 3. The GigaVUE-HC3 node is the cluster leader of a two-node out-of-band cluster.
Page 673 GigaVUE-OS CLI Reference Guide Step Description Command one tool type of port that will be (config) # port 33/3/x11 params admin enable ● used as the to attribute in a map in (config) # port 33/2/x20..x24 params admin Step enable four tool type of ports for a ●...
Page 674 GigaVUE-OS CLI Reference Guide Step Description Command Associate the GigaSMART group to an (config) # gsparams gsgroup hc3scale- existing GTP whitelist. 4engines-slots1and3 gtp-whitelist add 500-1 : The whitelist must be associated with the GigaSMART group on the leader, which is the GigaVUE-HC3 in this example.
Page 675 GigaVUE-OS CLI Reference Guide Step Description Command This map, with the param traffic traffic control control attribute, identifies the GTP-c (config map alias to_hc3_gtpc) # rule add control traffic needed for GTP engine pass portdst 2123 bidir grouping. (config map alias to_hc3_gtpc) # to hc3-gs- 1,vp-hc3scale-4engines-slots1and3,33/3/x11 : The order of configuration is important.
Page 676 GigaVUE-OS CLI Reference Guide Step Description Command traffic from the virtual port and applies (config map alias from_hc3_fs_v2) # roles the flow sampling GigaSMART replace admin to owner_roles operation. (config map alias from_hc3_fs_v2) # use Traffic flow is sampled based on the gsop hc3-scale-fs-lb flow sampling rule in this map.
Page 677 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias from_hc3_ff) # exit (config) # Add a shared collector for any (config) # map-scollector alias s_coll_hc3 unmatched traffic from the virtual (config map-scollector alias s_coll_hc3) # port and send it to a GigaStream. roles replace admin to owner_roles (config map-scollector alias s_coll_hc3) # from vp-hc3scale-4engines-slots1and3...
Page 678 GigaVUE-OS CLI Reference Guide the subscriber attributes and stateful information contained within SIP to correlate subscriber-specific RTP traffic so that monitoring tools can achieve an accurate view of the subscriber’s traffic on the network. SIP/RTP Examples Refer to the following examples: SIP/RTP Minimum Configuration Example ■...
Page 679 GigaVUE-OS CLI Reference Guide Step Description Command (config gsparams gsgroup gsg1) # sip-session default. timeout 30 The RTP port range must be (config gsparams gsgroup gsg1) # sip-whitelist specified, otherwise all RTP will be add sipwl1 dropped. (config gsparams gsgroup gsg1) # exit (config) # Configure a GigaSMART operation (config) # gsop alias gsop-SIP flow-ops sip-...
Page 680 GigaVUE-OS CLI Reference Guide Step Description Command flow sample maps can be flowSample-sip configured. (config map alias map-sipFS) # roles replace admin to owner_roles (config map alias map-sipFS) # use gsop gsop- (config map alias map-sipFS) # flowsample add sip caller-id 510* percentage 65 (config map alias map-sipFS) # flowsample add sip caller-id 408* percentage 25 (config map alias map-sipFS) # to 1/1/g2...
Page 681 GigaVUE-OS CLI Reference Guide Step Description Command Then administratively enable the ports. Configure a GigaSMART group and (config) # gsgroup alias gsg1 port-list 1/1/e1 associate it with a GigaSMART engine ports. Configure GigaSMART parameters (config) # gsparams gsgroup alias gsg1 for the SIP port list and the RTP port (config gsparams gsgroup gsg1) # rtp-port range range.
Page 682 GigaVUE-OS CLI Reference Guide Step Description Command byRule (config map alias SIP-First) # rule add pass ipsrc 192.168.20.1 255.255.255.255 bidir (config map alias SIP-First) # rule add pass ipdst 192.168.20.1 255.255.255.255 bidir (config map alias SIP-First) # rule add pass ipsrc 192.168.20.128 255.255.255.255 bidir (config map alias SIP-First) # rule add pass ipdst 192.168.20.128 255.255.255.255 bidir...
Page 683 GigaVUE-OS CLI Reference Guide Step Description Command (config map-scollector alias Collector) # exit (config) # Display the statistics for this (config) # show port stats example. Configuration of 5G Correlation The 5G Correlation feature correlates the 5G Control and User packets to deliver it to different tool ports based on the filtering policies configured.
Page 684 GigaVUE-OS CLI Reference Guide S.No Task Command Refer to Command Define port group/tool ports. (config) # gsgroup alias cpn-5g port- gsgroup list 1/3/e1 (config) # gsgroup alias upn-5g port- list 1/3/e2 Create a GSGROUP (config) # gsparams gsgroup cpn-5g gsgroup o CPN supports only single gsparams engine...
Page 685 GigaVUE-OS CLI Reference Guide S.No Task Command Refer to Command gsgroup add cpn-5g exit (config) # apps listener alias upn-list- 5050 type gtp-cups l4 port-list 5050 l4 protocol tcp l3 protocol ipv4 l3 ttl 64 l3 dscp 0 mode l3 interface gsgroup add upn-5g exit Create whitelist/ Flow sample GSOP...
Page 686 GigaVUE-OS CLI Reference Guide S.No Task Command Refer to Command rule add pass portsrc 8090 bidir to vport-cpn from 1/3/c1x1 exit map alias pfcp type firstLevel byRule roles replace admin to owner_roles rule add pass portsrc 8805 bidir to vport-cpn,vport-upn from 1/3/c1x1 exit Create second level map with Flow...
Page 687 GigaVUE-OS CLI Reference Guide GigaSMART FlowVUE GigaSMART FlowVUE supports the following: flow-aware sampling of subscriber devices to filter and forward all flows sourced from a ■ sampled set of subscriber device IPs flexible sampling on subscriber IPs and IP ranges, and at specified sampling rates ■...
Page 688 GigaVUE-OS CLI Reference Guide Sample a Subset of Subscribers and Sample a Subset of Traffic FlowVUE can be used to reduce traffic to the monitoring tools. By combining FlowVUE with other GigaSMART applications such as APF, the traffic can be further reduced by filtering on specific Layer 4 application ports.
Page 689 GigaVUE-OS CLI Reference Guide Step Description Command l4port dst pos 2 value 80 (config map alias map1) # gsrule add pass l4port src pos 2 value 80 (config map alias map1) # use gsop gsfvue_apf (config map alias map1) # exit (config) # GigaSMART Adaptive Packet Filtering (APF) Adaptive Packet Filtering (APF) provides filtering on specific encapsulation protocol...
Page 690 GigaVUE-OS CLI Reference Guide Identify Social Security Numbers in User-Level Transactions The following example looks for packets containing Social Security Numbers in an incoming traffic stream using pattern matching. Once a match is detected, the packets are forwarded to a monitoring tool for additional analysis. Step Description Command...
Page 691 GigaVUE-OS CLI Reference Guide Step Description Command Configure a GigaSMART group and (config) # gsgroup alias gsgrp1 port-list 1/3/e1 associate it with a GigaSMART engine port. Create a virtual port and associate it (config) # vport alias gsTraffic gsgroup gsgrp1 with the GigaSMART group.
Page 692 GigaVUE-OS CLI Reference Guide Step Description Command Configure ports. (config) # port 1/1/x3 type network (config) # port 1/1/x4 type tool (config) # port 1/1/x1 type tool Configure a GigaSMART group and (config) # gsgroup alias gsg1 port-list 1/1/e1 associate it with a GigaSMART engine port.
Page 693 GigaVUE-OS CLI Reference Guide Step Description Command ethertype 8906 (config map alias to_vp) # exit (config) # Create a second level map to filter (config) # map alias map1 on regular expression, using a string (config map alias map1) # type secondLevel match to the destination address in byRule the FCOE packet.
Page 694 GigaVUE-OS CLI Reference Guide With encapsulation awareness enabled by APF, operators have multiple options to act on the packet including the flexibility to: Filter on encapsulation header parameters, Layer 2 – 4 parameters in the outer or inner ■ headers (up to 5 layers of encapsulation) in any combination. For example: Forward traffic specific to a subset of VXLAN ID’s to one or more monitoring tools.
Page 695 GigaVUE-OS CLI Reference Guide Step Description Command Configure ports. (config) # port 1/1/x3 type network (config) # port 1/1/x4 type tool (config) # port 1/1/x1 type tool Configure a GigaSMART group and (config) # gsgroup alias gsg1 port-list 1/1/e1 associate it with a GigaSMART engine port.
Page 696 GigaVUE-OS CLI Reference Guide Step Description Command Create another second level map to (config) # map alias map2 filter on source and destination IP (config map alias map2) # type secondLevel (bi-directional). byRule (config map alias map2) # from vp1 (config map alias map2) # use gsop gsfil (config map alias map2) # to 1/1/x4 (config map alias map1) # gsrule add pass ipv4...
Page 697 GigaVUE-OS CLI Reference Guide Step Description Command Configure ports. (config) # port 1/1/x3 type network (config) # port 1/1/x4 type tool (config) # port 1/1/x1 type tool Configure a GigaSMART group and (config) # gsgroup alias gsg1 port-list 1/1/e1 associate it with a GigaSMART engine port.
Page 698 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias map2) # gsrule add pass ipv4 dst pos 1 value 1.1.1.2 255.255.255.255 (config map alias map2) # exit (config) # GTP Tunnel ID-Based Filtering The following example demonstrates filtering and forwarding traffic based on tunnel IDs included as part of the GTP user-plane messages.
Page 699 GigaVUE-OS CLI Reference Guide Step Description Command Configure a GigaSMART group and (config) # gsgroup alias gsg1 port-list 1/1/e1 associate it with a GigaSMART engine port. Configure the GigaSMART (config) # gsop alias gsfil apf set port-list gsg1 operation and assign it to the GigaSMART group.
Page 700 GigaVUE-OS CLI Reference Guide Step Description Command applies the GigaSMART operation, (config map alias m2) # use gsop gsfil and matches tunnel IDs specified (config map alias m2) # to 1/3/x15 by the gsrule. (config map alias m2) # from vp1 (config map alias m2) # gsrule add pass gtp gtpu-teid range 0x001e8490..0x001e8499 subset none...
Page 701 GigaVUE-OS CLI Reference Guide Command Step Description (config map alias test1a) # rule add pass macsrc 0000.0000.0000 0000.0000.0000 (config map alias test1a) # exit (config) # Create a second level map. (config) # map alias test1b (config map alias test1b) # type secondLevel byRule (config map alias test1b) # use gsop er2 (config map alias test1b) # to 1/1/g1...
Page 702 GigaVUE-OS CLI Reference Guide Step Description Command Configure one network and three (config) # port 1/1/x1 type network tool type of ports. (config) # port 1/1/x10 type tool (config) # port 1/1/x11 type tool (config) # port 1/1/x12 type tool Configure a GigaSMART group and (config) # gsgroup alias gsgrp1 port-list 1/1/e1 associate it with a GigaSMART...
Page 703 GigaVUE-OS CLI Reference Guide Step Description Command Create a second level map that (config) # map alias map2 takes traffic from the virtual port, (config map alias map2) # type secondLevel applies the GigaSMART operation, byRule matches the rules, and sends the (config map alias map2) # use gsop g1 traffic to one tool port.
Page 704 GigaVUE-OS CLI Reference Guide on short path labels rather than long network addresses, avoiding complex lookups in a routing table. The labels identify virtual links (paths) between distant nodes rather than endpoints. MPLS is a scalable, protocol-independent transport. In an MPLS network, data packets are assigned labels.
Page 705 GigaVUE-OS CLI Reference Guide Step Description Command Create a first level map to forward (config) # map alias to_vp traffic to the virtual port. (config map alias to_vp) # type firstLevel byRule (config map alias to_vp) # from 1/1/x3 (config map alias to_vp) # to vp1 (config map alias to_vp) # rule add pass ipver 4 (config map alias to_vp) # rule add pass macsrc 00:00:00:00:00:00 bidir...
Page 706 1/1/x4 : This can be applied to any protocol that is supported through header- stripping, for example: GTP, VXLAN, ISL, MPLS, MPLS+VLAN, VLAN, VN-Tag, fabric-path. ■ This is also supported for Gigamon tunnel decapsulation. ■ Step Description Command Configure ports.
Page 707 : This can be applied to any protocol that is supported through header stripping. GTP, VXLAN, ISL, MPLS, MPLS+VLAN, VLAN, VN-Tag, and fabric-path are all supported, as is Gigamon tunnel decapsulation. GigaVUE-OS CLI—Configuration Examples Configure GigaSMART Operations...
Page 708 GigaVUE-OS CLI Reference Guide Step Description Command Configure ports. (config) # port 1/1/x3 type network (config) # port 1/1/x4 type tool (config) # port 1/1/x1 type tool Configure a GigaSMART group and (config) # gsgroup alias gsg1 port-list 1/1/e1 associate it with a GigaSMART engine port.
Page 709 GigaVUE-OS CLI Reference Guide Step Description Command src pos 2 value 1.1.1.2 255.255.255.255 (config map alias map2) # gsrule add pass ipv4 dst pos 2 value 1.1.1.2 255.255.255.255 (config map alias map2) # exit (config) # Facilitating Overlapping Rules Because APF is implemented as a second level map operation, APF can also be leveraged for implementing basic overlapping rules.
Page 710 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias to_vp) # rule add pass portdst 80 bidir (config map alias to_vp) # exit (config) # Create a second level map to filter (config) # map alias map1 on HTTP traffic and slice it. (config map alias map1) # type secondLevel byRule (config map alias map1) # from vp1...
Page 711 GigaVUE-OS CLI Reference Guide Step Description Command Create a virtual port and associate it (config) # vport alias vp1 gsgroup gsg1 with the GigaSMART group. Create a first level map to forward (config) # map alias to_vp TCP traffic to the virtual port. (config map alias to_vp) # type firstLevel byRule (config map alias to_vp) # from 1/1/x3 (config map alias to_vp) # to vp1,1/1/x1...
Page 712 GigaVUE-OS CLI Reference Guide ASF and Buffer ASF Examples Refer to the following ASF examples (non-buffered): Example 1: ASF, Forward TCP Traffic ■ Example 2: ASF, Forward VNC Traffic ■ Example 3: ASF, Forward Traffic Matching a Pattern ■ Example 4: ASF, Forward GTP Traffic ■...
Page 713 GigaVUE-OS CLI Reference Guide Step Description Command Create a port group and specify the (config) # port-group alias portgrp1 port-list tool ports for load balancing. 1/1/x6,1/1/x7,1/2/x3,1/2/x4 Enable load balancing on the port (config) # port-group alias portgrp1 smart-lb group. enable Configure a GigaSMART group and (config) # gsgroup alias gsgrp1 port-list associate it with GigaSMART engine...
Page 714 GigaVUE-OS CLI Reference Guide Example 2: ASF, Forward VNC Traffic In Example 2, traffic from a Virtual Network Computing (VNC) application is forwarded from network port 1/1/x1 to tool port 1/1/x6. Packets will be matched with a VNC signature. Once a packet is matched, subsequent packets with the same IPv4 5tuple will be forwarded to the same destination as the matching packet.
Page 715 GigaVUE-OS CLI Reference Guide Step Description Command (config) # show gsop (config) # show map Example 3: ASF, Forward Traffic Matching a Pattern In Example 3, the traffic that matches a particular pattern (ymsg|ypns|yhoo) is forwarded from network port 1/1/x1 to tool port 1/1/x6 after adding a VLAN tag. Packets will be matched with the special signature.
Page 716 GigaVUE-OS CLI Reference Guide Step Description Command gsrule contains the special (config map alias map22) # type secondLevel signature. byRule (config map alias map22) # from vp1 (config map alias map22) # use gsop gsop1 (config map alias map22) # to 1/1/x6 (config map alias map22) # gsrule add pass pmatch RegEx "(ymsg|ypns|yhoo)"...
Page 717 GigaVUE-OS CLI Reference Guide Step Description Command Configure the combined (config) # gsop alias gsop1 apf set asf asf3 lb app asf GigaSMART operation. metric lt-conn port-list gsgrp1 Create a virtual port and associate it (config) # vport alias vp1 gsgroup gsgrp1 with the GigaSMART group.
Page 718 GigaVUE-OS CLI Reference Guide Step Description Command engine ports. Define the maximum number of (config) # gsparams gsgroup gsgrp1 resource sessions, in millions. buffer-asf 3 If needed, reload the GigaSMART (config) # card slot 3 down line card or module to allocate the Then to bring the GigaSMART line card or module back up: resources for buffer ASF.
Page 719 GigaVUE-OS CLI Reference Guide Step Description Command Display the configuration for this (config) # show gsgroup example. (config) # show gsparams (config) # show apps asf (config) # show gsop (config) # show vport (config) # show map Example 2: Buffer ASF, Drop YouTube Traffic In Example 2, the goal is to drop all YouTube traffic.
Page 720 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias map11) # to vp1 (config map alias map11) # rule add pass ipver 4 (config map alias map11) # exit (config) # Create a second level map. The (config) # map alias map22 gsrule specifies the traffic to (config map alias map22) # type secondLevel drop, using keywords.
Page 721 GigaVUE-OS CLI Reference Guide Step Description Command Create a flow session, specify the (config) # apps asf alias asf2 buffer count before the match, and (config apps asf alias asf2) # sess-field add ipv4- enable buffering. 5tuple outer (config apps asf alias asf2) # buffer-count-before- : The default protocol is match 3 TCP, so it does not need to be...
Page 722 GigaVUE-OS CLI Reference Guide Step Description Command Configure a GigaSMART group and (config) # gsgroup alias gsgrp1 port-list associate it with GigaSMART engine 1/3/e1,1/3/e2 ports. Define the maximum number of (config) # gsparams gsgroup gsgrp1 resource sessions, in millions. buffer-asf 2 If needed, reload the GigaSMART (config) # card slot 3 down line card or module to allocate the...
Page 723 GigaVUE-OS CLI Reference Guide Step Description Command (config) # Display the configuration for this (config) # show gsparams example. (config) # show gsgroup (config) # show gsop (config) # show map Example 5: Buffer ASF, Forward HTTPS Traffic on Non-Standard Port In Example 5, the goal is to forward HTTPS traffic that uses a non-standard Layer 4 port.
Page 724 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias map11) # rule add pass ipver 4 (config map alias map11) # exit (config) # Create a second level map. The (config) # map alias map22 gsrule specifies the traffic to pass. (config map alias map22) # type secondLevel The RegEx expression identifies the byRule...
Page 725 GigaVUE-OS CLI Reference Guide For details on the CLI commands in the following sections, refer to the following commands in the reference section: apps netflow ■ gsgroup ■ gsop ■ gsparams ■ ■ port ■ ip interface ■ Example 1: NetFlow Generation Configuration In Example 1, the steps set up a typical NetFlow Generation configuration.
Page 726 GigaVUE-OS CLI Reference Guide Step Description Command udp 2055 (config apps netflow exporter alias exp4) # ttl 64 (config apps netflow exporter alias exp4) # dscp 10 (config apps netflow exporter alias exp4) # template- refresh-interval 60 (config apps netflow exporter alias exp4) # snmp enable (config apps netflow exporter alias exp4) # exit (config) #...
Page 727 GigaVUE-OS CLI Reference Guide Parameter Description sampling The parameter that configures the sampling rate and enables sampling. In this example, the IP source and destination address on the incoming traffic is used to identify network traffic between the unique pair of source and destination addresses. Once unique flows are identified, the following parameters are collected and exported for each flow: IP source and destination address...
Page 728 Ex 1, Step 3: Configure the private pen gigamon dns query-name Monitor. (config apps netflow record alias rec3) # collect add private pen gigamon dns response-name number-of- collects 2 (config apps netflow record alias rec3) # collect add timestamp sys-uptime first...
Page 729 GigaVUE-OS CLI Reference Guide Ex 1, Step 3: Configure the Monitor Configure a NetFlow Generation Monitor and associate the NetFlow Generation Record to the specified NetFlow Generation Monitor. The following commands show the binding of the records. The commands also define the cache (holding statistics for unique flows).
Page 730 GigaVUE-OS CLI Reference Guide Configure a GigaSMART group and associate it with a GigaSMART engine port, as follows: (config) # gsgroup alias grp2 port-list 1/8/e2 To display the gsgroup configuration, use the following CLI command: (config) # show gsgroup The e port references the GigaSMART line card or module. Ex 1, Step 5: Configure the gsop Define a gsop to enable NetFlow Generation, as follows: (config) # gsop alias gsop2 flow-ops netflow port-list grp2...
Page 731 GigaVUE-OS CLI Reference Guide Ex 1, Step 8: Configure GigaSMART Params to Add a Monitor Update the GigaSMART parameters to include the NetFlow Monitor, as follows: (config) # gsparams gsgroup grp2 netflow-monitor add mon2 The monitor (mon2) was defined in Ex 1, Step 3: Configure the Monitor.
Page 732 GigaVUE-OS CLI Reference Guide Step Description Command Configure the first exporter. (config) # apps netflow exporter alias exp1 (config apps netflow exporter alias exp1) # format netflow version ipfix (config apps netflow exporter alias exp1) # destination ip4addr 1.1.1.1 (config apps netflow exporter alias exp1) # filter add pass ipv4 dst any value 1.1.1.1 255.255.255.248 (config apps netflow exporter alias exp1) # filter add pass vlan id any value 1...
Page 733 GigaVUE-OS CLI Reference Guide Step Description Command Configure the record. (config) # apps netflow record alias rec1 (config apps netflow record alias rec1) # netflow-version ipfix (config apps netflow record alias rec1) # match add ipv4 ttl (config apps netflow record alias rec1) # match add ipv6 traffic-class (config apps netflow record alias rec1) # collect add transport udp source-port(...
Page 734 GigaVUE-OS CLI Reference Guide Ex 2, Step 4: Configure the gsgroup Configure a GigaSMART group and associate it with a GigaSMART engine port, as follows: (config) # gsgroup alias grp port-list 1/8/e1 To display the gsgroup configuration, use the following CLI command: (config) # show gsgroup Ex 2, Step 5: Configure the gsop Define a gsop to enable NetFlow Generation, as follows:...
Page 735 GigaVUE-OS CLI Reference Guide Step Description Command (config ip interface alias test1) # exit Configure the second IP interface (config) # ip interface alias test2 and associate third NetFlow exporter (config ip interface alias test2) # attach 1/1/g2 to the IP interface. (config ip interface alias test2) # ip address 4.4.4.3 /29 (config ip interface alias test2) # gw 1.1.1.2...
Page 736 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias map1) # from 1/1/x1..x2 (config map alias map1) # to 1/1/g1 (config map alias map1) # exit (config) # Configure the second map. (config) # map alias map2 (This is also a first level map.) (config map alias map2) # type regular byRule (config map alias map2) # use gsop gsop1 (config map alias map2) # rule add pass ipver 4...
Page 737 GigaVUE-OS CLI Reference Guide Step Description Command ip4addr 10.50.22.25 (config apps netflow exporter alias exp1) # exit (config) # Ex 3, Step 2: Configure the Record Configure a NetFlow Generation Record, as follows: Step Description Command Configure the record. (config) # apps netflow record alias rec1 (config apps netflow record alias rec1) # netflow-version ipfix (config apps netflow record alias rec1) # match...
Page 738 GigaVUE-OS CLI Reference Guide Ex 3, Step 5: Configure the Virtual Port Configure a virtual port and associate it with the GigaSMART group, as follows: (config) # vport alias vp1 gsgroup grp Ex 3, Step 6: Configure the gsop Define a gsop to enable NetFlow Generation, as follows: (config) # gsop alias gsop_apf_netflow apf set flow-ops netflow port-list grp Ex 3, Step 7: Configure the Tool Port Identify the collector port and associate the port with the IP interface.
Page 739 GigaVUE-OS CLI Reference Guide Step Description Command (config map alias map1) # rule add pass macdst 00:00:00:00:00:00 00:00:00:00:00:00 (config map alias map1) # from 2/1/g1 (config map alias map1) # to vp1,2/1/g2,2/1/g3 (config map alias map1) # exit (config) # Configure the second map.
Page 740 GigaVUE-OS CLI Reference Guide Step Description Command (config apps netflow exporter alias exp1) # format netflow version ipfix (config apps netflow exporter alias exp1) # destination ip4addr 10.50.22.25 (config apps netflow exporter alias exp1) # exit (config) # Configure the second (config) # apps netflow exporter alias exp2 exporter.
Page 741 GigaVUE-OS CLI Reference Guide (config) # gsgroup alias grp2 port-list 11/3/e2 Ex 4, Step 5: Configure the Virtual Port Configure virtual ports and associate them with the GigaSMART group, as follows: (config) # vport alias vp1 gsgroup grp1 (config) # vport alias vp2 gsgroup grp2 Ex 4, Step 6: Configure the gsop Define the GigaSMART operation to enable masking, as follows: (config) # gsop alias gsop_mask_aa apf set masking protocol none offset 50 pattern aa length...
Page 742 GigaVUE-OS CLI Reference Guide Step Description Command Configure the first map. (This (config) # map alias map1 is a first level map.) (config map alias map1) # type firstLevel byRule (config map alias map1) # rule add pass macdst 00:00:00:00:00:00 00:00:00:00:00:00 (config map alias map1) # from 11/1/g1 (config map alias map1) # to vp1,vp2,11/1/g3 (config map alias map1) # exit...
Page 743 GigaVUE-OS CLI Reference Guide Modify a NetFlow Generation Monitor Configuration This example shows the modification of a NetFlow Generation Monitor configuration. Unlink the monitor from gsparams. gsparams gsgroup <gsgroup> netflow-monitor delete 2. Modify the monitor parameters. apps netflow monitor alias <monitor> record delete <record> <change monitor parameters>...
Page 744 GigaVUE-OS CLI Reference Guide GigaSMART Load Balancing Load balancing distributes GigaSMART outgoing traffic to multiple tool ports or multiple tunnel endpoint destinations. In this way, traffic processed by GigaSMART is shared. Stateful load balancing distributes GigaSMART processed traffic to multiple tool ports ■...
Page 745 GigaVUE-OS CLI Reference Guide Then distribution is as follows: For the port 1/1/x6, the distribution will be 50/(200)*100 = 25% For the port 1/1/x7 60, the distribution will be 60/200*100 = 30% For the port 1/1/x8 90, the distribution will be 90/200 *100 = 45% Step Description Command...
Page 746 GigaVUE-OS CLI Reference Guide Step Description Command in the GSOPs on those maps have to be the same. You cannot use a shared ■ collector map for load balancing. : In the rules, 2123 is GTP-c traffic and 2152 is GTP-u traffic. Create a second level map.
Page 747 GigaVUE-OS CLI Reference Guide Step Description Command Create a GigaSMART group and (config) # gsgroup alias gsgrp1 port-list 1/3/e1 specify ports. Enable replicate GTP-c packets to all (config) # gsparams gsgroup gsgrp1 lb tool ports in the load balancing port replicate-gtp-c enable group.
Page 748 GigaVUE-OS CLI Reference Guide Step Description Command Display load balancing statistics. (config) # show load-balance port-group stats alias portgrp1 Use the following command to display load balancing statistics: (config) # show load-balance port-group stats alias portgrp1 Stateless Loadbalancing Refer to the following examples: Example 1: GigaSMART Stateless Load Balancing ■...
Page 749 GigaVUE-OS CLI Reference Guide Step Description Command load balancing port group (config map alias map1) # exit (config) # in multiple maps, however, the load balancing metrics defined in the GSOPs on those maps have to be the same. You cannot use a shared ■...
Page 750 GigaVUE-OS CLI Reference Guide Step Description Command Create first level maps. (config) # map alias map1 Note the following: (config map alias map1) # type regular byRule You can specify only one (config map alias map1) # from 1/1/x1 ■ port group as part of the (config map alias map1) # to portgrp1 map tool port in the...
Page 751 GigaVUE-OS CLI Reference Guide Step Description Command Create a GSOP, including load (config) # gsop alias gsop1 lb hash ip-only balancing metric. inner port-list gsgrp1 Create first level and second level (config) # map alias map1 maps. (config map alias map1) # type regular byRule Note the following: (config map alias map1) # from 1/1/x1 You can specify only one...
Page 752 GigaVUE-OS CLI Reference Guide : Optional configuration for MPLS traffic handling. Inner IP (version 4) is located 70 bytes from the beginning of the packet. Task Description UI Steps Create a Port Group for GTP-c traffic # port-group alias pg1 and specify the tool ports.
Page 753 GigaVUE-OS CLI Reference Guide Task Description UI Steps Create an egress second level map to # map alias map22 process from vp1 GTP-u traffic use gsop gsop2 to pg2 gsrule add pass l4port dst pos 1 value 2152 exit Display port statistics for GTP-c traffic # show port stats port-list 1/1/x5..x6 Display load balancing statistics for # show load-balance port-group stats alias pg2...
Page 754 GigaVUE-OS CLI Reference Guide Task Description UI Steps rule add pass ipver4 rule add pass ipver6 exit Create an egress second level map to # map alias map23 process non GTP and fragmented from vp1 traffic use gsop gsop3 to pg3 gsrule add pass ipver pos 1 value 4 Enhanced Load Balancing 9 gsrule add pass ipver pos 1 value 6...
Page 755 GigaVUE-OS CLI Reference Guide The length will be the sum of the following: 4 bytes for ipsrc + 4 bytes for ipdst = 8 bytes. Use the following CLI command syntax to configure Example 1: (config) # gsparams gsgroup gsgrp1 flow-mask enable offset 34 length 8 Flow Masking Example 2 In Example 2, packets are expected to have one VLAN tag and two MPLS labels before the IP header.
Page 756 GigaVUE-OS CLI Reference Guide Step Description Command (config) # port 1/1/x3..x4 type inline-network (config) # (config) # inline-network alias in1 (config inline-network alias in1) # pair net-a 1/1/x5 and net-b 1/1/x6 (config inline-network alias in1) # exit (config) # (config) # inline-network alias in2 (config inline-network alias in2) # pair net-a 1/1/x3 and net-b 1/1/x4 (config inline-network alias in2) # exit...
Page 757 GigaVUE-OS CLI Reference Guide Step Description Command Configure the ICAP server group. (config) # apps icap server-group alias server_group (config apps icap server-group alias server_group) # server-list server1 (config apps icap server-group alias server_group) # exit (config) # Configure a GigaSMART group (config) # gsgroup alias gsg3e1 port-list 1/3/e1 and associate it with a GigaSMART engine port.
Page 758 GigaVUE-OS CLI Reference Guide Configure Passive SSL Decryption Examples The following sections provide examples of Passive SSL decryption. Refer to the following: Example 1: Passive SSL Decryption with a Regular Map and SSL private key ■ Example 2: Passive SSL Decryption with a Regular Map and SSL server certificate ■...
Page 759 GigaVUE-OS CLI Reference Guide Step Description Command enable Exit the GigaSMART group (config gsparams gsgroup gsgrp1) # exit configuration mode. (config) # Configure a GigaSMART (config) # gsop alias gdssl1 ssl-decrypt in-port any operation for Passive SSL out-port auto port-list gsgrp1 decryption.
Page 760 You can use the server certificate, fetched from the initial client-server negotiation and use the same to uniquely identify the corresponding private key configured in Gigamon box. The server-ip to private key service mapping is still supported. When none of the existing...
Page 761 GigaVUE-OS CLI Reference Guide Use map rules to filter on the IP address of the server and send everything to ■ GigaSMART. Configure a GigaSMART operation to listen on the in-port used by the server. The GigaSMART will drop other traffic. Use map rules to filter on the IP address of the server and in-port and send specific port ■...
Page 762 GigaVUE-OS CLI Reference Guide The following is a configuration example of the Hardware Security Module (HSM). For details on the CLI commands used in the following examples, refer to the following commands in the reference section: apps hsm ■ apps hsm-group ■...
Page 763 GigaVUE-OS CLI Reference Guide Step Description Command a server IP address and server-port 200 optionally, a server port number. Configure the keys residing (config) # apps keystore rsa key1 private-key on ncipher-HSM. download url http://10.115.0.100/tftpboot/myname/hsm/key_pkcs11_ ua88af6e573c9c6c39b245a15edfc3ebcbebbdae4f type ncipher-hsm Map the key to the service. (config) # gsparams gsgroup gsgrp ssl-decrypt key- map add service server_3 key key1 Optionally, configure other...
Page 764 GigaVUE-OS CLI Reference Guide Entrust nShield HSM for SSL Decryption for iSSL Hardware Security Modules (HSMs) are specialized systems that logically and physically safeguard cryptographic operations and cryptographic keys. HSMs protect sensitive data from being stolen by providing a highly secure operation structure. HSMs are comprehensive, self-contained solutions for cryptographic processing, key generation, and key storage.
Page 765 GigaVUE-OS CLI Reference Guide Step Description Command and KNETI from your HSM administrator. Create an HSM group (config) # apps hsm-group alias hsm-set device-type luna- alias and add at least hsm hsm-alias add hsm1 one HSM to it. Fetch HSM group key (config) # apps hsm-group alias hsm-set fetch key- handler binary files.
Page 766 GigaVUE-OS CLI Reference Guide Step Description Command Create a key map entry. (config apps inline-ssl profile alias sslprofile) # keymap add server server_001.autssl.qa.gigamon.com key server_ key_001 Configure GigaSMART (config) # gsgroup alias issl1-gsgroup port-list 1/2/e1 group and associate it with a GigaSMART engine port.
Page 767 GigaVUE-OS CLI Reference Guide Step Description Command admin to owner roles (config map alias issl1_l1_map) # rule add pass protocol tcp (config map alias issl1_l1_map) # to issl1-vport (config map alias issl1_l1_map) # from issl1-inline-network (config) # exit (config) # map alias issl1_l2_map (config map alias issl1_l2_map) # roles replace admin to owner_ roles (config map alias issl1_l2_map) # use gsop issl1-gsop...
Page 768 (config apps inline-ssl profile alias sslprofile) # exit (config) # Create a key map entry. (config apps inline-ssl profile alias sslprofile) # keymap add server server_ 001.autssl.qa.gigamon.com key server_key_001 Configure GigaSMART group (config) # gsgroup alias issl1-gsgroup port-list and associate it with a 1/2/e1 GigaSMART engine port.
Page 769 GigaVUE-OS CLI Reference Guide Step Description Command Configure the GigaSMART inline (config) # gsop alias issl1-gsop inline-ssl issl1_prof port-list SSL operation, specify the issl1-gsgroup profile, and assign the GigaSMART operation to the GigaSMART group. Configure a virtual port. (config) # vport alias issl1-vport gsgroup issl1- gsgroup Enable HSM group in gsparams.
Page 770 GigaVUE-OS CLI Reference Guide Step Description Command (config) # map alias issl1_l2_map (config map alias issl1_l2_map) # roles replace admin to owner_roles (config map alias issl1_l2_map) # use gsop issl1-gsop (config map alias issl1_l2_map) # to issl1-inline-tool (config map alias issl1_l2_map) # from issl1-vport (config) # exit (config) # map-scollector alias SCOL (config map-scollector alias SCOL) # roles replace admin...
Page 771 GigaVUE-OS CLI Reference Guide Display GigaSMART Statistics Use the following commands to display GigaSMART parameters, operations, and groups: GigaVUE-OS CLI—Configuration Examples Configure GigaSMART Operations...
Page 772 GigaVUE-OS CLI Reference Guide Command Summary show gsgroup alias <alias> all flow- Use this command to review settings and statistics for ops-report alias <alias> type flow- GigaSMART groups. A GigaSMART group is a combination of sampling | ssl-decryption | flow- one or more GigaSMART engine ports available in a single filtering <any | device-ip-mask <IP GigaVUE HC Series chassis.
Page 773 GigaVUE-OS CLI Reference Guide Command Summary GigaSMART group. You can also use the stats argument to check for packets dropped by a GigaSMART group. If packets are being dropped, this is an indication that you may have oversubscribed the GigaSMART group with operations.
Page 774 GigaVUE-OS CLI Reference Guide Summary Command static masking offset of 148 bytes that continues for enable port-list GS1 the next 81 bytes, writing over the existing data with an FF pattern. Then it attaches a GigaSMART trailer indicating the original size of the packet before masking, the original packet’s CRC, and the box ID, slot ID, and port ID of the physical input port on theGigaVUE HC Series node.
Page 775 GigaVUE-OS CLI Reference Guide The configuration examples for clustering is described in the following sections: Clustering a Node Using Layer 3 Out-of-Band Manual Discovery ■ Configuring Layer 3 Out-of-Band Manual Discovery ■ Create and Execute the Configuration Plans ■ How to Use Jump-Start Configuration on GigaVUE-OS®TA Series Nodes ■...
Page 776 GigaVUE-OS CLI Reference Guide (config) # cluster leader connect timeout 40 The default is 15 seconds. The values range from 10 to 120 seconds. The nodes residing on a different subnet are not capable of becoming a leader or a standby node.
Page 777 GigaVUE-OS CLI Reference Guide Step Description Command (config) # show chassis On the leader, add the box ID of (config) # chassis box-id <box the other nodes in the cluster. ID> serial-number <serial number> For all other nodes residing on the (config) # no cluster leader different subnet, disable auto- auto-discovery...
Page 778 Hardware Installation Guides. The script is illustrated as follows. The values entered for Steps 16-21 matching those in the configuration plan for our first node: Gigamon GigaVUE-OS HC Series Chassis gigamon-0d04f1 login: admin Gigamon GigaVUE-OS HC Series Chassis...
Page 779 GigaVUE-OS CLI Reference Guide GigaVUE-OS configuration wizard Step 1: Hostname? [TA1] Step 2: Management Interface <eth0> ? [eth0] Step 3: Use DHCP on eth0 interface? [yes] Step 4: Enable IPv6? [yes] Step 5: Enable IPv6 autoconfig (SLAAC) on eth0 interface? [no] Step 6: Enable DHCPv6 on eth0 interface? [no] Step 7: Enable secure cryptography? [no] Step 8: Enable secure passwords? [no]...
Page 780 GigaVUE-OS CLI Reference Guide Step 12: Cluster Interface <eth0> ? [eth0] Step 13: Cluster id (Back-end may take time to proceed)? [89] Step 14: Cluster name? [Cluster-89] Step 15: Cluster mgmt IP address and masklen? [10.115.25.89/21] Configure Cluster Connectivity – Configuration Plans Configuration Plan for qaChassis 13 (Box ID Commands Cluster ID...
Page 781 GigaVUE-OS CLI Reference Guide Configuration Plan for qaChassis 14 (Box ID Commands Cluster Leader VIP 10.150.56.71 /24 cluster leader address vip 10.150.56.71 /24 Cluster Control Interface eth0 cluster interface eth0 Cluster Mgmt Port IP (eth0) zeroconf interface eth0 zeroconf(IP Configuration for eth0 obtained automatically through default zeroconf setting) Enable Clustering...
Page 782 GigaVUE-OS CLI Reference Guide Configuration Plan for qaChassis 11 (Box Commands ID 11) Cluster ID 1010 cluster id 1010 Cluster Name 1010 cluster name 1010 Cluster Leader VIP 10.150.56.71 cluster leader address vip 10.150.56.71 /24 Cluster Control Interface eth0 cluster interface eth0 Cluster Mgmt Port IP (eth0) zeroconf interface eth0 zeroconf(IP Configuration for...
Page 783 GigaVUE-OS CLI Reference Guide Box ID Description Commands Registers the chassis with chassis box-id 14 the serial number of 80052 serial-num 80052 as box ID 14 and adds all its card all box-id 14 cards to the database. Registers the chassis with chassis box-id 10 the serial number of 80054 serial-num 80054...
Page 784 GigaVUE-OS CLI Reference Guide From here, we can see that all four nodes are connected to the cluster. Each node has an External and an Internal Address as follows: External Address – The IP address assigned to the Mgmt port on the control card for ■...
Page 785 GigaVUE-OS CLI Reference Guide Stack Links for Cluster Ports Commands 1010 qaChassis13 to qaChassis14 13/1/x8 to 14/8/x8 First, set the port-type to stack for both ends of the stack-link. Then, connect them with the stack-link command: port 13/1/x8 type stack port 14/8/x8 type stack stack-link alias c13-to-c14 between ports 13/1/x8 and 14/8/x8...
Page 786 GigaVUE-OS CLI Reference Guide The cluster is now up and running. You can log into the leader VIP and configure cross-node packet distribution using standard box ID/slot ID/port ID nomenclature. The following figure illustrates the cluster, along with its configuration. GigaVUE-OS CLI—Configuration Examples Configure Clustering...
Page 787 GigaVUE-OS CLI Reference Guide GigaVUE-OS CLI—Configuration Examples Configure Clustering...
Page 788 Add a Node to an Existing Cluster – Reset to Factory Defaults Gigamon recommends resetting a GigaVUE-OS node to its factory settings before adding it to an existing cluster. If moving a node from one cluster to another, you should use the "reset factory all"...
Page 789 Because of this, Gigamon recommends resetting a node's settings with the reset factory only-traffic command before adding it to an existing cluster.
Page 790 GigaVUE-OS CLI Reference Guide The node reloads automatically. 4. Apply the saved standalone configuration file. Inband Cluster Management Inband Cluster Management simplifies traditional network management and maintenance by creating a virtual device to manage multiple physical nodes. This simplified approach makes it possible to oversee large networks by defining policies that span across multiple devices.
Page 791 GigaVUE-OS CLI Reference Guide cluster interface inbandinterface inband ip address <ip address> /<subnet mask> De-configure the Inband cluster using the no CLI command: ■ no interface [eth2 | eth1] zeroconf Configure offline chassis with the type parameter: ■ chassis box-id <box ID> serial-num <serial-number> type [hc3 | ly2r | hc1 | itac | tacx | ta200|ta25|ta25a] Configure offline line card with the product-code parameter: card slot <box ID>/<slot ID>...
Page 792: Gigavue-Os
GigaVUE-OS CLI Reference Guide Configuration Issues to Consider Before you begin the Inband Cluster Management configuration, it is highly recommended that you understand and adhere to some known configuration issues that need consideration. : Ensure that there is a physical connection between the stack ports of the two nodes that are being added to the Inband cluster.
Page 793 Configuration Steps for Leader: Seattle Open an SSH or terminal session to the Seattle node. Part 1: Using the Jump-Start Wizard to Configure Node 1 2. In config, enter configuration jump-start to start the jump-start wizard: gigamon-0d0024 > enable GigaVUE-OS CLI—Configuration Examples Configure Clustering...
Page 794 GigaVUE-OS CLI Reference Guide gigamon-0d0024 # configure terminal gigamon-0d0024 (config) # configuration jump-start GigaVUE-OS configuration wizard 3. Enter the parameter values to configure the leader. Step 1: Hostname? [gigamon-0d0024] Seattle Step 2: Management interface <eth0 eth2 eth3>? [eth0] Step 3: Use DHCP on eth0 interface? no Step 4: Use zeroconf on eth0 interface? [no] Step 5: Primary IPv4 address and masklen? [0.0.0.0/0] 10.150.52.6/24...
Page 795 GigaVUE-OS CLI Reference Guide Seattle (config) # cluster id 600 Seattle (config) # cluster name 600 Seattle (config) # cluster leader address vip 10.150.52.233 /24 Seattle (config) # interface inband zeroconf Seattle (config) # 5. Enter show interfaces to perform a confirmation check. 6.
Page 796 GigaVUE-OS CLI Reference Guide Cluster control interface: inband : The cluster control interface is set to Inband. Cluster port: 60102 Cluster expected nodes: 2 Cluster startup time: 180 Cluster shared secret: 1234567890123456 Cluster leader preference: 60 Cluster leader auto-discovery enabled: yes Cluster leader manual port: 60102 Cluster leader virtual IP address: 10.150.52.233/24 Cluster leader management interface: eth0...
Page 797 Gigamon GigaVUE-OS Chassis System in classic mode gigamon-040077 > enable gigamon-040077 # configure terminal gigamon-040077 (config) # configuration jump-start GigaVUE-OS configuration wizard 2Enter the parameter values to configure the standby node. Step 1: Hostname? [gigamon-040077] Washington Step 2: Management interface <eth0 eth2 eth3>? [eth0]...
Page 798 GigaVUE-OS CLI Reference Guide Step 15: Confirm admin password? : In Step 16, accept the default of No so that you do not enable the cluster. Step 16: Cluster enable? [no] no : In Step 17, the value 8 indicates the box ID that you assign. Assign your box ID.
Page 799 GigaVUE-OS CLI Reference Guide Comment: Admin up: yes Link up: yes DHCP running: no IP address: : The IP address field is NULL for eth1. Netmask: IPv6 enabled: no Interface inband status: Comment: Admin up: yes Link up: yes DHCP running: no IP address: 169.254.228.191 Netmask: 255.255.0.0 IPv6 enabled: yes...
Page 800 GigaVUE-OS CLI Reference Guide Cluster leader management interface: eth0 Washington (config) # Washington (config) # show port params port 8/1/x5 Parameter 8/1/x5 ====================== =============== Name Alias: Type: stack Admin: enabled Link status: up : The Link Status indicates that the stack port is “up” state. Auto Negotiate: off Duplex: full Speed (Mbps): 10000...
Page 801 System in classic mode gigamon-0d0025 > enable gigamon-0d0025 # configure terminal gigamon-0d0025 (config) # configuration jump-start 3. Enter the parameter values to configure the target node. GigaVUE-OS configuration wizard Do you want to use the wizard for initial configuration? yes...
Page 802 GigaVUE-OS CLI Reference Guide Step 15: Confirm admin password? : In Step 16, accept the default No. Step 16: Cluster enable? [no] : In Step 17, assign a box ID for node 3. Step 17: Box-id for the chassis? [1] 21 : To change the answers in the jump-start wizard, enter the step number that you want to change.
Page 803 GigaVUE-OS CLI Reference Guide Comment: Admin up: yes Link up: yes DHCP running: no IP address: : The IP address field is NULL for eth1. Netmask: IPv6 enabled: no Interface inband status: Comment: Admin up: yes Link up: yes DHCP running: no IP address: 169.254.145.136 : The IP address field is automatically assigned.
Page 804 GigaVUE-OS CLI Reference Guide Boston (config) # Part 3: Configure Relevant Stack Ports and Node 3 Configuration on the Leader 9. On the leader command shell, configure local stack ports on the leader. Enter the configuration information as shown. Seattle [600: leader] (config) # card slot 4/2 Seattle [600: leader] (config) # port 4/2/x5..x6 type stack Seattle [600: leader] (config) # port 4/2/x5..x6 params admin enable Seattle [600: leader] (config) # gigastream alias smaller_bridge_4to21 port 4/2/x5..x6...
Page 805 GigaVUE-OS CLI Reference Guide MTU: 9400 9600 Force Link Up: off off Port Relay: N/A N/A 4On the command shell for the leader, ping the Washington node Inband interface. Seattle [600: leader] (config) # ping 169.254.145.136 PING 169.254.145.136 (169.254.145.136) 56(84) bytes of data. 64 bytes from 169.254.145.136: icmp_seq=1 ttl=64 time=3.44 ms 64 bytes from 169.254.145.136: icmp_seq=2 ttl=64 time=0.157 ms Part 5: Enable Cluster on the Joining Node 3...
Page 806 > enable gigamon-0d000f # configure terminal gigamon-0d000f (config) # configuration jump-start GigaVUE-OS configuration wizard 4. Enter configuration information for Node 4. Gigamon GigaVUE-OS GigaVUE-OS configuration wizard Do you want to use the wizard for initial configuration? yes...
Page 807 GigaVUE-OS CLI Reference Guide To return to the wizard from the CLI, enter the "configuration jump-start" command from configure mode. Launching CLI... System in classic mode Sanfrancisco > enable Sanfrancisco # configure terminal Sanfrancisco (config) # Part 2: Configure the Inband Cluster on the Remote Target Node 4 Node 4, Sanfrancisco, does not have a default cluster interface on GigaVUE-HB1, therefore you do not need to disable zeroconf feature like you would with the other nodes.
Page 808 GigaVUE-OS CLI Reference Guide Cluster leader manual port: 60102 Cluster leader virtual IP address: 10.150.52.233/24 Cluster leader management interface: eth0 Sanfrancisco (config) # Part 3: Configure Relevant Stack Ports and Offline Node 4 Configuration Information 6. Configure the stack ports in the cluster. Seattle [600: leader] (config) # card slot 8/5 Seattle [600: leader] (config) # port 8/5/x1 type stack Seattle [600: leader] (config) # port 8/5/x1 params admin enable...
Page 809 GigaVUE-OS CLI Reference Guide Duplex: full Speed (Mbps): 10000 MTU: 9400 Force Link Up: off Port Relay: N/A 10. On the command shell for the leader, ping the Washington node Inband interface. Seattle [600: leader] (config) # ping 169.254.179.192 PING 169.254.179.192 (169.254.179.192) 56(84) bytes of data. 64 bytes from 169.254.179.192: icmp_seq=1 ttl=64 time=1.81 ms 64 bytes from 169.254.179.192: icmp_seq=2 ttl=64 time=0.155 ms 64 bytes from 169.254.179.192: icmp_seq=3 ttl=64 time=0.136 ms...
Page 810 (GIK). The serial number and digital footprint can be obtained by using the following CLI command: (config) # show chassis The GIK is emailed to the customer once the Sales order is placed with Gigamon for the GigaVUE-OS Advanced Features License. How to Apply for Advanced Features License on GigaVUE TA Series Nodes Once you obtain the license key, use the following CLI command to enable the license: (config) # license install box-id <box ID>...
Page 811 GigaVUE-OS CLI Reference Guide (config) # license install box-id <box ID> key <license key> where: Box ID is the box ID of the GigaVUE TA Series node joining the cluster. ■ License Key is the Advanced Features License key for the joining GigaVUE TA Series ■...
Page 812 Part 1: Using the Jump-Start Wizard to Configure Node 1 In config, enter configuration jump-start to start the jump-start wizard: gigamon-0d0024 > enable gigamon-0d0024 # configure terminal gigamon-0d0024 (config) # configuration jump-start GigaVUE-OS configuration wizard 2. Enter the parameter values to configure the leader. Step 1: Hostname? [gigamon-0d0024] Seattle...
Page 813 GigaVUE-OS CLI Reference Guide Configuration changes saved. System in classic mode Seattle (config) # Part 2: Configuring Inband Cluster on the Leader 3. You need to disable the zeroconf feature on the default cluster interface on eth2 of the control card (HCCv2) in the Seattle node, and make cluster interface Inband with relevant cluster information.
Page 814 GigaVUE-OS CLI Reference Guide : The IP address field is automatically assigned. Netmask: 255.255.0.0 Seattle (config) # 2Enter show cluster configured to display the current cluster configuration. Seattle [600: leader] (config) # show cluster configured Global cluster config: Cluster enabled: no Cluster ID: 600 Cluster name: 600 Cluster control interface: inband...
Page 815 GigaVUE-OS CLI Reference Guide 5 no inserted GigaPORT-X12G04 132-0045 1450-0224 C2-a6 6 no inserted GigaPORT-Q02X32 132-0087 1870-0157 B2-a1 7 no inserted GigaPORT-C01 132-00A8 1A80-0107 A2-5 8 yes up GigaPORT-Q02X32/2q 132-0087 1870-0167 B2-a2 Seattle [600: leader] (config) # 8. Assign and enable the stack ports. Make them stack GigaStream. 9.
Page 816 Part 1: Using the jump-start wizard to configure the node: Do you want to use the wizard for initial configuration? yes Step 1: Hostname? [gigamon-5508f4] Washington Step 2: Management Interface <eth0> ? [eth0] Step 3: Use DHCP on eth0 interface? no Step 4: Use zeroconf on eth0 interface? [no] no Step 5: Primary IPv4 address and masklen? [0.0.0.0/0] 10.115.26.114 /21...
Page 817 GigaVUE-OS CLI Reference Guide Otherwise hit <enter> to save changes and exit. Choice: Configuration saved to database 'initial' Configuration changes saved. Part 2: Configure the Inband Cluster on the Remote Target GigaVUE TA Series Node Washington (config) # card slot 8/1 Washington (config) # license install box-id 8 key <Port_License>...
Page 818 GigaVUE-OS CLI Reference Guide : Stack interface should show as up. Washington (config) # show port params port-list 8/1/x5 Parameter 8/1/x5 ====================== =============== Name Alias: Type: stack Admin: enabled Link status: up : The Link Status indicates that the stack port is “up” state. Auto Negotiate: off Duplex: full Speed (Mbps): 10000...
Page 819 GigaVUE-OS CLI Reference Guide --------- --------- Box 8 --------- Slot Feature Parameters Expiration Date ------------------------------------------ 1 PORT - Never Chassis-Feature Parameters --------------------------- CLUSTER - Check the License on Washington Node System in classic mode Washington [600: normal] > en Washington [600: normal] # show license --------- Box 8 ---------...
Page 820 # configuration jump-start GigaVUE-OS configuration wizard 3. Enter the parameter values to configure the leader. Step 1: Hostname? [gigamon-5508f4] Seattle Step 2: Management Interface <eth0 eth2 eth3> ? [eth0] Step 3: Use DHCP on eth0 interface? no Step 4: Use zeroconf on eth0 interface? [no] no Step 5: Primary IPv4 address and masklen? [0.0.0.0/0] 10.115.26.114 /21...
Page 821 2. In config, enter configuration jump-start to start the jump-start wizard: gigamon-0d0024 > enable gigamon-0d0024 # configure terminal gigamon-0d0024 (config) # configuration jump-start GigaVUE-OS configuration wizard 3. Enter the parameter values to configure the standby node. Step 1: Hostname? [gigamon-5508f4] Sanfrancisco Step 2: Management Interface <eth0 eth2 eth3>...
Page 822 GigaVUE-OS CLI Reference Guide Step 8: Domain name? gigamon.com Step 9: Enable IPv6? [yes] Step 10: Enable IPv6 autoconfig (SLAAC) on eth0 interface? [no] Step 11: Enable DHCPv6 on eth0 interface? [no] Step 12: Enable secure cryptography? [no] Step 13: Enable secure passwords? [no]...
Page 823 2. In config, enter configuration jump-start to start the jump-start wizard: gigamon-5508f4 > enable gigamon-5508f4 # configure terminal gigamon-5508f4 (config) # configuration jump-start GigaVUE-OS configuration wizard 3. Enter the parameter values to configure the GigaVUE-OS TA100 Series node. Step 1: Hostname? [gigamon-5508f4] Washington Step 2: Management Interface <eth0>...
Page 824 GigaVUE-OS CLI Reference Guide Washington (config) # 4. Apply cluster and inband interface settings on the TA00 series node. Washington (config) # cluster interface inband Washington (config) # cluster id 600 Washington (config) # cluster name 600 Washington (config) # cluster leader address vip 10.115.26.151 /21 Washington (config) # interface inband zeroconf 5.
Page 825 GigaVUE-OS CLI Reference Guide Washington (config) # card slot 10/3 product-code 132-00BY Washington (config) # port 10/3/c2 type stack Washington (config) # port 10/3/c2 params admin enable Washington (config) # stack-link alias hc3-10-to-ta100-11 between port 10/3/c2 and 11/1/c17 Washington (config) # chassis box-d 3 serial num 40201 type hc3-ccv2 Washington (config) # card slot 3/3 product-code 132-00BY Washington (config) # port 3/3/c6 type stack Washington (config) # port 3/3/c6 params admin enable...
Page 826 GigaVUE-OS CLI Reference Guide Washington [600: *unknown*] (config) # The following example shows the CLI commands to switch from an Inband to an Out-of- Band cluster for a GigaVUE-HC1 node. CLI command syntax: cluster interface eth0 no interface inband zeroconf 4.
Page 827 GigaVUE-OS CLI Reference Guide CLI command syntax: cluster interface inband no interface eth1 zeroconf interface inband zeroconf | interface inband <ip address / ip mask> 3. Open a command shell in the Washington node (GigaVUE-HC3 CCv2) and run the following CLI commands: Washington [600: standby] (config) # cluster interface inband Washington [600: *unknown*] (config) # interface inband zeroconf Washington [600: *unknown*] (config) # no interface eth1 zeroconf...
Page 828 GigaVUE-OS CLI Reference Guide Step Command To remove Seattle [600: Node1chassis-member] (config) # no cluster enable Node1chassis- member from cluster Seattle To configure Node1chassis-member (config) # cluster interface eth0 ipv6 the IP protocol Node1chassis- member as IPv6 To add Node1chassis-member (config) # cluster id 100 Node1chassis- Node1chassis-member (config) # cluster name 100 Seattle [100: Node1chassis-member] (config) # cluster enable...
Page 829: Troubleshooting
GigaVUE-OS CLI Reference Guide To remove the Node1chassis-member (config) # no cluster leader primary ip Node1chassis-member (config) # no cluster leader secondary ip primary and secondary IP address To configure Node1chassis-member (config) # cluster interface eth0 ipv6 the IP protocol Node1chassis- member as IPv6 To add Node1chassis-member (config) # cluster id 100...
Page 830: Cluster Commands
GigaVUE-OS CLI Reference Guide Handling System Failure in a Cluster Environment Every node in a cluster environment has its own copy of the current database specifying all aspects of packet distribution configuration. If a leader ever does go down, the standby node automatically takes possession of the leader VIP address so the cluster can remain operative.
Page 831 GigaVUE-OS CLI Reference Guide : A good rule of thumb is that if a command takes a box ID as part of its arguments, it can be configured for an individual node from the cluster’s leader/VIP address. If a command does not take a box ID as part of its arguments, the corresponding setting must be configured from the individual clustered nodes.
Page 832 GigaVUE-OS CLI Reference Guide Local Commands The following commands must be made on a local node – they are not synchronized from the leader. hostname ip settings for Mgmt port : Although you configure a clustered node’s IP settings for the Mgmt port over its local console port, the settings once made are stored in the global configuration database along with node’s box ID.
Page 833 GigaVUE-OS CLI Reference Guide Cluster Diagnostics To diagnose cluster-related issues, you can display the cluster membership history. The show cluster history command displays a history of the most recent 200 cluster-related events for a node. The cluster membership events include joins, leaves, membership updates, and initial configuration synchronizing.
Page 834: Cli Configuration Example
GigaVUE-OS CLI Reference Guide (config) # show cluster history box-id 2 If you use the following command when you are not on the leader, an error message is displayed: (config) # show cluster history box-id 2 Not leader - can only display cluster log for local box (1). Configure Multi-Path Leaf and Spine The leaf and spine architecture is a two-layer architecture used for network aggregation.
Page 835 GigaVUE-OS CLI Reference Guide It is assumed that the out-of-band cluster has already been configured prior to this configuration example. One of the nodes in the cluster is the leader. The configuration steps are done from the leader node. TheFigure 27Leaf Spine Topology, incoming traffic arrives on Leaf1.
Page 836 GigaVUE-OS CLI Reference Guide leaf2, spine2 stack link (l2s2sl), between l2s2gs and s2l2gs ■ leaf3, spine2 stack link (l3s2sl), between l3s2gs and s2l3gs ■ CLI Configuration Commands Use the following CLI commands to configure the multi-path leaf and spine architecture of the nodes in a cluster environment, in the following order: Define stack GigaStream.
Page 837 GigaVUE-OS CLI Reference Guide Configure GigaVUE HC Series Security Options The GigaVUE HC Series node provides an interlocking set of options that let you create a comprehensive security strategy for the node. Refer to the GigaVUE-OS Administration Guide for detailed information. Refer to the following sections for configuration examples.
Page 838 GigaVUE-OS CLI Reference Guide Step Description Command that are duplicates of it. (config) # ip filter chain INPUT rule append tail target DROP dup-delete dest-port 111 in-intf eth0 protocol udp Enable IP filtering. (config) # ip filter enable Display IP filter configuration (config) # show ip filter Management Port Security Management port security lets you restrict the exchange of packets through the...
Page 839 GigaVUE-OS CLI Reference Guide Step Description Command Configure a rule for the chain and (config) # ip filter chain INPUT rule append tail specify the first to the fifth source IP target ACCEPT source-addr 10.50.22.130 addresses. (Append tail adds a new 255.255.255.255 rule after all existing rules.) (config) # ip filter chain INPUT rule append tail...
Page 840 GigaVUE-OS CLI Reference Guide Step Description Command Configure a policy for the chain. DROP (config) # ip filter chain INPUT policy DROP means that any packets not matching a rule in the INPUT chain will be dropped. Enable IP filtering. (config) # ip filter enable Display IP filter configuration (config) # show ip filter...
Page 841 GigaVUE-OS CLI Reference Guide Configure NTP Server Security This sample configuration is for an out-of-band cluster environment. You configure the management IP addresses of the permitted hosts or cluster nodes and the workstation hosts that are permitted to access the nodes. To implement NTP server security, execute the following commands: Step Description...
Page 842 GigaVUE-OS CLI Reference Guide Allowing IGMP Traffic IP filter chains can also be used to allow IGMP protocol traffic in a clustering environment. Refer to the “Best Practices for OOB Clusters with IGMP Snooping” section in the GigaVUE Fabric Management Guide for details. Disable a Serial Console Port For security reasons, it may be necessary at times to disable a serial console port.
Page 843 GigaVUE-OS CLI Reference Guide Step Description roles assigned, giving them access to different sets of ports. Use the username command to assign roles. The syntax is as follows: (config) # username <username> roles [add | replace] <roles> As with most CLI commands, you can preface this command with no to remove selected roles from a specified users.
Page 844 GigaVUE-OS CLI Reference Guide When performing tasks on a <port-list>, the access granted is the lowest level among ■ all the ports in the list. For example, if the user jhalladay has Level 2 rights on 2/3/x4 and Level 3 rights on 3/4/x6..x8, the system would not allow jhalladay to perform a task requiring Level 3 permissions on a port-list containing both 2/3/x4 and 3/4/x6..x8.
Page 845 GigaVUE-OS CLI Reference Guide Component Show Create Delete Modify on all GigaSMART engine permissions on all of the GigaSMART ports in the GigaSMART engine ports in the GigaSMART group group to which the gsop to which the gsop is assigned for is assigned for processing.
Page 846 GigaVUE-OS CLI Reference Guide CLI Commands for Role-Based Access The main commands for role-based access are summarized in the following table: CLI Commands for Role-Based Access show usernames Reviewing User and Role Assignments show usernames assignment <all | alias> // show user assignments, including roles, locks, and lock-shares show role assignment <all | alias>...
Page 847 GigaVUE-OS CLI Reference Guide CLI Commands for Role-Based Access [no] port <ids> lock user <username> // Administrator uses to lock ports for another user [no] port <ids> lock-share user <user name> // Lock owner can use this to share access to port at sharer’s permission level.
Page 848: Configure Aaa
GigaVUE-OS CLI Reference Guide Admin-Only CLI Commands [no] port <port-id> assign * snmp-server community <community> chassis migrate * snmp-server enable communities no traffic all snmp-server enable mult-communities [no] clock [no] cluster halt [no] hostname [no] interface [no] ip [no] ipv6 [no] ntp ntpdate [no] ptp...
Page 849 (config) # radius-server host 192.168.0.62 Adds a RADIUS server at IPv4 address 192.168.0.62 to the key gigamon GigaVUE HC Series node’s list. (config) # radius extra-user-params roles Allows the RADIUS server to include additional roles for a enable remotely authenticated user in the response.
Page 850 GigaVUE-OS CLI Reference Guide Command Comments (config) # radius-server host 192.168.1.212 Specifies that: auth-port 5150 key lowkey retransmit 5 Users logging in through RADIUS will be authenticated ● timeout 30 against the RADIUS server at IPv4 address 192.168.1.212. Authentication packets will be encrypted using the ●...
Page 851 The last command sets the authorization service to ● gigamon for successful integration with Cisco ACS 5.x. (config) # tacacs-server host Specifies that: 2001:db8:a0b:12f0::11:49 auth-port 4949 Users logging in through TACACS+ will be ●...
Page 852 GigaVUE-OS CLI Reference Guide Command Comments and 45, respectively). : If this command was used after the command in the previous row, this server would be the backup TACACS+ server for the previously-specified server. (config) # tacacs-server host Specifies a TACACS+ server host by hostname. www.MyCo.com : Starting in software version 5.6, GigaVUE-OS supports dynamic Fully Qualified Domain Name (FQDN)
Page 853 Configure an IPv6 Address Use the following CLI command to configure an IPv6 address for a TACACS+ server: (config) # tacacs-server host 2001:db8:a0b:12f0::17/120 key gigamon enable To enable IPv6 on the GigaVUE-OS node, there are more configuration steps. Refer to...
Page 854 GigaVUE-OS CLI Reference Guide ldap base-dn cn=Users,dc=example,dc=com (directory tree search path) ldap port 636 (ssl: 636, none-ssl: 389) ldap host <dns name of server> (ip address will not work) In environments where the device is isolated from DNS, use the following: ip host <host>.<domain>.<com>...
Page 855 GigaVUE-OS CLI Reference Guide aWZvcm5pYTERMA8GA1UEBwwITWlscGl0YXMxEDAOBgNVBAoMB0dpZ2Ftb24xCzAJBgNVBAsMAlFBMRAwDgYDVQQDDAdi ZXJuYXJkMSkwJwYJKoZIhvcNAQkBFhpiZXJuYXJkLmFydG9sYUBnaWdhbW9uLmNvbTAeFw0x MzEwMTcxOTQzNDJaFw0xNDEwMTcxOTQzNDJaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8G A1UEBwwITWlscGl0YXMxEDAOBgNVBAoMB0dpZ2Ftb24xCzAJBgNVBAsMAlFBMRAwDgYDVQQDDAdiZXJuYXJkMSkwJwYJ KoZIhvcNAQkBFhpiZXJuYXJkLmFydG9sYUBnaWdhbW9uLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwSM5 dHUaZUcI8vTdd+l/I+2dXxamSFI2xLLS54WunKaLfI9Fm6FS6NYzoPY7SAS+Y5qtsFR5di+duPhpylcDTCDUBa0CMzdt zt0qGR3uuxClNWt6cBKFaLGMwqgxe+XAtqt5S5FzEXZGZp9bmuwpLhpXm7Dhhkfa+YjkzHhbeoECAwEAAaNQME4wHQYD VR0OBBYEFGB4M/57N9yDBT3ODiUV4r/Evk6BMB8GA1UdIwQYMBaAFGB4M/57N9yDBT3ODiUV4r/Evk6BMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYlasOq3/oB8Yu7Y44NZnbrhrWUZZleYNLa3c8+8KnSvVZYsUZJBUXNthOs3n vlRW+Z8H9J1D9PkC/a5ym2Na3AU0zXpTt7HQA0cfemKJqJ7XIF/7AUOJSjIxxLMQL+2tGkc5on8No27wn5UgLFzbn9Zz U/QDkD3eKOvKtQW50Ok= -----END CERTIFICATE-----" Successfully installed certificate with name 'mycert' Examples The following ldap commands demonstrate different ways to add an LDAP server to the GigaVUE HC Series node’s list: Command Comments (config) # ldap host 192.168.0.62...
Page 856 GigaVUE-OS CLI Reference Guide Command Comments of v3. The global timeout values is now set to 35 seconds. ● : If this command was used after the command in the previous row, this server would be the backup LDAP server for the previously-specified server. You can always change the order of LDAP servers by using the ldap host <host>...
Page 857: Ipv6 Configuration Example
GigaVUE-OS CLI Reference Guide The following commands reset the LDAP port, timeout, and version back to their default settings: (config) # no ldap port (config) # no ldap timeout (config) # no ldap version The show ldap output looks as follows after making these changes: Figure 32 show ldap Output after Resetting Values to Defaults Configuring an IPv6 Address Use the following CLI command to configure an IPv6 address for an LDAP server:...
Page 858 GigaVUE-OS CLI Reference Guide Description Command Use the configuration jump- (config) # configuration jump-startGigaVUE-OS configuration start wizard on the wizardStep 1: Hostname? [gigamon1]Step 2: Management GigaVUE-HC3 to specify the Interface <eth0> ? [eth0]Step 3: Use DHCP on eth0 interface? eth0 Management interface, [no] yesStep 4: Enable IPv6? [no] yesStep 5: Enable IPv6 enable DHCP on eth0, autoconfig (SLAAC) on eth0 interface? [no] yesStep 6: Enable...
Page 859 GigaVUE-OS CLI Reference Guide Description Command routable and are on the same subnet. Also ensure your network switches, routers, and firewalls are configured in such way to allow IPv6 packets to reach their destination. Verify the IPv6 routing table. (config) # show ipv6 route Destination prefix Gateway Interface...
Page 860: Node, Configure
ACCOUNT STATUS admin System Administrator Password set Configure the IPv6 address (config) # tacacs-server host 2001:db8:a0b:12f0::11 key for the TACACS+ server. gigamon enable Verify the TACACS+ server (config) # show tacacs IPv6 address. TACACS+ servers: 2001:db8:a0b:12f0::11:49 Ping the TACACS+ server to (config) # ping6 -I eth0 2001:db8:a0b:12f0::11 verify that it is reachable.
Page 861: On The Gigavue-Os
GigaVUE-OS CLI Reference Guide Step Description Command server listens. : Use the logging command to specify an IPv4 address, an IPv6 address, or a hostname. Generate Public Key On the (config) # ssh client user admin identity rsa2 generate GigaVUE-OS node, generate a public key for a user account...
Page 862: Table Of Contents
GigaVUE-OS CLI Reference Guide Step Description Command On the syslog # cd .ssh server, change the directory to .ssh. On the syslog For example, using the vi editor: server, edit the # vi authorized_keys authorized_keys Paste the key contents that you copied in the previous step into the file, located in authorized_keys file in the following format <copied public key>...
Page 863: System Parameters
GigaVUE-OS CLI Reference Guide CLI Parameter Limits This appendix provides information on supported ranges and default values for packet distribution and system parameters in the GigaVUE-OS. Refer to the following sections for details: System Parameters ■ User Parameters ■ CLI limits Second Level Map Parameters ■...
Page 864: User Parameters
GigaVUE-OS CLI Reference Guide Parameter Value Node Maximum number of NTP Servers per Node Unlimited*, 5 (recommended) Maximum number of Syslog Servers per Node Unlimited*, 5 (recommended) Maximum number of simultaneous sessions to a node Unlimited, based on system resources by an admin user through any access method (SSH, HTTPS, SCP, SFTP) Maximum number of simultaneous sessions to a node...
Page 865 GigaVUE-OS CLI Reference Guide CLI limits GigaStream Maximums Refer to the "Maximum Ports per GigaStream" section in the GigaVUE Fabric Management Guide. CLI limits Map Rule Maximums Refer to the "How Many Map Rules are Supported?" section in the GigaVUE Fabric Management Guide.
Page 866 GigaVUE-OS CLI Reference Guide : When backslash (\) and quotation mark (") are used at the very end of an alias, a newline is appended to the alias. (config) # map ali m\> (config map alias m^J) # from 1/1/g2 CLI Parameter Limits Alias Limitations...
Page 867: Additional Sources Of Information
Release; view Documentation Downloads download all PDFs. Table 1: Documentation Set for Gigamon Products GigaVUE-OS 6.7 Hardware and Software Guides ? If you keep all PDFs for a release in common folder, you can easily search across the doc set ID YOU KNOW by opening one of the files in Acrobat and choosing Edit >...
Page 868 GigaVUE Cloud Suite Deployment Guide - VMware (ESXi) GigaVUE Cloud Suite Deployment Guide - VMware (NSX-T) GigaVUE Cloud Suite Deployment Guide - Third Party Orchestration Universal Cloud TAP - Container Deployment Guide Gigamon Containerized Broker Deployment Guide Additional Sources of Information Documentation...
Page 869 GigaVUE Firewall and Security Guide GigaVUE Licensing Guide GigaVUE-OS Cabling Quick Reference Guide guidelines for the different types of cables used to connect Gigamon devices GigaVUE-OS Compatibility and Interoperability Matrix compatibility information and interoperability requirements for Gigamon devices GigaVUE-FM REST API Reference in GigaVUE-FM User's Guide...
Page 870: Documentation Feedback
Product: "GigaVUE-FM" and Release: "5.6," enter "pdf" in the search box, and then click GO to view all PDF documentation for GigaVUE-FM 5.6.xx. : My Gigamon is available to registered customers only. Newer documentation PDFs, with the exception of release notes, are all available through the publicly available online documentation.
Page 871: Contact Technical Support
You can also refer to https://www.gigamon.com/support-and-services/contact-support Technical Support hours and contact information. Email Technical Support at support@gigamon.com. Contact Sales Use the following information to Gigamon channel partner or Gigamon sales representatives. Telephone: +1.408.831.4025 Additional Sources of Information Contact Technical Support...
Page 872 Gigamon users, partners, security and network professionals and Gigamon employees come together to share knowledge and expertise, ask questions, build their network and learn about best practices for Gigamon products. Visit the VÜE Community site to: Find knowledge base articles and documentation ■...
Page 873 GigaVUE-OS CLI Reference Guide Glossary decrypt list need to decrypt (formerly blacklist) decryptlist need to decrypt - CLI Command (formerly blacklist) drop list selective forwarding - drop (formerly blacklist) forward list selective forwarding - forward (formerly whitelist) leader leader in clustering node relationship (formerly master) member node follower in clustering node relationship (formerly slave or non-master) no-decrypt list...
Page 874 GigaVUE-OS CLI Reference Guide nodecryptlist no need to decrypt- CLI Command (formerly whitelist) primary source root timing; transmits sync info to clocks in its network segment (formerly grandmaster) receiver follower in a bidirectional clock relationship (formerly slave) source leader in a bidirectional clock relationship (formerly master) Glossary...

This manual is also suitable for:

Gigavue-hc1 Gigavue-hc3 Gigavue-hc1-plus Gigavue-hct Gigavue-ta25 Gigavue-ta25e ... Show all

Gigamon GigaVUE-OS HC Series Reference Manual

Quick Links

Need help?

Questions and answers

Related Manuals for Gigamon GigaVUE-OS HC Series

Summary of Contents for Gigamon GigaVUE-OS HC Series

This manual is also suitable for:

Table of Contents