Big Monitoring Fabric Inline Topology




Controller CLI Configuration Examples


Below are controller CLI configuration examples for this lab envrionment.
Note: The controller-node <id> elements below will differ in your environment. They are included for reference only.

Full Controller Configuration

!
! Big Monitoring Fabric 6.3.4 (bmf/bmf-6.3.4 #23)
! Current Time: 2018-10-29 22:05:15 UTC
!
version 1.0

! ntp
ntp server 0.bigswitch.pool.ntp.org
ntp server 1.bigswitch.pool.ntp.org
ntp server 2.bigswitch.pool.ntp.org
ntp server 3.bigswitch.pool.ntp.org

! aaa
aaa accounting exec default start-stop local

! local
local node
  hostname controller
  interface management
    !
    ipv4
      ip 10.10.12.20/24 gateway 10.10.12.1
      method manual
      dns server 10.10.0.2
    !
    ipv6
      method manual

! user
user admin
  full-name 'Default admin'
  hashed-password method=PBKDF2WithHmacSHA512,salt=SpdvWt26bDKoHpJFH-JeSQ,rounds=25000,ph=true,44Q6zRvgoA1UoR52rDzi4J5I73JkIcmfqzhcxeotLSuXgFGKIdfaCl6H7ykPiS4rHmfdzrn95SrKQM9FsR6a7Q

! group
group admin
  associate user admin
  associate user rbac-permission

group read-only

! controller
controller
  cluster-name bigswitchlabs
  access-control
    !
    access-list api
      1 permit from ::/0
      2 permit from 0.0.0.0/0
    !
    access-list gui
      1 permit from ::/0
      2 permit from 0.0.0.0/0
    !
    access-list ntp
      1 permit from ::/0
      2 permit from 0.0.0.0/0
    !
    access-list ssh
      1 permit from ::/0
      2 permit from 0.0.0.0/0

! switch
switch SW11
  mac 00:00:00:00:00:0a
  role bigchain

! bigchain
bigchain span-service Wireshark
  1 match any
  !
  instance 1
    span-interface switch 00:00:00:00:00:00:00:0a interface ethernet3

bigchain service Firewall
  !
  instance 1
    interface-pair switch 00:00:00:00:00:00:00:0a interface1 ethernet4 interface2 ethernet5
    interface1-to-interface2-skip

bigchain service IPS
  !
  health-check
    fail-action-mark-down
    packet-rx-header ipv4 6 src-ip 192.168.8.108 dst-ip 192.168.8.100 src-port 1607 dst-port 80
    packet-tx-header ipv4 6 src-ip 192.168.8.108 dst-ip 192.168.8.100 src-port 1607 dst-port 80
  !
  instance 1
    interface-pair switch 00:00:00:00:00:00:00:0a interface1 ethernet6 interface2 ethernet7

bigchain chain Chain1
  endpoint-pair switch 00:00:00:00:00:00:00:0a endpoint1 ethernet1 endpoint2 ethernet2
  endpoint2-egress-span Wireshark instance 1
  endpoint2-ingress-span Wireshark instance 1
  use-service Firewall instance 1 sequence 1
  use-service IPS instance 1 sequence 2 optional