Configuring Security Groups in Gaia Clish

This section provides the configuration instructions for Gaia Clish.

Connect to the Command Line on the Quantum Maestro Orchestrator (with SSH, or through the Console Port).

Log in to the Gaia Clish with these default credentials:

  • Username - admin

  • Password - admin

These are the main commands in Gaia Clish on Quantum Maestro Orchestrators:

Task

Syntax

Viewing the settings

show maestro

[Global] MyChassis-ch01-01 > show maestro[ESC][ESC]

show maestro configuration orchestrator-site-amount

show maestro configuration orchestrator-site-id

show maestro port VALUE admin-state

show maestro port VALUE mtu

show maestro port VALUE optic-info

show maestro port VALUE qsfp-mode

show maestro port VALUE type

show maestro port VALUE vlans

show maestro security-group id VALUE

show maestro security-group verify-new-config

[Global] MyChassis-ch01-01 >

Configuring the settings

add maestro

[Global] MyChassis-ch01-01 > add maestro[ESC][ESC]

add maestro port VALUE vlan VALUE

add maestro security-group id VALUE interface VALUE

add maestro security-group id VALUE serial VALUE

[Global] MyChassis-ch01-01 >

set maestro

[Global] MyChassis-ch01-01 > set maestro[ESC][ESC]

set maestro configuration orchestrator-site-amount VALUE

set maestro configuration orchestrator-site-id

set maestro port VALUE admin-state VALUE

set maestro port VALUE mtu VALUE

set maestro port VALUE qsfp-mode VALUE

set maestro port VALUE type VALUE no-confirmation

set maestro security-group apply-new-config

set maestro security-group id VALUE ftw-configuration hostname VALUE sic VALUE is-vsx VALUE

set maestro security-group id VALUE management-connectivity ipv4-address VALUE mask-length VALUE [default-gw VALUE]

[Global] MyChassis-ch01-01 >

Deleting the settings

delete maestro

[Global] MyChassis-ch01-01 > delete maestro[ESC][ESC]

delete maestro port VALUE vlan VALUE

delete maestro security-group id VALUE ftw-configuration

delete maestro security-group id VALUE interface VALUE

delete maestro security-group id VALUE management-connectivity

delete maestro security-group id VALUE member VALUE

delete maestro security-group id VALUE serial VALUE

delete maestro security-group new-config

[Global] MyChassis-ch01-01 >

Notes:

Applicable configuration procedures are provided below.

Description

This command configures the number of Maestro sites - Single Site (value 1), or Dual Site (value 2).

Syntax

set maestro configuration orchestrator-site-amount {1 | 2}

Description

This command shows the configured number of Maestro sites.

Syntax

show maestro configuration orchestrator-site-amount

Example

MHO> show maestro configuration orchestrator-site-amount

Number of configured Orchestrators in this Maestro deployment is 2.

MHO>

Description

This command configures the Site ID in Dual Site deployment.

The Quantum Maestro Orchestrators on a site that were installed earlier, must get the ID 1.

The Quantum Maestro Orchestrators on a site that were installed later, must get the ID 2.

Syntax

set maestro configuration orchestrator-site-id {1 | 2}

Description

This command shows the configured Site ID in Dual Site deployment.

Syntax

show maestro configuration orchestrator-site-id

Description

This command adds a Security Group with the specified ID on the Quantum Maestro Orchestrator.

Important - You must assign Security Appliances and applicable interfaces. See the corresponding configuration procedures.

Syntax

add maestro security-group id <Security Group ID>

Parameters

Parameter

Description

id <Security Group ID>

Specifies the Security Group ID.

To see the existing IDs and the available ID, press the Tab key.

Important - The largest shown ID is the next available ID.

Example - Security Groups with IDS 1 and 2 already exist, ID 3 is the next available ID

MHO> add maestro security-group id

1 2 3

MHO> add maestro security-group id 3

Successfully added security group 3

MHO>

Description

This command deletes a Security Group with the specified ID on the Quantum Maestro Orchestrator.

Important - There is no prompt to confirm.

Syntax

delete maestro security-group id <Security Group ID>

Parameters

Parameter

Description

id <Security Group ID>

Specifies the Security Group ID.

To see the existing IDs, press the Tab key.

Example

MHO> delete maestro security-group id

1 2 3

MHO> delete maestro security-group id 3

Successfully deleted security group 3

MHO>

Description

This command adds the Network Configuration in a Security Group with the specified ID.

Syntax

set maestro security-group id <Security Group ID> management-connectivity ipv4-address <Security Group IPv4 Address> mask-length <1-32> [default-gw <Default Gateway IPv4 Address>]

Parameters

Parameter

Description

id <Security Group ID>

Specifies the Security Group ID.

To see the existing IDs, press the Tab key.

<Security Group IPv4 Address>

Specifies the IPv4 address for the Security Group.

<Default Gateway IPv4 Address>

Specifies the IPv4 address of the Default Gateway for the Security Group.

Example

MHO> set maestro security-group id 3 management-connectivity ipv4-address 192.168.30.40 mask-length 24 default-gw 192.168.30.1

Successfully set management connectivity configuration for security group 3

MHO>

Description

This command removes the Network Configuration from a Security Group with the specified ID.

Important - There is no prompt to confirm.

Syntax

delete maestro security-group id <Security Group ID> management-connectivity

Parameters

Parameter

Description

id <Security Group ID>

Specifies the Security Group ID.

To see the existing IDs, press the Tab key.

Example

MHO> delete maestro security-group id[TAB]

1 2 3

MHO> delete maestro security-group id 3 management-connectivity

Successfully deleted management connectivity configuration for security group 3

MHO>

Description

This command configures the First Time Wizard settings in a Security Group with the specified ID.

These settings are used to perform initial configuration of Security Appliances assigned to this Security Group.

Warning - If you configure these settings in an existing Security Group (in which you already ran the First Time Configuration Wizard), then the change applies only after you reset each Security Appliance in that Security Group to factory defaults.

Syntax

set maestro security-group id <Security Group ID> ftw-configuration hostname <Hostname> sic <Activation Key> is-vsx {yes | no}

Parameters

Parameter

Description

id <Security Group ID>

Specifies the Security Group ID.

To see the existing IDs, press the Tab key.

ftw-configuration

Specifies the First Time Wizard settings for Security Appliances in the Security Group.

hostname <Hostname>

Specifies the hostname for Security Appliances.

sic <Activation Key>

Specifies the one-time activation key for Security Appliances.

The key is between 4 and 127 characters long.

is-vsx {yes | no}

Specifies whether to configure the Security Appliances in VSX mode.

Example

MHO> set maestro security-group id 3 ftw-configuration hostname MyGwAppliance sic 123456 is-vsx no

Successfully set FTW configuration to security group 3

MHO>

Description

This command removes the First Time Wizard settings from a Security Group with the specified ID.

Important - There is no prompt to confirm.

Syntax

delete maestro security-group id <Security Group ID> ftw-configuration

Parameters

Parameter

Description

id <Security Group ID>

Specifies the Security Group ID.

To see the existing IDs, press the Tab key.

Example

MHO> delete maestro security-group id[TAB]

1 2 3

MHO> delete maestro security-group id 3 ftw-configuration

Successfully deleted FTW configuration for security group 3

MHO>

Best Practice:

  1. Before you add Security Appliances to an existing Security Group, enable the SMO Image Cloning feature in the Security Group.

    This feature automatically clones all the required software packages to the new Security Appliances.

    Run in Gaia gClish on the Security Group:

    set smo image auto-clone state on

    show smo image auto-clone state

  2. After you added the Security Appliances, you must disable the SMO Image Cloning feature in the Security Group:

    set smo image auto-clone state off

    show smo image auto-clone state

Description

This command assigns a Security Appliance with the specified Serial Number to a Security Group with the specified ID.

Important:

  • You can assign only Security Appliances of the same model to the same Security Group.

  • Security Appliances assigned to the Security Group automatically reboot after you apply the configuration.

Best Practice for Dual Site - Assign the same number (as possible) of Security Appliances from each site to the Security Group. If a failover occurs between the sites, Security Appliances on the new Active site must be able to process all the traffic.

Syntax

add maestro security-group id <Security Group ID> serial <Serial Number>

Parameters

Parameter

Description

id <Security Group ID>

Specifies the Security Group ID.

To see the existing IDs, press the Tab key.

serial <Serial Number>

Assigns one Security Appliance specified by its Serial Number.

To see the available Serial Numbers, press the Tab key.

Important - You can assign only appliances of the same model to the same Security Group.

Example

MHO> add maestro security-group id 3 serial [TAB]

1234567890

MHO> add maestro security-group id 3 serial 1234567890

Successfully added gw 1234567890 to security group 7

MHO>

Description

This command removes a Security Appliance with the specified Member ID or Serial Number from a Security Group with the specified ID.

Important:

  • The Security Appliance must perform a reset to factory defaults and reboot after you remove it from a Security Group. This is to make sure that no security configuration is left behind.

  • There is no prompt to confirm.

Syntax to remove a Security Appliance with the specified Member ID

delete maestro security-group id <Security Group ID> member <Member ID>

Syntax to remove a Security Appliance with the specified Serial Number

delete maestro security-group id <Security Group ID> serial <Serial Number>

Parameters

Parameter

Description

id <Security Group ID>

Specifies the Security Group ID.

To see the existing IDs, press the Tab key.

member <Member ID>

Specifies the Security Appliance by its Member ID in the Security Group.

To see the available IDs, press the Tab key.

serial <Serial Number>

Specifies the Security Appliance by its Serial Number.

To see the available Serial Numbers, press the Tab key.

Example of removing a Security Appliance with the specified Member ID

MHO> delete maestro security-group id 3 member [TAB]

1 2 3 4

MHO> delete maestro security-group id 3 member 4

Successfully deleted member 4 from security group 3

MHO>

Example of removing a Security Appliance with the specified Serial Number

MHO> delete maestro security-group id 3 serial [TAB]

1234567890

MHO> delete maestro security-group id 3 serial 1234567890

Successfully deleted gw with 1322B01094 from security group 3

MHO>

Description

This command assigns an interface with the specified name to a Security Group with the specified ID.

Syntax

add maestro security-group id <Security Group ID> interface <Interface Name>

Parameters

Parameter

Description

id <Security Group ID>

Specifies the Security Group ID.

To see the existing IDs, press the Tab key.

interface <Interface Name>

Assigns one interface specified by its name.

To see the available interfaces, press the Tab key.

Example

MHO> add maestro security-group id 3 interface [TAB]

 

eth1-Mgmt2 eth1-Mgmt3 eth1-Mgmt4 eth1-Mgmt6 eth1-Mgmt7 eth1-Mgmt8

eth1-Mgmt9 eth1-10 eth1-11 eth1-12 eth1-13 eth1-14

eth1-15 eth1-16 eth1-17 eth1-18 eth1-19 eth1-20

eth1-21 eth1-22 eth1-23 eth1-24 eth1-25 eth1-26

eth1-48 eth1-49 eth1-51 eth1-53 eth1-55 eth1-57

eth1-59 eth1-61 eth1-63 eth2-Mgmt1 eth2-Mgmt2 eth2-Mgmt3

eth2-Mgmt4 eth2-06 eth2-07 eth2-08 eth2-09 eth2-10

eth2-11 eth2-12 eth2-13 eth2-14 eth2-15 eth2-16

eth2-17 eth2-18 eth2-19 eth2-20 eth2-21 eth2-22

eth2-23 eth2-24 eth2-25 eth2-26 eth2-48 eth2-49

eth2-51 eth2-53 eth2-55 eth2-57 eth2-59 eth2-61

eth2-63

MHO> add maestro security-group id 3 interface eth1-17

Successfully added interface eth1-17 to security group 3

MHO>

Description

This command removes an interface with the specified name from a Security Group with the specified ID.

Syntax

delete maestro security-group id <Security Group ID> interface <Interface Name>

Parameters

Parameter

Description

id <Security Group ID>

Specifies the Security Group ID.

To see the existing IDs, press the Tab key.

interface <Interface Name>

Removes one interface specified by its name.

To see the available interfaces, press the Tab key.

Example

MHO> delete maestro security-group id 3 interface [TAB]

 

eth1-Mgmt3 eth1-13 eth1-14 eth1-15 eth1-16 eth1-17

MHO> add maestro security-group id 3 interface eth1-17

Successfully deleted interface eth1-17 from security group 3

MHO>

Important - Starting from the R80.20SP Jumbo Hotfix Accumulator Take 304 on the Quantum Maestro Orchestrator, it is not necessary to configure VLAN interfaces on Uplink ports. For more information, see sk170294.

Description

This command adds a VLAN interface with the specified VLAN Tag on the specified Uplink Port.

Note - There is no prompt to confirm.

Syntax

add maestro port <Interface Name> vlan <VLAN Tag ID>

Parameters

Parameter

Description

port <Interface Name>

Specifies the Uplink port by its name.

To see the available ports, press the Tab key.

id <Security Group ID>

Specifies the VLAN Tag ID between 2 and 4094.

Example

MHO> add maestro port 1/20/1 vlan 100

MHO>

Important - Starting from the R80.20SP Jumbo Hotfix Accumulator Take 304 on the Quantum Maestro Orchestrator, it is not necessary to configure VLAN interfaces on Uplink ports. For more information, see sk170294.

  • R80.20SP Jumbo Hotfix Accumulator Take 304 and above:

    See Configuring VLAN Interfaces on Uplink Ports.

    Description

    This command shows the Security Group configuration, including VLAN interfaces configured on the Uplink Ports.

    Syntax

    show maestro security-group id <Security Group ID>

    Parameters

    Parameter

    Description

    id <Security Group ID>

    Specifies the ID of the Security Group.

    To see the existing IDs, press the Tab key.

  • R80.20SP Jumbo Hotfix Accumulator Take 302 and lower, or R80.20SP:

    Description

    This command shows VLAN interfaces configured on the specified Uplink Port.

    Syntax

    show maestro port <Interface Name> vlans

    Parameters

    Parameter

    Description

    port <Interface Name>

    Specifies the Uplink port by its name.

    To see the available ports, press the Tab key.

    Example

    MHO> add maestro port 1/20/1 vlan 100

    MHO> add maestro port 1/20/1 vlan 200

    MHO>

    MHO> show maestro port 1/20/1 vlans

    Port 1/20/1 vlans are: 100 200

    MHO>

Important - Starting from the R80.20SP Jumbo Hotfix Accumulator Take 304 on the Quantum Maestro Orchestrator, it is not necessary to configure VLAN interfaces on Uplink ports. For more information, see sk170294.

Description

This command removes a VLAN interface with the specified VLAN Tag from the specified Uplink Port.

Note - There is no prompt to confirm.

Syntax

delete maestro port <Interface Name> vlan <VLAN Tag ID>

Parameters

Parameter

Description

port <Interface Name>

Specifies the Uplink port by its name.

To see the available ports, press the Tab key.

id <Security Group ID>

Specifies the VLAN Tag ID.

To see the available VLAN Tag IDs, press the Tab key.

Example

MHO> delete maestro port 1/20/1 vlan 100

MHO>

Description

This command shows and verifies the validity of all the configuration changes you made, but did not apply yet to Security Groups or ports.

Best Practice - Run this command after all changes in the configuration of Security Groups or ports.

Syntax

show maestro security-group verify-new-config

Example 1 - No changes were made

MHO> show maestro security-group verify-new-config

The following changes will take place:

Temporary topology file not exists

MHO>

Example 2 - Some changes were made

MHO> add maestro security-group id 3

Successfully added security group 3

MHO>

MHO> show maestro security-group verify-new-config

The following changes will take place:

Security Group 1

   - No changes

Security Group 2

   - Removed Gateway 1_2 serial 1234567890. GW is rebooting.

Security Group 3

   - Security group created

   - Added Gateway 1_1 serial 1234567890

   - Added interface eth1-Mgmt4

MHO>

Description

This command applies all the configuration changes you made, but did not apply yet to Security Groups or ports.

Important - You must run this command after you make changes in the configuration of Security Groups or ports.

Syntax

set maestro security-group apply-new-config

Example

MHO> set maestro security-group apply-new-config

You are about to perform "set maestro security-group apply-new-config"

The following changes will take place:

Security Group 1

   - No changes

 

Are you sure? (Y - yes, any other key - no) y

 

"set maestro security-group apply-new-config" requires auditing

Enter your full name: johndoe

Enter reason for "set maestro security-group apply-new-config" [Configuration]: test

CRITICAL: "set maestro security-group apply-new-config", User: johndoe, Reason: test

Are you sure? (Y - yes, any other key - no) y

 

Action Summary

--------------

 

Security Group 1

   - No changes

MHO>

Description

This command deletes all the configuration changes you made, but did not apply yet to Security Groups or ports.

Important - There is no prompt to confirm.

Syntax

delete maestro security-group new-config

Example

MHO> delete maestro security-group new-config

Successfully deleted new topology configuration

MHO>

Description

These commands let you configure different settings on the Quantum Maestro Orchestrator's ports.

Syntax

set maestro port <Port ID>

      admin-state {up | down}

      mtu 68-10236

      qsfp-mode {1G | 10G | 4x10G | 4x25G | 40G | 100G}

      type {downlink | uplink | management | site_sync} [no-confirmation]

Parameters

Parameter

Description

<Port ID>

Specifies the port to configure.

The format is three numbers separated with a slash:

<Quantum Maestro Orchestrator ID>/<Port Label>/<Port Split ID>

Examples:

  • 1/3/1

  • 2/20/1

Notes:

  • <Quantum Maestro Orchestrator ID> is 1 if you connect only one Quantum Maestro Orchestrator.

    When you connect two Quantum Maestro Orchestrators for redundancy, the <Quantum Maestro Orchestrator ID> is 1 on the first Quantum Maestro Orchestrator and 2 on the second Quantum Maestro Orchestrator.

  • <Port Label> is the number of the physical port on the front panel.

    On MHO-140, there are exceptions for ports 51, 53, 55, and 56.

  • The default value of the <Port Split ID> is 1, if you did not split the port with a breakout cable.

  • To see the available Port IDs, enter the command set maestro port and press the Tab key.

  • To see the Port IDs and the names Gaia OS assigned to them, connect to the Gaia Portal on the Quantum Maestro Orchestrator and click Orchestrator page.

    For the default mapping, see the Quantum Maestro Getting Started Guide - Section Maestro Hyperscale Orchestrator Ports and Gaia OS Interfaces.

admin-state

Configures the port administrative state:

  • up - Enabled

  • down - Disabled

Important:

  • This change does not survive reboot of the Orchestrator (a fix for this known limitation MBS-11339 is planned for a future Take of the R80.20SP Jumbo Hotfix Accumulator).

  • By design, in Dual Site, when you run this command on one of the Orchestrators, the corresponding port on the peer Orchestrator on the other site changes its state in the same way. For more information, see sk175549.

mtu

Configures the port MTU.

Valid range: 68 - 10236 bytes.

Default: 10236 bytes.

qsfp-mode

Configures the QSFP mode:

  • 1G - Port works with 1 GbE speed (only 10 GbE ports support this mode)

  • 10G - Port works with 10 GbE speed

  • 4x10G - Split of a 40 GbE port into four ports that work with 10 GbE speed each

  • 4x25G - Support for this mode is planned

  • 40G - Port works with 40 GbE speed

  • 100G - Port works with 100 GbE speed

Important

  • On MHO-170 ports, you can configure only these modes:

    • Ports with odd <Port Label> numbers (1, 3, 5, and so on) - 4x10G, 40G, or 100G

    • Ports with even <Port Label> numbers (2, 4, 6, and so on) - 40G or 100G

  • On MHO-140 ports, you can configure only these port modes:

    • Ports with the <Port Label> from 1 to 48 - 1G or 10G

    • Ports with the <Port Label> from 49, 51, 53, and 55 - 4x10G, 40G, or 100G

    • Ports with the <Port Label> from 50, 52, 54, and 56 - 40G or 100G

type

Configures the port type:

  • downlink - Connects to Check Point Security Appliances

  • uplink - Connects to external and internal production networks

  • management - Connects to Management Server that manages the applicable Security Group

  • site_sync - External synchronization in Dual Site deployment

The no-confirmation parameter is optional. If specified, the command does not ask you for confirmation and audit information.

Important:

  • On MHO-170, you can configure only these port types:

    • Port 1 and Port 2 only as management or as downlink

    • Ports 3 and higher only as uplink, downlink, site_sync, or ssm_sync (for intra-site sync redundancy)

  • On MHO-140, you can configure only these port types:

    • Ports 1 - 4 only as management or as downlink

    • Ports 5 and higher only as uplink, downlink, site_sync, or ssm_sync (for intra-site sync redundancy)

  • You cannot change the type of the dedicated Internal Synchronization port:

    • MHO-170 - Port 32

    • MHO-140 - Port 48

Example 1 - Viewing all available ports

MHO> set maestro port [TAB]

1/42/1 1/48/1 1/43/1 1/55/1 1/56/1 1/49/1 1/51/1 1/24/1 1/25/1
1/26/1 1/27/1 1/20/1 1/21/1 1/22/1 1/23/1 1/46/1 1/47/1 1/44/1
1/45/1 1/28/1 1/29/1 1/40/1 1/41/1 1/1/1 1/3/1 1/2/1 1/5/1
1/4/1 1/7/1 1/6/1 1/9/1 1/8/1 1/50/1 1/39/1 1/38/1 1/54/1
1/11/1 1/10/1 1/13/1 1/12/1 1/15/1 1/14/1 1/17/1 1/16/1 1/19/1
1/18/1 1/31/1 1/30/1 1/37/1 1/36/1 1/35/1 1/34/1 1/33/1 1/52/1
1/32/1 1/53/1

MHO>

Example 2 - Changing the port administrative state

MHO> set maestro port 1/20/1 admin-state down

You are about to perform "set maestro port 1/20/1 admin-state down"

Action might lead to traffic impact

 

Are you sure? (Y - yes, any other key - no) y

Successfully set port 20 admin-state to down

MHO>

Example 3 - Changing the port MTU

MHO> set maestro port 1/20/1 mtu 10236

You are about to perform "set maestro port 1/20/1 mtu 10236"

Action might lead to traffic impact

 

Are you sure? (Y - yes, any other key - no) y

Successfully set port 20 mtu to 10236

MHO>

Example 4 - Changing the port QSFP mode

MHO> set maestro port 1/20/1 qsfp-mode 10G

You are about to perform "set maestro port 1/20/1 qsfp-mode 10G"

Action might lead to traffic impact

 

Are you sure? (Y - yes, any other key - no) y

Successfully set port 20 qsfp-mode to 10G success

MHO>

Example 5 - Changing the port type

MHO> set maestro port 1/20/1 type uplink

You are about to perform "set maestro port 1/20/1 type uplink"

Are you sure? (Y - yes, any other key - no) y

 

"set maestro port 1/20/1 type uplink" requires auditing

Enter your full name: johndoe

Enter reason for "set maestro port 1/20/1 type uplink" [Maintenance]: test

WARNING: "set maestro port 1/20/1 type uplink", User: johndoe, Reason: test

Are you sure? (Y - yes, any other key - no) y

 

Successfully set port 1/20/1 type to uplink

MHO>

MHO> exit

[Expert@MHO:0]#

Example 6 - Changing the port type with automatic confirmation

MHO> set maestro port 1/20/1 type uplink no-confirmation

You are about to perform "set maestro port 1/20/1 type uplink no-confirmation"

Are you sure? (Y - yes, any other key - no) y

 

"set maestro port 1/20/1 type uplink no-confirmation" requires auditing

Enter your full name: johndoe

Enter reason for "set maestro port 1/20/1 type uplink no-confirmation" [Maintenance]: test

WARNING: "set maestro port 1/20/1 type uplink no-confirmation", User: johndoe, Reason: test

 

Successfully set port 1/20/1 type to uplink

MHO>

MHO> exit

[Expert@MHO:0]#

Description

These commands show the configured settings on the Quantum Maestro Orchestrator's ports.

Syntax

show maestro port <Port ID>

      admin-state

      mtu

      optic-info

      qsfp-mode

      type

      vlans

Parameters

Parameter

Description

<Port ID>

Specifies the port to configure.

The format is three numbers separated with a slash:

<Quantum Maestro Orchestrator ID>/<Port Label>/<Port Split ID>

Examples:

  • 1/3/1

  • 1/54/1

Notes:

  • If the port is not split with a breakout cable, then the default value of the <Port Split ID> is 1.

  • To see the available Port IDs, press the Tab key.

  • To see the Port IDs and the names Gaia OS assigned to them, connect to the Gaia Portal on the Quantum Maestro Orchestrator and click Orchestrator page.

    For the default mapping, see the Quantum Maestro Getting Started Guide - Section Maestro Hyperscale Orchestrator Ports and Gaia OS Interfaces.

admin-state

Shows the port administrative state:

  • up - Enabled

  • down - Disabled

mtu

Shows the port MTU.

optic-info

Shows the information about the QSFP transceiver.

qsfp-mode

Shows the QSFP mode:

  • 1G - Port works with 1 GbE speed (only 10 GbE ports support this mode)

  • 10G - Port works with 10 GbE speed

  • 4x10G - Split of a 40 GbE port into four ports that work with 10 GbE speed each

  • 4x25G - Support for this mode is planned

  • 40G - Port works with 40 GbE speed

  • 100G - Port works with 100 GbE speed

type

Shows the port type:

  • downlink - Connects to Check Point Security Appliances

  • uplink - Connects to external and internal production networks

  • management - Connects to Management Server that manages the applicable Security Group

vlans

Shows the VLAN IDs configured on this port.

Example 1 - Viewing all available ports

MHO> show maestro port [TAB]

1/42/1 1/48/1 1/43/1 1/55/1 1/56/1 1/49/1 1/51/1 1/24/1 1/25/1
1/26/1 1/27/1 1/20/1 1/21/1 1/22/1 1/23/1 1/46/1 1/47/1 1/44/1
1/45/1 1/28/1 1/29/1 1/40/1 1/41/1 1/1/1 1/3/1 1/2/1 1/5/1
1/4/1 1/7/1 1/6/1 1/9/1 1/8/1 1/50/1 1/39/1 1/38/1 1/54/1
1/11/1 1/10/1 1/13/1 1/12/1 1/15/1 1/14/1 1/17/1 1/16/1 1/19/1
1/18/1 1/31/1 1/30/1 1/37/1 1/36/1 1/35/1 1/34/1 1/33/1 1/52/1
1/32/1 1/53/1

MHO>

Example 2 - Viewing the port administrative state

MHO> show maestro port 1/4/1 admin-state

Port 1/4/1 admin-state is down

MHO>

 

MHO> show maestro port 1/27/1 admin-state

Port 1/27/1 admin-state is up

MHO>

Example 3 - Viewing the port MTU

MHO> show maestro port 1/27/1 mtu

Port 27 mtu is 10236

MHO>

Example 4 - Viewing the QSFP transceiver information

MHO> show maestro port 1/27/1 optic-info

Port:27

Vendor Name:Gigalight

Serial Number:GE18190022

Part Number:GPP-PC192-3001CP

Check Point Part Number:NIY4471

Enforcement:Supported

Check Point SKU:CPAC-DAC-10G-1M-B

Material ID:320904

Product Type:10GBASE-CU-1M

Speed:10G

MHO>

Example 5 - Viewing the port QSFP mode

MHO> show maestro port 1/27/1 qsfp-mode

Port 27 qsfp-mode is 10G

MHO>

MHO> show maestro port 1/55/1 qsfp-mode

Port 55 qsfp-mode is 100G

MHO>

Example 6 - Viewing the port type

MHO> show maestro port 1/1/1 type

Port 1/4/1 type is management

MHO>

MHO> show maestro port 1/27/1 type

Port 1/27/1 type is downlink

MHO>

MHO> show maestro port 1/55/1 type

Port 1/55/1 type is uplink

MHO>

Example 7 - Viewing the VLAN IDs

MHO> show maestro port 1/20/1 vlans

Port 1/20/1 vlans are: 100 200

MHO>

Description

This command shows the Security Group settings on the Quantum Maestro Orchestrator.

Syntax

show maestro security-group id <Security Group ID>

Parameters

Parameter

Description

id <Security Group ID>

Specifies the Security Group ID.

To see the existing IDs, press the Tab key.

Example

MHO> show maestro security-group id 1

name: 1

 - uplinks:

  - eth1-05:

   - physical: Port 1/5/1

  - eth1-Mgmt1:

   - physical: Port 1/1/1

  - eth2-05:

   - physical: Port 2/5/1

 - mgmt_ip: 192.168.19.52

 - sic_pass: 12345

 - hostname: MyGW1

 - default_gw: 192.168.19.1

 - is_vsx: false

 - gateways:

  - 1:

   - serial: 2222222222

   - model: Check Point 16000

  - 3:

   - serial: 3333333333

   - model: Check Point 16000

  - 2:

   - serial: 4444444444

   - model: Check Point 16000

  - 4:

   - serial: 5555555555

   - model: Check Point 16000

 - mgmt_netmask: 24

MHO>