Configure Inline Tool Ports and Inline Tools
An inline tool consists of a pair of inline tool ports that run at the same speed, on the same medium (fiber or copper). Both the inline tool ports must be on the same GigaVUE-HC series node. Moreover, the inline tool ports must be on the same GigaVUE-HC series node in which the inline network ports reside. The inline tools are attached to the inline tool ports.
An inline tool can also be a pass-through device that performs packet inspection and selective forwarding, such as Intrusion Protection System (IPS). This is a physical device, external to the GigaVUE HC series node.
To configure the inline tool ports and the inline tools:
|
1.
|
On the left navigation pane, go to Physical > Orchestrated Flows > Inline Flows, and then click Configuration Canvas to create a new Flexible Inline Canvas. |
|
2.
|
In the Flexible Inline Canvas that is displayed, select the required device for which you want to configure the inline tool. |
|
3.
|
Click the ‘+’ icon next to the Inline Tool option to create a new inline tool. |
|
4.
|
In the Properties pane, in the Alias and Description fields, enter a name and description for the inline tool. |
|
5.
|
From the Type drop-down list, select one of the following options: |
|
o
|
External—To configure a third-party tool. |
|
o
|
GigaVUE Node—To configure a GigaVUE node as a tool. |
|
6.
|
Click Port Editor, and in the Quick Port Editor, scroll down to the inline tool ports that you wish to configure. Select Enable to administratively enable the inline tool ports, and then click OK. |
|
7.
|
From the Port A and Port B drop-down lists, select the inline tool ports according to the direction the inline tool expects traffic from the network. |
|
8.
|
Verify that the Enabled check box is selected. |
|
9.
|
From the Failover action drop-down list, select one of the following options: |
|
o
|
Tool Bypass—For every map involving the inline tool or inline tool group that triggered this failover action, the traffic coming to such an inline tool or inline tool group is redirected to the next inline tool or inline tool group in the ordered list defined in Port A and Port B or to the respective inline network port. |
|
o
|
Network Bypass—All inline networks configured as the source of any map involving the inline tool or inline tool group that triggered this failover action, will be put in the bypass mode, that is, all traffic coming to side A will be directed to side B and vice versa. |
|
o
|
Tool Drop—For every map involving the inline tool or inline tool group that triggered this failover action, the traffic coming to such an inline tool or inline tool group is dropped and the traffic is redirected to a dummy VLAN with no members. |
Note: When failover-action 'drop' is triggered for an inline-tool present in the Flex iSSL solution, all the traffic entering GigaSMART is dropped at vport.
|
o
|
Network Drop—All inline networks configured as the source of any map involving the inline tool or inline tool group that triggered this failover action, will be put in the drop mode, that is, all traffic coming to side A or side B will be dropped. |
|
o
|
Network Port Forced Down—For all inline networks configured as the source of any map involving the inline tool or inline tool group that triggered this failover action, the inline network ports will be brought down. |
|
10.
|
Select the Recovery Mode as manual or automatic. |
|
11.
|
Select the Enable check box for the Inline tool Sharing mode if you want to define additional tags on the tool side. |
Note: If you choose to disable the Inline tool Sharing mode, the inline tool can be used only in one flexible inline map.
|
12.
|
From the Flex Traffic Path drop-down list, select one of the following options: |
|
o
|
Drop—Traffic is dropped at the inline tool. |
Note: When failover-action 'drop' is triggered for an inline-tool present in the Flex iSSL solution, all the traffic entering GigaSMART is dropped at vport.
|
o
|
Bypass—Traffic bypasses the inline tool. Use this option for performing maintenance on an inline tool. |
|
o
|
Monitoring—Traffic is fed to the inline tool and absorbed, while a copy of the traffic is sent to the next inline tool in the sequence. Traffic returned from side B of the network is also absorbed at the inline tool in the monitoring mode. |
|
o
|
To Inline Tool—Traffic is forwarded to the inline tool. |
|
13.
|
Select the Enable check box below the Regular Heartbeat, if required, and then from the Regular Heartbeat Profile drop-down list, select a suitable profile. |
|
14.
|
In the HB IP Address A and HB IP Address B fields, enter the IP address of side A and side B defined in the Heartbeat profile. |
|
15.
|
Select the Enable check box below the Negative Heartbeat, if required, and then from the Negative Heartbeat Profile drop-down list, select a suitable profile. |
|
16.
|
Click OK to save the configuration. |
|
17.
|
Drag the Inline Tool object to the canvas. |
|
18.
|
Configure the required flexible inline maps and then, click Deploy. |