Example 1A—Unprotected Flexible Inline Netlag, One Collector Map

Example 1 has one inline netlag, five inline tools, and a collector map that acts as a passall, sending all traffic through all tools.

The following two inline networks are configured in one inline netlag:

■   inline network alias n0102, based on ports x1 and x2
■   inilne network alias n0304, based on ports x3 and x4

For example, the inline tools can be Web Application Firewall (WAF), Intrusion Prevention System (IPS), Advanced Persistent Threat (APT).

The inline tool aliases are t0708 to t1516, based on ports x7 to x16.

Use the following steps to configure Example 1A:

Step

Description

Command

1.    

Configure inline network ports, port type (inline-network), and administratively enable inline network ports.

(config) # port 1/3/x1..x4 type inline-network

(config) # port 1/3/x1..x4 params admin enable

2.  

Configure inline network.

(config) # inline-network alias n0102 pair net-a 1/3/x1 and net-b 1/3/x2

(config) # inline-network alias n0304 pair net-a 1/3/x3 and net-b 1/3/x4

 

3.  

Configure inline network lag.

(config) # inline-netlag alias n0607

network-list n0102,n0304

4.  

Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 1/3/x7..x16 type inline-tool

(config) # port 1/3/x7..x16 params admin enable

5.  

Configure inline tools, specify that the inline tool is going to be shared by different sources, and enable them.

Note:  The tag is optional. The default is auto, which automatically assigns tags.

(config) # inline-tool alias t0708 pair tool-a 1/3/x7 and tool-b 1/3/x8

(config) # inline-tool alias t0708 shared true

(config) # inline-tool alias t0708 enable

(config) # inline-tool alias t0910 pair tool-a 1/3/x9 and tool-b 1/3/x10

(config) # inline-tool alias t0910 shared true

(config) # inline-tool alias t0910 enable

(config) # inline-tool alias t1112 pair tool-a 1/3/x11 and tool-b 1/3/x12

(config) # inline-tool alias t1112 shared true

(config) # inline-tool alias t1112 enable

(config) # inline-tool alias t1314 pair tool-a 1/3/x13 and tool-b 1/3/x14

(config) # inline-tool alias t1314 shared true

(config) # inline-tool alias t1314 enable

(config) # inline-tool alias t1516 pair tool-a 1/3/x15 and tool-b 1/3/x16

(config) # inline-tool alias t1516 shared true

(config) # inline-tool alias t1516 enable

6.  

Configure collector map from inline network to inline tools in both directions, add user-defined tag, and enable map.

(config) # map alias FLEX1

(config map alias FLEX1) # type flexInline collector

(config map alias FLEX1) # from n0607

FLEX1) # a-to-b t0708,t0910,t1112,t1314,t1516

(config map alias FLEX1) # b-to-a reverse

(config map alias FLEX1) # tag 100

(config map alias FLEX1) # enable

(config map alias FLEX1) # exit

(config) #

7.  

Configure the path of the traffic to inline tools.

(config) # inline-network alias n0102 traffic-path to-inline-tool