/ * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * - Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * - Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * Neither the name of Sun Microsystems, Inc. or the names of * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * This software is provided "AS IS," without a warranty of any * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY * EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES * SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR * DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN * OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR * FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that Software is not designed, licensed or intended * for use in the design, construction, operation or maintenance of * any nuclear facility. */ ################################################################################ # System Name : Sun Secure Application Switch # Date : Thu Feb 9 16:38:12 2006 # Serial No : 0000000000 # Sofware Version : V3_0A53497 ################################################################################ commandModeEntry on enable configure # # Create all vSwitches upfront # vSwitch VS1 vRouter default {Default vRouter} vRouter default exit; exit; vSwitch system {System vSwitch} vSwitch system vRouter management {System Management vRouter} vRouter management exit; vRouter shared {Shared vRouter} vRouter shared exit; exit; vSwitch tier1 vRouter default {Default vRouter} vRouter default exit; exit; vSwitch tier2 vRouter default {Default vRouter} vRouter default exit; exit; # # Event configuration and statistics # event # # Profile rules for event filters # filterProfile defaultFile {default filter for saving to file} filterProfile defaultFile # # Profile rules to cause event filtering # rule 130 drop logLevel warning rule 200 send true exit; filterProfile defaultLog {default log filter} filterProfile defaultLog # # Profile rules to cause event filtering # rule 90 drop logLevel debug rule 100 send true exit; filterProfile defaultSyslog {default syslog filter} filterProfile defaultSyslog # # Profile rules to cause event filtering # rule 90 drop logLevel debug rule 100 send true exit; filterProfile defaultTrapd {default trapd filter} filterProfile defaultTrapd # # Profile rules to cause event filtering # rule 90 drop logLevel warning rule 100 send true exit; exit; # # NMON state and status # nmon exit; # # Port configuration # port eth.1.1 normal 1000M fullDuplex disabled 1000M fullDuplex discard port eth.1.1 exit; port eth.1.2 normal 1000M fullDuplex disabled 1000M fullDuplex discard port eth.1.2 exit; port eth.1.3 normal 1000M fullDuplex disabled 1000M fullDuplex discard port eth.1.3 exit; port eth.1.4 normal 1000M fullDuplex disabled 1000M fullDuplex discard port eth.1.4 exit; port eth.1.5 normal auto halfDuplex disabled both both vlan20 port eth.1.5 exit; port eth.1.6 normal auto halfDuplex disabled both both discard port eth.1.6 exit; port eth.1.7 normal auto halfDuplex disabled both both vlan20 port eth.1.7 exit; port eth.1.8 normal auto halfDuplex disabled both both discard port eth.1.8 exit; port eth.1.9 normal auto halfDuplex disabled both both vlan10 port eth.1.9 exit; port eth.1.10 normal auto halfDuplex disabled both both vlan168 port eth.1.10 exit; port eth.1.11 normal auto halfDuplex disabled both both vlan10 port eth.1.11 exit; port eth.1.12 normal auto halfDuplex disabled both both vlan168 port eth.1.12 exit; port eth.1.13 normal auto halfDuplex disabled both both discard port eth.1.13 exit; port eth.1.14 normal auto halfDuplex disabled both both discard port eth.1.14 exit; port eth.1.15 normal auto halfDuplex disabled both both discard port eth.1.15 exit; port eth.1.16 normal auto halfDuplex disabled both both discard port eth.1.16 exit; port eth.1.17 normal auto halfDuplex disabled both both discard port eth.1.17 exit; port eth.1.18 normal auto halfDuplex disabled both both discard port eth.1.18 exit; port eth.1.19 normal auto halfDuplex disabled both both discard port eth.1.19 exit; port eth.1.20 normal auto halfDuplex disabled both both discard port eth.1.20 exit; port eth.1.21 normal auto halfDuplex disabled both both vlan-79 port eth.1.21 exit; port eth.1.22 normal auto halfDuplex disabled both both discard port eth.1.22 exit; port eth.1.23 normal auto halfDuplex disabled both both vlan168 port eth.1.23 exit; port eth.1.24 normal auto halfDuplex disabled both both discard port eth.1.24 exit; port eth.1.25 normal auto halfDuplex disabled both both vlan168 port eth.1.25 exit; port eth.1.26 normal auto halfDuplex disabled both both discard port eth.1.26 exit; port eth.1.27 normal auto halfDuplex disabled both both discard port eth.1.27 exit; port eth.1.28 normal auto halfDuplex disabled both both discard port eth.1.28 exit; port eth.1.29 normal auto halfDuplex disabled both both discard port eth.1.29 exit; port eth.1.30 normal auto halfDuplex disabled both both discard port eth.1.30 exit; port eth.1.31 normal auto halfDuplex disabled both both discard port eth.1.31 exit; port eth.1.32 normal auto halfDuplex disabled both both discard port eth.1.32 exit; port eth.1.33 normal auto halfDuplex disabled both both discard port eth.1.33 exit; port eth.1.34 normal auto halfDuplex disabled both both discard port eth.1.34 exit; port eth.1.35 normal auto halfDuplex disabled both both discard port eth.1.35 exit; port eth.1.36 normal auto halfDuplex disabled both both discard port eth.1.36 exit; port eth.1.37 normal auto halfDuplex disabled both both discard port eth.1.37 exit; port eth.1.38 normal auto halfDuplex disabled both both discard port eth.1.38 exit; port eth.1.39 normal auto halfDuplex disabled both both discard port eth.1.39 exit; port eth.1.40 normal auto halfDuplex disabled both both discard port eth.1.40 exit; port eth.1.41 normal auto halfDuplex disabled both both discard port eth.1.41 exit; port eth.1.42 normal auto halfDuplex disabled both both discard port eth.1.42 exit; port eth.1.43 normal auto halfDuplex disabled both both discard port eth.1.43 exit; port eth.1.44 normal auto halfDuplex disabled both both discard port eth.1.44 exit; # # Software key # switchServices software key 01-0000-fa85-466d-0db8-449a-8b61 # # vSwitch configuration # vSwitch VS1 # # Persistence rules for sessions # loadBalance cookiePersistence myCookie mySESSIONID cookiePath {} \ cookieExpires {} # # Host configuration # loadBalance host naut-1 10.18.88.133 vRouter VS1:default loadBalance host naut-2 10.18.88.134 vRouter VS1:default # # Expressions used to classify the application data stream # loadBalance objectRule matchClusterJSP {URI_PATH matches "/clusterjsp/*"} # # Proxy IP Pool configuration # loadBalance proxyIPPool PIP1 10.10.79.10-10.10.79.60 VS1:default \ L4SLB_ADV_OR_HTTP_OR_SSL loadBalance proxyIPPool PIP1 exit; exit; # # Real service parameters # loadBalance realService appServ10 naut-1 port 8080 healthCheckPort 8080 \ clientAddressTranslationMask 0.0.0.0 proxyIpPool PIP1 certType Literal loadBalance realService appServ10 exit; exit; loadBalance realService appServ11 naut-2 port 8080 healthCheckPort 8080 \ clientAddressTranslationMask 0.0.0.0 proxyIpPool PIP1 certType Literal loadBalance realService appServ11 exit; exit; # # Request Policies # loadBalance requestPolicy clusterJSP forward matchClusterJSP \ appServCluster persistType switchCookie cookiePersist myCookie loadBalance requestPolicy clusterJSP exit; exit; # # Service group configuration # loadBalance serviceGroup appServCluster roundRobin {appServ10; appServ11} loadBalance serviceGroup appServCluster exit; exit; # # Virtual Service configuration # loadBalance virtualService VService1 HTTP 192.18.88.148 clusterJSP loadBalance virtualService VService1 # # Virtual service advanced settings # advanced initParseWithData true exit; exit; loadBalance virtualService service3 HTTPS 192.18.88.148 clusterJSP \ ckmKeyName abCert loadBalance virtualService service3 # # Virtual service advanced settings # advanced initParseWithData true exit; exit; # # Port Bandwidth configuration # resource portBandwidth eth.1.19 100 100 65534 65535 resource portBandwidth eth.1.23 100 100 65534 65535 resource portBandwidth eth.1.25 100 100 65534 65535 # # Service Engine Bandwidth Configuration # resource serviceBandwidth functionCard1 # # vRouter configuration # vRouter default {Default vRouter} vRouter default # # VLAN configuration parameters # vlan vlan168 168 vlan vlan168 linkUpDownTrap disabled vlan vlan168 # # VLAN interface configuration # interface eth.1.23 interface eth.1.23 linkUpDownTrap disabled interface eth.1.25 interface eth.1.25 linkUpDownTrap disabled # # VLAN STP Interface Configuration # interface spanningTree eth.1.23 pathCost 18 interface spanningTree eth.1.25 pathCost 18 exit; # # Display IP layer configuration # ip forwarding enabled ip # # IP Interfaces # interface vlan.vlan168 interface vlan.vlan168 linkUpDownTrap disabled # # IP Interface Address # address vlan.vlan168 10.10.79.1 255.255.255.0 exit; # # Interfaces # interfaces sock.VS1:default linkUpDownTrap disabled interfaces sock.VS1:default/ip.VS1:default linkUpDownTrap disabled interfaces ip.VS1:default linkUpDownTrap disabled interfaces ip.VS1:default/vlan.vlan168 linkUpDownTrap disabled interfaces vlan.vlan168 linkUpDownTrap disabled interfaces vlan.vlan168/eth.1.23 linkUpDownTrap disabled interfaces vlan.vlan168/eth.1.25 linkUpDownTrap disabled interfaces loopback linkUpDownTrap disabled # # VRRP configuration # vrrp exit; exit; exit; vSwitch system {System vSwitch} vSwitch system # # Port Bandwidth configuration # resource portBandwidth eth.1.19 100 100 65534 65535 # # vRouter configuration # vRouter management {System Management vRouter} vRouter management # # Display IP layer configuration # ip forwarding disabled ip # # IP Interfaces # interface ethMgmt.1 interface ethMgmt.1 linkUpDownTrap disabled # # IP Interface Address # address ethMgmt.1 192.18.88.148 255.255.255.0 # # Static route configuration # route static 0.0.0.0 0.0.0.0 192.18.88.129 unspecified exit; # # Interfaces # interfaces sock.system:management linkUpDownTrap disabled interfaces sock.system:management/ip.system:management linkUpDownTrap \ disabled interfaces ip.system:management linkUpDownTrap disabled interfaces ip.system:management/ethMgmt.1 linkUpDownTrap disabled interfaces ethMgmt.1 linkUpDownTrap disabled interfaces loopback linkUpDownTrap disabled # # VRRP configuration # vrrp exit; exit; vRouter shared {Shared vRouter} vRouter shared # # Display IP layer configuration # ip forwarding enabled ip # # IP Interfaces # interface eth.1.19 interface eth.1.19 linkUpDownTrap disabled # # IP Interface Address # address eth.1.19 192.18.88.147 255.255.255.192 # # Static route configuration # route static 0.0.0.0 0.0.0.0 192.18.88.129 unspecified exit; # # Interfaces # interfaces sock.system:shared linkUpDownTrap disabled interfaces sock.system:shared/ip.system:shared linkUpDownTrap disabled interfaces ip.system:shared linkUpDownTrap disabled interfaces ip.system:shared/eth.1.19 linkUpDownTrap disabled interfaces loopback linkUpDownTrap disabled # # VRRP configuration # vrrp exit; exit; exit; vSwitch tier1 # # Persistence rules for sessions # loadBalance cookiePersistence abCookie abSessionID cookiePath {} \ cookieExpires {} # # Health check configuration # loadBalance healthCheckProfile appHealth TCP loadBalance healthCheckProfile appHealth exit; exit; # # Host configuration # loadBalance host eas-280r-11 10.18.88.132 vRouter tier1:default loadBalance host eas-280r-13 10.18.88.130 vRouter tier1:default # # Expressions used to classify the application data stream # loadBalance objectRule matchAll true # # Proxy IP Pool configuration # loadBalance proxyIPPool pip1 10.18.88.11-10.18.88.50 tier1:default \ L4SLB_ADV_OR_HTTP_OR_SSL loadBalance proxyIPPool pip1 exit; exit; # # Real service parameters # loadBalance realService appServ11 eas-280r-11 port 38080 \ clientAddressTranslationMask 0.0.0.0 proxyIpPool pip1 certType Literal loadBalance realService appServ11 exit; exit; loadBalance realService appServ13 eas-280r-13 port 38080 \ clientAddressTranslationMask 0.0.0.0 proxyIpPool pip1 certType Literal loadBalance realService appServ13 exit; exit; # # Request Policies # loadBalance requestPolicy ab forward matchAll appServ persistType \ switchCookie cookiePersist abCookie loadBalance requestPolicy ab exit; exit; # # Service group configuration # loadBalance serviceGroup appServ leastConnections {appServ11; appServ13} \ healthName appHealth loadBalance serviceGroup appServ exit; exit; # # Virtual Service configuration # loadBalance virtualService abSecure HTTPS 192.18.88.148 matchAll \ ckmKeyName abcert loadBalance virtualService abSecure # # Virtual service advanced settings # advanced initParseWithData true exit; exit; loadBalance virtualService adventureBuilder HTTP 192.18.88.148 matchAll loadBalance virtualService adventureBuilder # # Virtual service advanced settings # advanced initParseWithData true exit; exit; # # Port Bandwidth configuration # resource portBandwidth eth.1.5 100 100 65534 65535 resource portBandwidth eth.1.7 100 100 65534 65535 resource portBandwidth eth.1.9 100 100 65534 65535 resource portBandwidth eth.1.11 100 100 65534 65535 resource portBandwidth eth.1.19 100 100 65534 65535 # # Service Engine Bandwidth Configuration # resource serviceBandwidth functionCard1 # # vRouter configuration # vRouter default {Default vRouter} vRouter default # # VLAN configuration parameters # vlan vlan10 10 vlan vlan10 linkUpDownTrap disabled vlan vlan10 # # VLAN interface configuration # interface eth.1.9 interface eth.1.9 linkUpDownTrap disabled interface eth.1.11 interface eth.1.11 linkUpDownTrap disabled # # VLAN STP Interface Configuration # interface spanningTree eth.1.9 pathCost 18 interface spanningTree eth.1.11 pathCost 18 exit; # # Display IP layer configuration # ip forwarding enabled ip # # IP Interfaces # interface vlan.vlan10 interface vlan.vlan10 linkUpDownTrap disabled # # IP Interface Address # address vlan.vlan10 10.18.88.1 255.255.255.0 exit; # # Interfaces # interfaces sock.tier1:default linkUpDownTrap disabled interfaces sock.tier1:default/ip.tier1:default linkUpDownTrap disabled interfaces ip.tier1:default linkUpDownTrap disabled interfaces ip.tier1:default/vlan.vlan10 linkUpDownTrap disabled interfaces vlan.vlan10 linkUpDownTrap disabled interfaces vlan.vlan10/eth.1.11 linkUpDownTrap disabled interfaces vlan.vlan10/eth.1.9 linkUpDownTrap disabled interfaces loopback linkUpDownTrap disabled # # VRRP configuration # vrrp exit; exit; exit; vSwitch tier2 # # Health check configuration # loadBalance healthCheckProfile asTest TCP loadBalance healthCheckProfile asTest exit; exit; # # Host configuration # loadBalance host eas-280r-10 192.168.88.133 vRouter tier2:default loadBalance host eas-280r-9 192.168.88.134 vRouter tier2:default # # Real service parameters # loadBalance realService AS1 eas-280r-10 port 38080 description \ backend-appserver proxyIpPool {} certType Literal loadBalance realService AS1 exit; exit; loadBalance realService AS2 eas-280r-9 port 38080 description \ backend-appserver proxyIpPool {} certType Literal loadBalance realService AS2 exit; exit; # # Service group configuration # loadBalance serviceGroup BEappServers roundRobin {AS1; AS2} healthName \ asTest loadBalance serviceGroup BEappServers exit; exit; # # Virtual Service configuration # loadBalance virtualService BackEndAS L4SLB_ADV 10.18.88.10 BEappServers \ vRouter tier1:default loadBalance virtualService BackEndAS # # Virtual service advanced settings # advanced rxUseLongTime true exit; exit; # # Port Bandwidth configuration # resource portBandwidth eth.1.5 100 100 65534 65535 resource portBandwidth eth.1.7 100 100 65534 65535 resource portBandwidth eth.1.19 100 100 65534 65535 # # Service Engine Bandwidth Configuration # resource serviceBandwidth functionCard1 # # vRouter configuration # vRouter default {Default vRouter} vRouter default # # VLAN configuration parameters # vlan vlan20 20 vlan vlan20 linkUpDownTrap disabled vlan vlan20 # # VLAN interface configuration # interface eth.1.5 interface eth.1.5 linkUpDownTrap disabled interface eth.1.7 interface eth.1.7 linkUpDownTrap disabled # # VLAN STP Interface Configuration # interface spanningTree eth.1.5 pathCost 18 interface spanningTree eth.1.7 pathCost 18 exit; # # Display IP layer configuration # ip forwarding enabled ip # # IP Interfaces # interface vlan.vlan20 interface vlan.vlan20 linkUpDownTrap disabled # # IP Interface Address # address vlan.vlan20 192.168.88.1 255.255.255.0 exit; # # Interfaces # interfaces sock.tier2:default linkUpDownTrap disabled interfaces sock.tier2:default/ip.tier2:default linkUpDownTrap disabled interfaces ip.tier2:default linkUpDownTrap disabled interfaces ip.tier2:default/vlan.vlan20 linkUpDownTrap disabled interfaces vlan.vlan20 linkUpDownTrap disabled interfaces vlan.vlan20/eth.1.5 linkUpDownTrap disabled interfaces vlan.vlan20/eth.1.7 linkUpDownTrap disabled interfaces loopback linkUpDownTrap disabled # # VRRP configuration # vrrp exit; exit; exit; # # HTTP configuration and status # switchServices httpd enabled both 8080 serverKeyId httpServer switchServices httpd exit; exit; # # Global NTP configuration parameters # switchServices ntp # # Global NTP configuration parameters (advanced) # advanced exit; exit; exit; # # SNMP configuration # switchServices snmp exit; exit; # # SSHd configuration and operation # switchServices sshd enabled serverKeyId sshServer confEncryption \ {des3Cbc; blowfishCbc; des} confHmac {md5; sha1; md5b96; sha1b96} \ userAuthentication {publicKey; password} switchServices sshd # # SSHd configuration and operation (advanced) # advanced exit; exit; exit; # # Telnetd configuration and current status # switchServices telnetd enabled switchServices telnetd exit; exit; # # TFTPd configuration and session statistics # switchServices tftpd exit; exit; # # TideRunner Configuration # switchServices tideRunner initkeys functionCard1 20000 statPollPeriod 5 \ smmPageSize 2 dleMaxHdrLen 8192 # # Configuration and status for the trap process # switchServices trap exit; exit;