Page tree

Contents


Note: This feature is not supported on vNIOS Grid members for Riverbed.


The LAN2 port is a 10/100/1000Base-T Ethernet connector on the front panel of the TE-810, TE-820, TE-1410,
TE-1420, TE-2210, TE-2220, and IB-4010 appliances. By default, the LAN2 port is disabled and the appliance uses the LAN1 port (and HA port when deployed in an HA pair). Before you can enable and configure the LAN2 port on a Grid member, you must first configure the member and join it to the Grid. You must also have read/write permission to the Grid member on which you want to enable the port. When you enable the LAN2 port and SNMP, the appliance sends traps from this port for LAN2 related events.
You can configure the LAN2 port in different ways. You can enable the port redundancy or port failover feature, which groups the LAN1 and LAN2 ports into one logical interface. The LAN1/LAN2 grouping can be activated for both IPv4 and IPv6. Alternatively, you can configure the LAN2 port on a different IP network than LAN1, and enable the LAN2 port to provide DNS and DHCP services. For information about these features, see the following sections:

  • For information about the LAN2 failover feature, see bookmark913.
  • For information about configuring the LAN2 port, see bookmark916.
  • For information about enabling the LAN2 port to provide DHCP services, see bookmark917.
  • For information about enabling the LAN2 port to provide DNS services, see bookmark919.

Note that you cannot use the LAN2 port to access the GUI and the API, or to connect to the Grid. This can impact the ability of other appliances, such as the Network Automation and PortIQ appliances, to communicate with the Grid Master.
Any IPv6 services enabled for the LAN2 port also require provisioning of an IP address on the LAN2 port.

About Port Redundancy

You can configure the LAN2 or LAN2 (VLAN) port to provide redundancy and additional fault tolerance in your network. Port redundancy is transparently supported for both IPv4 and IPv6. When you enable port redundancy, the LAN1 or LAN1 (VLAN) and LAN2 or LAN2 (VLAN) ports are grouped into one logical interface. They share one IP address and appear as one interface to the network. Then, if a link to one of the ports fails or is disabled, the appliance fails over to the other port, avoiding a service disruption.
You can connect the LAN1 or LAN1 (VLAN) and LAN2 or LAN2 (VLAN) ports to the same switch or to different switches, but they must be on the same VLAN. One port is active and the other port is idle at all times. In case of failure in the LAN1 or LAN1 (VLAN) port, the LAN2 or LAN2 (VLAN) port becomes active and once the LAN1 or LAN1 (VLAN) port is active again, the LAN2 or LAN2 (VLAN) port becomes passive.


Note: When configuring port redundancy, the speed of the interfaces is not taken into consideration when selecting the active interface.


The LAN1 or LAN1 (VLAN) and LAN2 or LAN2 (VLAN) ports share the IP address of the LAN1 or LAN1 (VLAN) port; the port that is currently active owns the IP address. When you enable services on the appliance, such as DNS and DHCP, clients send their service requests to the LAN1 or LAN1 (VLAN) port IP address and receive replies from it as well. The port supports the services and features supported on the LAN1 or LAN1 (VLAN) port as listed in Table 8.4 and Table 8.5. You cannot enable the port redundancy feature if the LAN2 or LAN2 (VLAN) port is serving DNS or DHCP.
For example, you can use the MGMT port for Grid communications, as shown in bookmark915, and the LAN1 and LAN2 ports are connected to the same switch. The LAN1 and LAN2 port share the IP address of the LAN1 port, which is 1.1.1.5. In the illustration, LAN1 is the active port.

You can also have the MGMT port disabled and configure LAN1 and LAN2 for port redundancy. You can enable port redundancy on single or HA independent appliances and Grid members. Note that NIC bonding is not supported for OpenStack instances.

Figure 8.6 Using the LAN2 Failover Feature


Before you enable port redundancy, ensure that both LAN1 and LAN2 are enabled. To enable port redundancy:

  1. From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member check box, and then click the Edit icon.
  2. In the Network -> Basic tab of the Grid Member Properties editor, select the Enable port redundancy on LAN/LAN2 check box.
  3. Save the configuration and click Restart if it appears at the top of the screen.

The Detailed Status panel displays the status of both the LAN1 and LAN2 ports. In an HA pair, both nodes display the port information when port redundancy is enabled.

Configuring the LAN2 Port

Before you enable the LAN2 port to provide DHCP and DNS services, you must specify its IP address and other properties. You can configure both IPv4 and IPv6 addresses for the LAN2 port of an IPv4, IPv6 and dual mode (IPv4 and IPv6) Grid member.
To configure the LAN2 port:

  1. From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member check box, and then click the Edit icon.
  2. In the Network -> Basic tab of the GridMemberProperties editor, click the Add icon of the Additional Ports and Addresses table and select LAN2(IPv4) or LAN2(IPv6) from the drop-down list. Enter the following:
    • Interface: Displays the name of the interface. You cannot modify this.
    • Address: Type the IP address for the LAN2 port, which must be in a different subnet from that of the LAN1 and HA ports.
    • Subnet Mask (IPv4) or Prefix Length (IPv6): Specify an appropriate subnet mask for IPv4 address and prefix length for IPv6 address.
    • Gateway: Type the default gateway for the LAN2 port.
    • VLAN Tag: Enter the VLAN tag ID if the port is configured for VLANs. You can enter a number from 1 to 4095.For information about VLAN, see About Virtual LANs.
    • Port Settings: From the drop-down list, choose the connection speed that you want the port to use. You can also choose the duplex setting. Choose Full for concurrent bidirectional data transmission or Half for data transmission in one direction at a time. Select Automatic to instruct the NIOS appliance to negotiate the optimum port connection type (full or half duplex) and speed with the connecting switch automatically. This is the default setting. You cannot configure port settings for vNIOS appliances.
    • DSCP Value: Displays the Grid DSCP value. To modify, click Override and then enter the DSCP value. You can enter a value from 0 to 63. For information about DSCP, see Implementing Quality of Service Using DSCP.
    • LAN2 Virtual Router ID (if HA): If the appliance is in an HA pair, enter a VRID number.
  3. Save the configuration and click Restart if it appears at the top of the screen.

The Detailed Status panel displays the status of the LAN2 port. In an HA pair, only the active node displays the LAN2 information.

Enabling DHCP on LAN2

You can configure an appliance to provide DHCP service through the LAN1 port, LAN2 port, or both the LAN1 and LAN2 ports. Note that when you enable both ports, they must be connected to different subnets. You can also start and stop DHCP service for IPv4 or IPv6 on the LAN1 or LAN2 port after you have enabled the service.
After you configure the LAN2 port, you can enable DHCP services on the LAN2 port as follows:

  1. From the Data Management tab, select the DHCP tab -> Members tab -> Grid_member check box, and then click the Edit icon.
  2. If you are running DHCP for IPv4: In the General -> Basic tab of the Member DHCP Configuration editor, select the IPv4 check box for LAN2 under DHCP Interfaces.
    If you are running DHCP for IPv6: In the General -> Basic tab of the Member DHCP Configuration editor, select the IPv6 check box for LAN2 under DHCP Interfaces. (An IPv6 address must also be provisioned for the port.)
    You can run either or both protocols for DHCP depending on your network deployment.
  3. Save the configuration and click Restart if it appears at the top of the screen.

Enabling DNS on LAN2

If you enable DNS on an appliance, it always serves DNS on the LAN1 port. Optionally, you can configure the appliance to provide DNS services through the LAN2 port as well. For example, the appliance can provide DNS services through the LAN1 port for internal clients on a private network, and DNS services through the LAN2 port for external clients on a public network.
After you configure the LAN2 port, you can enable DNS services on the LAN2 port as follows:

  1. From the Data Management tab, select the DNS tab -> Members tab -> Grid_member check box, and then click the Edit icon.
  2. In the General -> Basic tab of the Member DNS Configuration editor, do the following:
    If you are running DNS for IPv4: In the General -> Basic tab of the Member DHCP Configuration editor, select the IPv4 check box for LAN2 under DNS Interfaces.
    If you are running DNS for IPv6: In the General -> Basic tab of the Member DHCP Configuration editor, select the IPv6 check box for LAN2 under DNS Interfaces. (An IPv6 address must also be provisioned for the port.)
    You can run either or both protocols for DNS depending on your network deployment.
    Automatically create glue A and PTR records for LAN2's address: The NIOS appliance can automatically generate A (address) and PTR records for a primary name server whose host name belongs to the name space of the zone. Select this check box to enable the appliance to automatically generate an A and PTR record.
    Automatically create IPv6 glue AAAA and PTR records for LAN2's address: automatically generate AAAA and PTR records for the LAN2 IPv6 address. A glue record is the IP address of a name server held at the domain name registry. They are needed to set a domain's name server to a host name within the domain. Example: to set the name servers of ns1.corpxyz.com and ns2.corpxyz.com, provide the glue records, which are in effect the IP addresses, for ns1.corpxyz.com and ns2.corpxyz.com, within specific DNS record types.
    Without the glue records, DNS requests never resolve to the correct IP address because the domain registry does not associate the IP with the correct records.
  3. In the General -> Advanced tab (click Toggle Advanced Mode if necessary), select one of the follow ing from the Send queries from and the Send notify messages and zone transfer request from drop-down lists:
    • VIP: The appliance uses the IP address of the HA port as the source for queries, notifies, and zone transfer requests.
    • MGMT: The appliance uses the IP address of the MGMT port as the source for queries, notifies, and zone transfer requests.
    • LAN2: The appliance uses the IP address of the LAN2 port as the source for queries, notifies, and zone transfer requests.
    • Any: The appliance chooses which port to use as the source for queries, notifies, and zone transfer requests.
      The Send queries from drop-down list also includes loopback IP addresses that you configured. You can select a loopback address as the source for queries.
  1. Save the configuration and click Restart if it appears at the top of the screen.
  2. Click Restart to restart services.
  • No labels

This page has no comments.