Avaya P333R-LB Скачать руководство пользователя страница 128

Страница: 128 / 218

Chapter 12

Avaya P330 Layer 3 Features

114

Avaya

P333R-LB

User’s Guide

Содержание P333R-LB

Страница 1: ...Avaya Installation and Configuration Guide AVAYA P333R LB STACKABLE SWITCH SOFTWARE VERSION 4 0 April 2003...

Страница 2: ......

Страница 3: ...30 Device Manager Embedded Web 2 Avaya P330 Command Line Interface CLI 2 Avaya Multi Service Network Manager MSNM 2 Port Mirroring 2 SMON 3 Fans Power Supply and BUPS Monitoring 3 Chapter 2 Standards...

Страница 4: ...ansion Module 14 ATM Expansion Modules 14 Safety Information 15 WAN Expansion Modules 15 Section 2 Installing the P330 Chapter 4 Installation 19 Required Tools 19 Site Preparation 19 Rack Mounting Opt...

Страница 5: ...ion 39 Introduction 39 CLI Architecture 39 Security Levels 39 Entering the Supervisor Level 40 Defining new local users 40 Exiting the Supervisor Level 41 Entering the CLI 41 RADIUS 41 Introduction to...

Страница 6: ...t Based Authentication Works 67 PBNAC Implementation in the P330 Family 67 Configuring the P330 for PBNAC 68 PBNAC CLI Commands 68 Spanning Tree Protocol 71 Overview 71 Spanning Tree Protocol 71 Spann...

Страница 7: ...P Configuration CLI Commands 92 Assigning Initial Router Parameters 93 RIP Routing Interchange Protocol Configuration 95 RIP Overview 95 RIP2 96 RIP CLI Commands 96 OSPF Open Shortest Path First Confi...

Страница 8: ...12 Layer 3 Configuration File 113 Chapter 13 Layer 3 Redundancy 115 VRRP 115 VRRP Commands 116 Configuration Example 118 SRRP 121 SRRP Commands 121 Additional Redundancy Schemes 122 Real Server Group...

Страница 9: ...alancing 26 Configuring Server Load Balancing in the P333R LB 28 Half NAT Based Configuration 28 Full NAT Load Balancing 30 Full NAT Based Configuration 32 Direct Server Return DSR Triangulation Redir...

Страница 10: ...Plug In on your Web Site 64 Section 2 Troubleshooting and Maintaining the P330 Chapter 16 Troubleshooting the Installation 67 Troubleshooting the Installation 67 Chapter 17 Maintenance 69 Introduction...

Страница 11: ...harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with t...

Страница 12: ...g in inverted commas Notes Cautions and Warnings Note Notes contain helpful information or hints or reference to material in other documentation Caution You should take care You could do something tha...

Страница 13: ...Avaya AVAYA P333R LB SECTION 1 OVERVIEW OF THE P330...

Страница 14: ......

Страница 15: ...a P330 is fully compliant with IEEE standards for VLAN Tagging Gigabit Ethernet Spanning Tree and Flow Control This full standards compliance combined with auto negotiation for 10 100 1000 Mbps and ha...

Страница 16: ...for local or remote configuration of Avaya P330 features and functions Avaya Multi Service Network Manager MSNM When you need extra control and monitoring or wish to manage other Avaya network equipm...

Страница 17: ...terprise Monitoring Device Monitoring VLAN Monitoring Port level Monitoring This top down approach gives you rapid troubleshooting and performance trending to keep the network running optimally Note M...

Страница 18: ...Chapter 1 Avaya P333R LB Overview 4 Avaya P333R LB User s Guide...

Страница 19: ...d Internet RFC 1155 Simple Network Management Protocol SNMP RFC 1157 PPP Internet Protocol Control Protocol IPCP RFC 1332 PPP Authentication Protocols PAP CHAP RFC 1334 PPP RFC 1661 ATM Management RFC...

Страница 20: ...ications and Extensions for the Bootstrap Protocol Information RFC 1542 OSPF Version 2 RFC 1583 RIP Version 2 Carrying Additional Information RFC 1723 RIP Version 2 MIB Extension RFC 1724 Requirements...

Страница 21: ...vironmental Height 2U 88 mm 3 5 Width 482 6 mm 19 Depth 450 mm 17 7 Weight 7 5 kg 16 5 lb Input voltage 100 to 240 VAC 50 60 Hz Power dissipation 150 W max Input current 5 3 A Input voltage 36 to 72 V...

Страница 22: ...icted Access Areas only Installation Codes This unit must be installed in accordance with the US National Electrical Code Article 110 and the Canadian Electrical Code Section 12 Conductor Ampacity Per...

Страница 23: ...nector on front panel Basic MTBF hrs minimum Stacking Module Table A 1 Stacking Module Expansion Modules Gigabit Ethernet Expansion Modules Laser Safety The Avaya X330S1 S2 multi mode transceivers and...

Страница 24: ...ditions of operation Caution The use of optical instruments with this product will increase eye hazard Usage Restriction The optical ports of the module must be terminated with an optical connector or...

Страница 25: ...62 5 m and 50 m MMF Min 20 dbm Max 3 dbm Fast Ethernet Fiber Expansion Module Ethernet Fast Ethernet Expansion Module Table A 3 Fiber Fast Ethernet Expansion Module Name Number of Ports Interface X330...

Страница 26: ...he X330G2 Expansion Module socket This provides you with a highly modular and customisable Gigabit Ethernet interface The GBIC transceivers are hot swappable Safety Information The multimode and singl...

Страница 27: ...ode fiber SMF cable may be connected to a 1000Base LX GBIC port The maximum length is 10 km 32 808 ft A 50 mm or 62 5 mm multimode MMF fiber cable may be connected to a 1000Base LX GBIC port The maxim...

Страница 28: ...software versions 2 4 and higher ATM Expansion Modules There are two Avaya P330 ATM Expansion Modules X330 OC12F1 500m Multimode fiber can also be OC 3 reduced range X330 OC12S1 15 km Single mode fibe...

Страница 29: ...apply to the X330 ATM Modules equipped with multi mode fiber Warning Class 1 LED Product Do not view the LED through any magnifying device while it is powered on Never look directly at the fiber Tx p...

Страница 30: ...rial Ports one 10 100Base T Fast Ethernet port and one Console port An Avaya P330 stack can have X330WAN access router modules inserted in each of the switches in the stack with an expansion slot A ma...

Страница 31: ...Avaya AVAYA P333R LB SECTION 2 INSTALLING THE P330...

Страница 32: ......

Страница 33: ...les can be connected easily and according to the configuration rule Cabling is away from sources of electrical noise such as radio transmitters broadcast amplifiers power lines and fluorescent lightin...

Страница 34: ...r 4 Installation 20 Avaya P333R LB User s Guide Table 4 3 Power Requirements DC Power dissipation 150 W max Input current 5 3 A Input voltage 36 to 72 VDC Power dissipation 150 W max Input current 5 1...

Страница 35: ...ends of the front panel to reveal the fixing holes 2 Insert the unit into the rack Ensure that the four Avaya P330 screw holes are aligned with the rack hole positions as shown in Figure 4 1 Figure 4...

Страница 36: ...hten the two screws on the side panel of the stacking sub module by turning them Note The Avaya P330 switch must not be operated with the back slot open the stacking sub module should be covered with...

Страница 37: ...stack redundancy use the Redundant Cable to connect the port marked to lower unit on the bottom switch to the port marked to upper unit on the top switch of the stack 5 Power up the added modules Caut...

Страница 38: ...S Connector Power Supply Connector BUPS Connector Power Supply Connector BUPS Connector Power Supply Connector BUPS Connector 5 4 3 2 1 Cable to Upper Unit Cable to Lower Unit Cable to Upper Unit Cabl...

Страница 39: ...if installed 2 Insert the sub module gently into the slot ensuring that the Printed Circuit Board PCB is aligned with the guide rails The PCB not the metal base plate fits into the guide rail 3 Firmly...

Страница 40: ...T 100Base FX 1000Base T 1000Base SX and 1000Base LX WAN by type X330W 2DS1 E1 T1 10 100Base T X330W 2USP USP V 35 10 100Base T Note To interconnect Avaya P330 switches with twisted pairs crossed cable...

Страница 41: ...Diameter m Modal Bandwidth MhzKm Maximum Distance m Minimum Distance m Wavelength nm 1000BASE SX MM 62 5 160 220 2 850 1000BASE SX MM 62 5 200 275 2 850 1000BASE SX MM 50 400 500 2 850 1000BASE SX MM...

Страница 42: ...Chapter 4 Installation 28 Avaya P333R LB User s Guide...

Страница 43: ...t version of the Avaya P330 connect the power cable to the switch at the input terminal block 1 The terminals are marked and with the IEC 5019a Ground symbol 2 The size of the three screws in the term...

Страница 44: ...cation please refer to Troubleshooting the Installation Table 5 1 Post Installation Indications Procedure Indication Troubleshooting Information Powering the P330 All front panel LEDs illuminate brief...

Страница 45: ...nated function LED The function is selected by pressing the left or right button until the desired parameter LED is illuminated Figure 6 1 shows the Avaya front panel shows a detailed view of the LEDs...

Страница 46: ...d Redundant cable are connected correctly This LED will also light in Standalone mode Blink Box is the stack Master and the stack is in redundant mode The following Function LEDs apply to ports 1 to 6...

Страница 47: ...N 100 1000 LAG Link Aggregation Group Trunking OFF No LAG defined for this port ON Port belongs to a LAG Table 6 2 Avaya P330 Select buttons Description Function Left Right Individual select LED funct...

Страница 48: ...aya P333R LB User s Guide BUPS Input Connector The BUPS input connector is a 5 VDC connector for use with the Avaya P330 BUPS unit only A BUPS Input sticker appears directly to the right the BUPS inpu...

Страница 49: ...e 9600 bps Data Bits 8 bits Parity None Stop Bit 1 Flow Control None Terminal Emulation VT 100 Connecting a Terminal to the Avaya P330 Serial port Perform the following steps to connect a terminal to...

Страница 50: ...on router To configure the switch parameters on module 6 type the command session 6 switch Note When you use the session command the security level stays the same Assigning P330 s IP Stack Address Not...

Страница 51: ...the network 2 Verify that you can communicate with the Avaya P330 using Ping to the IP of the Avaya P330 If there is no response using Ping check the IP address and default gateway of both the Avaya...

Страница 52: ...ervisor Level 4 At the prompt type set interface ppp ip_addr net mask with an IP address and netmask to be used by the Avaya P330 to connect via its PPP interface Note The PPP interface configured wit...

Страница 53: ...ya P330 Reference Guide To switch between the entities use the session command Security Levels There are four security access levels User Privileged Configure and Supervisor The User level read only i...

Страница 54: ...e of the CLI If you change the passwords of the CLI then those passwords become active for Web management as well Entering the Supervisor Level The Supervisor level is the level in which you first ent...

Страница 55: ...ead write user has to be changed into a read only user you must change all the read write passwords configured locally in every switch in order to prevent him from accessing this level This is obvious...

Страница 56: ...ment The Remote Authentication Dial In User Service RADIUS is an IETF standard RFC 2138 client server security protocol Security and login information is stored in a central location known as the RADI...

Страница 57: ...entication Procedure Radius Commands User attempts login Local User account authenticated in switch Perform log in according to user s priviliege level to switch Yes Authentication request sent to RAD...

Страница 58: ...ss set radius authentication server Configure a character string to be used as a shared secret between the switch and the RADIUS server set radius authentication secret Set the RFC 2138 approved UDP p...

Страница 59: ...anager is done by checking the Source IP address of the packets thus if the Source IP address is modified on the way NAT Proxy etc even an Allowed Manager will not be able to access the P330 Allowed M...

Страница 60: ...Chapter 8 User Authentication 46 Avaya P333R LB User s Guide...

Страница 61: ...Avaya AVAYA P333R LB SECTION 3 CONFIGURATION OF THE P330...

Страница 62: ......

Страница 63: ...expansion modules and Media Gateway Processor of G700 session Display or set the terminal width in characters terminal width Display or set the terminal length in lines terminal length Display or set...

Страница 64: ...to configure and display the mode of operation for the switch and display key parameters In order to Use the following command Configure the system name set system name Configure the system contact pe...

Страница 65: ...information and acquiring parameters In order to Use the following command Restore the time zone to its default UTC clear timezone Configure the time zone for the system set timezone Configure the ti...

Страница 66: ...Chapter 9 Basic Switch Configuration 52 Avaya P333R LB User s Guide...

Страница 67: ...see Embedded Web Manager For instructions on the use of the graphical user interfaces refer to the Device Manager User s Guide on the Documentation and Utilities CD Avaya P330 Default Settings The de...

Страница 68: ...Default Setting 10 100Base TX ports 100Base F ports 1000 Base X ports Duplex mode Full duplex Full duplex Full duplex only Port Speed 100M 100M 1000M Flow control Off Off Off Flow control advertisemen...

Страница 69: ...tions operate in their default settings unless configured otherwise Port priority 0 0 0 Spanning Tree cost 20 20 4 Spanning Tree port priority 128 128 128 1 Ensure that the other side is also set to A...

Страница 70: ...Chapter 10 Default Settings of the P330 56 Avaya P333R LB User s Guide...

Страница 71: ...d Network Access Control Spanning Tree Protocol Rapid Spanning Tree Protocol MAC Security Link Aggregation Group LAG Port Redundancy IP Multicast Filtering Stack Health Stack Redundancy Port Classific...

Страница 72: ...tocol that runs between two stations two switchs or a station and a switch When enabled Auto Negotiation negotiates port speed and duplex mode by detecting the highest common denominator port connecti...

Страница 73: ...etworkl traffic Priority determines in which order packets are sent on the network and is a key part of QoS Quality of Service The IEEE standard for priority on Ethernet networks is 802 1p Avaya P330...

Страница 74: ...reply is received the CAM table is updated with the new address VLAN port mapping Ethernet Configuration CLI Commands The following table contains a list of the configuration CLI commands for the Eth...

Страница 75: ...level of a port set port level Display settings and status for all ports show port Display per port status information related to flow control show port flowcontrol Display the flow control advertisem...

Страница 76: ...the Management VLAN consists of stations on numerous floors of the building and which are connected to both Device A and Device B Figure 11 1 VLAN Overview In virtual topological networks the network...

Страница 77: ...e port are assigned the port s VLAN ID Tagged frames are unaffected by the port s VLAN ID The Tagging Mode determines the behavior of the port that processes outgoing frames If Tagging Mode is set to...

Страница 78: ...urity When a VLAN tagged packet arrives at a port only the packets with the VLAN tag corresponding to the VLANs which are configured on the port will be accepted Packets with other VLAN tags will be d...

Страница 79: ...t port vlan Define the port binding method set port vlan binding mode Define a static VLAN for a port set port static vlan Configure the tagging mode of a port set trunk Create VLANs set vlan Display...

Страница 80: ...yer 2 Features 66 Avaya P333R LB User s Guide VLAN Implementation in the Avaya P333R LB This section describes the implementation of the VLAN feature in the Avaya P333R LB No of VLANs 1024 tagged VLAN...

Страница 81: ...a means of authenticating and authorizing users attached to a LAN port and of preventing access to that port in cases wher the authentication process fails The authentication procedure is port based w...

Страница 82: ...ure RADIUS parameters Enable the RADIUS feature Configure the port used to access the RADIUS server as force authorized Connect the Supplicant i e Windows XP clients directly to the P330 Verify that t...

Страница 83: ...statistics Set the minimal idle time between authentication attempts set dot1x quiet period Set the time interval between attempts to access the Authenticated Station set dot1x tx period Set the serve...

Страница 84: ...per port a time interval between attempts to access the Authenticated Station set port dot1x tx period Set the supp timeout per port a time for the port to wait for a reply from the Authenticated Sta...

Страница 85: ...ut of any arrangement of bridges The result is a single path between any two end stations on an extended network Provides a high degree of fault tolerance It allows the network to automatically reconf...

Страница 86: ...e to the network segment The RSTP algorithm makes it possible to change port roles rapidly through its fast topology change propagation mechanism For example a port in the blocking state can be assign...

Страница 87: ...itations that govern the implementation of Spanning Tree in the P330 line RSTP s fast convergence benefits are lost when interacting with legacy STP bridges When RSTP detects STP Bridge Protocol Data...

Страница 88: ...andss In order to Use the following command Enable Disable the spanning tree application for the switch set spantree Set the bridge priority for spanning tree set spantree priority Set the RSTP bridge...

Страница 89: ...admin and operational RSTP state show port edge state Set the port as an RSTP edge port or non edge port set port edge admin state Set the port point to point admin status set port point to point adm...

Страница 90: ...y 15 minutes if the intrusion continues User should first enable the MAC security global mode set security mode and then configure the ports which should be secured set port security When setting a po...

Страница 91: ...ession command set secure mac Remove a unicast MAC address from CAM table of a secured port session command clear secure mac Display the status of the MAC security feature enabled disabled show securi...

Страница 92: ...of the base port such as port speed VLAN number etc are applied to all the other member ports in the LAG When created each LAG is automatically assigned a logical port number usually designated 10x Th...

Страница 93: ...tion describes the implementation of the LAG feature in the P330 Family of products The P333R LB supports up to 5 LAGs Up to three LAGs from three groups of 8 10 100 Mbps ports Logical port 101 ports1...

Страница 94: ...ts up to 20 pairs of ports per stack The redundant or secondary port takes over when the primary port link is down Port redundancy provides for the following in the P330 Switchback from the secondary...

Страница 95: ...Note Defining intermodule port redundancy on ports with no link causes both ports to be disabled You should connect the link prior to attempting to define intermodule port redundancy Note Once a port...

Страница 96: ...ration set port redundancy interval Display information on port redundancy schemes show port redundancy Define the switch s unique intermodule redundancy scheme set intermodule port redundancy Clear t...

Страница 97: ...tch ports need to receive which multicast packets and configures the necessary information into the switch s hardware tables This learning is based on IGMP version 1 or 2 snooping The multicast filter...

Страница 98: ...the Avaya P333R LB No of multicast groups 1000 In order to Use the following command Enable or disable the IP multicast filtering application set intelligent multicast Define aging time for client po...

Страница 99: ...able is present the user is prompted to disconnect one of the short Octaplane cables and the redundant connection will be checked Then when prompted the cable should be reconnected and the test will r...

Страница 100: ...when the port is disabled and a fast aging operation on the CAM table will be performed This feature is particularly useful for the link intermodule redundancy application where you need to be inform...

Страница 101: ...ues uninterrupted The single management IP address for the stack is also preserved for uninterrupted management and monitoring You can remove or replace any unit within the stack without disrupting op...

Страница 102: ...Chapter 11 Avaya P330 Layer 2 Features 88 Avaya P333R LB User s Guide...

Страница 103: ...sements inform other routers of the state of the sender s links Link information can also be used to build a complete picture of the network s topology Once the network topology is understood routers...

Страница 104: ...P Table on page 111 Within an enterprise routers serve as an intranet backbone that interconnects all networks This architecture strings several routers together via a high speed LAN topology such as...

Страница 105: ...r example if there are two interfaces over the same VLAN and you configure DHCP server on one interface it will be used also for the second interface over the same VLAN This behavior might be less exp...

Страница 106: ...ministrative state of an IP interface ip admin state Update the interface broadcast address ip broadcast address Define a default gateway router ip default gateway Define the interface RIP route metri...

Страница 107: ...s Router commands from the Master module type the command session module number router where module number is the location of the router module in the stack and press Enter The command prompt changes...

Страница 108: ...u have created Use the command Router configure if interface name ip address ip address netmask Press Enter 9 Assign a vlan to the IP interface you have created Type Assign a vlan to the IP interface...

Страница 109: ...RIPv1 you must not configure supernets which are networks with a mask smaller than the natural net mask of the address class such as 192 1 0 0 with mask 255 255 0 0 smaller than the natural class C m...

Страница 110: ...following command Configure the Routing Information Protocol RIP router rip Specify a list of networks on which the RIP is running network Redistribute routing information from other protocols into R...

Страница 111: ...Guide 97 Specify the type of authentication used in RIP Version 2 packets ip rip authentication mode Set the authentication string used on the interface ip rip authentication key Specify the RIP time...

Страница 112: ...state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node This calculation is based on a topography of the Internet constructed by each...

Страница 113: ...f cost Specify the time interval between hellos the router sends ip ospf hello interval Configure the interval before declaring the neighbor as dead ip ospf dead interval Configure interface priority...

Страница 114: ...e Local static routes such as those that have no next hop are not allowed Two kinds of static routes can be configured High Preference static routes which are preferred to routes learned from any rout...

Страница 115: ...ault route will not be preferred over a RIP route to the subnet of the destination P330 protocol preferences are listed below from the most to the least preferred 1 Local directly attached net 2 High...

Страница 116: ...1 OSPF external type 2 metric N to RIP metric N 1 Static to OSPF external type 2 metric configurable default 1 RIP metric N to OSPF external type 2 metric N Direct to OSPF external type 2 metric 1 By...

Страница 117: ...address from its IP address This mechanism ability is called ARP Address Resolution Protocol The following mechanism describes how a station builds an ARP Table Figure 12 2 Building an ARP Table Stati...

Страница 118: ...che arp Configure the amount of time that an entry remains in the ARP cache arp timeout Set the amount of time that an entry remains in the ARP cache back to default no arp timeout Set the maximum num...

Страница 119: ...k of IP addresses rather than requiring an administrator to manage the task This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address Man...

Страница 120: ...ach request and sends it to both servers This provides redundancy and prevents the failure of a single server from blocking hosts from loading You can enable or disable or DHCP BOOTP Relay in P330 BOO...

Страница 121: ...erface basis When a netbios broadcast packet arrives from an interface on which netbios rebroadcast is enabled the packet is distributed to all other interfaces configured to rebroadcast netbios If th...

Страница 122: ...red by the user The P330 supports Access Control policy Access Control rules define how the P330 should handle routed packets There are three possible ways to handle such packets Forward the packet Pe...

Страница 123: ...d to a Virtual IP address is processed by P333R LB it checks the packet against the active policy list before any NAT manipulation is performed on the packet Upon returning from the real servers the p...

Страница 124: ...policy list ip access list copy Set the scope of a policy list ip access list scope Verify that all the rules in a priority list are valid validate group Display information about the configured activ...

Страница 125: ...y 6 to all TCP traffic originating in network 149 49 0 0 rule 1 2 Assigning priority 3 to all TCP traffic going to the host 172 44 17 1 rule 2 3 Denying Telnet sessions originated by the host 192 168...

Страница 126: ...ation and reassembly IP Fragmentation works as follows IP packet is divided into fragments each fragment becomes its own IP packet each packet has same identifier source destination address fragments...

Страница 127: ...ands in the file are in CLI format The user can edit the file if required and re configure the router module by downloading the configuration file Although the file can be edited it is recommended to...

Страница 128: ...Chapter 12 Avaya P330 Layer 3 Features 114 Avaya P333R LB User s Guide...

Страница 129: ...iated with a virtual router thus achieving the extreme reliability inherent in the P333R LB SAFER architecture In a VRRP environment host stations interact with the virtual router They are not aware t...

Страница 130: ...ng table displays the VRRP Commands Figure 13 1 VRRP Commands In order to Use the following command Display VRRP information show ip vrrp Display full VRRP related information show ip vrrp detail Enab...

Страница 131: ...17 Set the primary address used as the source address of VRRP packets for the virtual router ID ip vrrp primary Accept packets addressed to the IP address es associated with the virtual router ip vrrp...

Страница 132: ...p interface 1 ip vlan name Default ip address 193 170 1 1 255 255 255 0 interface 2 ip vlan name Default ip address 10 1 1 10 255 255 255 0 enable vlan commands ip vrrp 1 ip vrrp 1 address 10 1 1 10 i...

Страница 133: ...1 3 rsg server group type id slb 1 real slb server 10 1 1 1 real slb server 10 1 1 2 real slb server 10 1 1 3 virtual server web farm id 1 vip 193 170 1 3 virtual slb service www service id 1 applica...

Страница 134: ...1 1 ip vrrp 2 ip vrrp 2 address 193 170 1 3 ip default gateway 193 170 1 4 1 low real slb server 10 1 1 1 real slb server 10 1 1 2 real slb server 10 1 1 3 rsg server group type id slb 1 real slb ser...

Страница 135: ...comes functional again When detecting a failure the backup P333R LB sends a gratuitous ARP message that causes all stations to send their IP traffic to the backup P333R LB MAC address instead of the f...

Страница 136: ...kup RSG is not used for the primary RSG s services until all the Real Servers in the primary RSG are down When backup is implemented the backup RSG runs the primary RSG s service in addition to its ow...

Страница 137: ...n name Default ip address 10 1 1 10 255 255 255 0 interface 3 ip vlan name Default ip address 10 5 1 2 255 255 255 0 interface 1 ip vlan name Default ip address 193 170 1 1 255 255 255 0 ip default ga...

Страница 138: ...lb server 10 5 1 4 real slb server 10 5 1 5 rsg server group type id slb 2 real slb server 10 1 1 1 real slb server 10 1 1 2 real slb server 10 1 1 3 rsg server group backup 1 virtual server web farm...

Страница 139: ...ly checked A backup Real Server will not be used until the primary Real Server is down Note A backup Real Server cannot be a part of an RSG When the primary Real Server has recovered it will resume op...

Страница 140: ...s 10 1 1 10 255 255 255 0 interface 3 ip vlan name Default ip address 10 5 1 2 255 255 255 0 interface 1 ip vlan name Default ip address 193 170 1 1 255 255 255 0 ip default gateway 193 170 1 2 1 low...

Страница 141: ...apter 13 Layer 3 Redundancy Avaya P333R LB User s Guide 127 real slb server 10 1 1 3 virtual server web farm id 1 vip 193 170 1 3 virtual slb service www service id 1 application tcp 80 rsg server gro...

Страница 142: ...Chapter 13 Layer 3 Redundancy 128 Avaya P333R LB User s Guide...

Страница 143: ...multiple firewalls to operate in parallel giving you the ability to Scale firewall performance Eliminate the firewall as the single point of failure How It Works The P333R LB Balances traffic across t...

Страница 144: ...Transparent Routing FWLB one on each side of the firewalls One device intercepts traffic between the protected zone and the firewall and the second device intercepts traffic between the unprotected zo...

Страница 145: ...configured to pass through the P333R LB To configure your network as in Figure 14 1 the following should be done The LAN routers or hosts should be configured with 10 4 1 3 as the next hop toward the...

Страница 146: ...3 255 255 255 0 Done P333R LB 1 1 config if 2 exit P333R LB 1 1 configure real routing fw 10 1 1 1 Done P333R LB 1 1 config rsrvr 10 1 1 1 id 1 Done P333R LB 1 1 config rsrvr 10 1 1 1 exit P333R LB 1...

Страница 147: ...erform the following commands P330 1 configure session router Router 1 configure hostname P333R LB 2 P333R LB 2 1 configure interface 1 Done P333R LB 2 1 config if 1 ip address 193 170 1 1 255 255 255...

Страница 148: ...group real routing fw 10 2 1 1 Done P333R LB 2 1 config rsg fw group real routing fw 10 2 1 2 Done P333R LB 2 1 config rsg fw group exit P333R LB 2 1 configure virtual fw service internal Done P333R...

Страница 149: ...interface 2 ip vlan name Default ip address 10 1 1 3 255 255 255 0 interface 1 ip vlan name Default ip address 10 4 1 3 255 255 255 0 real routing fw 10 1 1 1 id 1 real routing fw 10 1 1 2 id 2 rsg f...

Страница 150: ...55 255 0 interface 1 ip vlan name Default ip address 193 170 1 1 255 255 255 0 ip default gateway 193 170 1 2 1 low real routing fw 10 2 1 1 id 1 real routing fw 10 2 1 2 id 2 rsg fw group type id rou...

Страница 151: ...ts should be configured with 10 4 1 3 as the next hop toward the WAN the default gateway in many cases The access router should be configured with 193 170 1 1 as the next hop toward the LAN The firewa...

Страница 152: ...ult ip address 10 1 1 3 255 255 255 0 interface 1 ip vlan name Default ip address 10 4 1 3 255 255 255 0 real routing fw 10 1 1 1 id 1 real routing fw 10 1 1 2 id 2 rsg fw group type id routing fw 1 r...

Страница 153: ...0 interface 2 ip vlan name Default ip address 193 170 1 1 255 255 255 0 ip default gateway 193 170 1 2 1 low real routing fw 10 2 1 1 id 1 real routing fw 10 2 1 2 id 2 rsg fw group type id routing fw...

Страница 154: ...an name Default ip address 10 3 1 3 255 255 255 0 interface 2 ip vlan name Default ip address 193 170 2 3 255 255 255 0 real routing fw 10 3 1 1 id 1 real routing fw 10 3 1 2 id 2 rsg fw group type id...

Страница 155: ...the default metric parameter for Transparent FWLB Hash is Source IP Destination IP Using the Hash metric sessions are distributed through firewalls using a predefined mathematical hash function This...

Страница 156: ...ollowing figure illustrates how persistency is maintained even though a firewall becomes non operational Figure 14 4 MinMiss Hash Metric Persistency Sustained When Firewall 2 is removed from the group...

Страница 157: ...s overloading and maximizes functionality If you assign a weight to a firewall the sessions are distributed to the firewalls in the same metric chosen Hash or MinMiss Hash However weighted firewalls a...

Страница 158: ...Firewall Load Balancing This section explains how the P333R LB supports non Transparent Routing firewalls and includes configuration examples as well Implementation Non Transparent Routing firewalls a...

Страница 159: ...ing interfaces Therefore IP routes in the network must be configured to pass through the P333R LB To configure your network as in Figure 14 5 the following should be done The LAN routers or hosts shou...

Страница 160: ...ess 10 4 1 3 255 255 255 0 real routing fw 10 1 1 1 id 1 real routing fw 10 1 1 2 id 2 rsg fw group type id routing fw 1 real routing fw 10 1 1 1 real routing fw 10 1 1 2 virtual fw service external i...

Страница 161: ...ween the two load balancers 10 1 1 3 and 10 2 1 3 for health check purposes Configure P333R LB1 to use the Hash metric and set the Hash parameter to destination Configure P333R LB2 to use the Hash met...

Страница 162: ...oad Balancing This section explains how the P333R LB supports Bridging FWLB and includes a configuration example Implementation Bridging firewalls are firewalls that do not perform forwarding at the I...

Страница 163: ...n Example Note The P333R LB performs load balancing on traffic that arrives to its routing interfaces Therefore IP routes in the network must be configured to pass through the P333R LB Internet Access...

Страница 164: ...f Layer 3 Therefore to configure paths through the firewalls P333R LB1 must be configured to view the IP interfaces of P333R LB2 10 1 1 2 10 2 1 2 as its Real Servers P333R LB2 must be configured to v...

Страница 165: ...2 virtual fw service bridging external id 1 bridging fw ip route 0 0 0 0 0 0 0 0 rsg fw group P333R LB 2 set vlan 1 name v1 set vlan 2 name v2 set vlan 3 name v3 hostname P333R LB 2 interface 1 ip vl...

Страница 166: ...ion IP For full information about Hash and MinMiss Hash see Load Balancing Metrics for Transparent Routing FWLB on page 13 For full information on selecting a load balancing metric see Selecting a Loa...

Страница 167: ...d outside the internal network The intrusion attempts might be either via Telnet CLI or SNMP HTTP Embedded Web manager The user can prevent attacks by implementing the following Change the L2 IP addre...

Страница 168: ...etrics on page 37 To intercept traffic to the servers the P333R LB presents itself to the clients as a Virtual Server with a Virtual IP address VIP Client traffic travels to the P333R LB acting as a V...

Страница 169: ...he Real Servers and clients might exist the returning packets could reach the client via a path external to the P333R LB These packets would be labelled with the real IP of the Real Server and not the...

Страница 170: ...only Figure 14 8 illustrates a Half NAT based SLB configuration Figure 14 8 Half NAT Based SLB Configuration Example Note The Real Servers must be configured with the P333R LB as their default gatewa...

Страница 171: ...55 255 255 0 Done P333R LB 1 config if 2 exit P333R LB 1 configure ip default gateway 193 170 1 2 Done P333R LB 1 configure real slb server 10 1 1 1 Done P333R LB 1 config rsrvr 10 1 1 1 exit P333R LB...

Страница 172: ...e P333R LB replaces the Virtual IP address of the P333R LB with the real IP address of the Real Server as in Half NAT load balancing In addition P333R LB replaces the incoming client s IP address with...

Страница 173: ...s own PIP enabling different flows to the same port You prepare banks of IP address ranges and associate each Virtual Service with a bank Note You can create 64 banks of PIP addresses with a total of...

Страница 174: ...the traffic between three Real Servers In addition to the traffic path through the P333R LB a direct path exists between the Clients and the Real Servers through another router The P333R LB is config...

Страница 175: ...srvr 10 1 1 3 exit P333R LB 1 super rsg server group Done P333R LB 1 super rsg server group type id slb 1 Done P333R LB 1 super rsg server group real slb server 10 1 1 1 Done P333R LB 1 super rsg ser...

Страница 176: ...rect path from the router to the clients with Full NAT the traffic is forced to traverse the P333R LB for PIP client IP translation With Half NAT in such a scenario load balanced sessions would have f...

Страница 177: ...red as the default gateway of the Real Servers This conserves resources and bandwidth on the P333R LB that is tasked with balancing client requests The following configuration file is a result of conf...

Страница 178: ...n real slb server 10 1 1 2 direct server return real slb server 10 1 1 3 direct server return rsg server group type id slb 1 real slb server 10 1 1 1 real slb server 10 1 1 2 real slb server 10 1 1 3...

Страница 179: ...he UDP service is mapped to a group of servers which include the primary and secondary Real DNS Servers The TCP service is configured to include only the Real DNS server which has the primary role Com...

Страница 180: ...s the first n sessions where n is the Real Server weight The second Real Server receives the next n sessions and so on When all the servers receive at least one session the issuing process starts over...

Страница 181: ...w persistency is maintained even though a server becomes non operational Figure 14 13 MinMiss Hash Metric Persistency Sustained When Server 2 is removed from the group the list of available servers is...

Страница 182: ...on is periodically opened to every server checking for successful completion of the connection HTTP Server Checking Useful for web applications this method enables verifying HTTP server functioning by...

Страница 183: ...a script on the server Script Health Check enables you to build your own script to run on the Real Server and return a pre defined response You configure a complete and explicit request header as well...

Страница 184: ...be configured per an exact IP address or per a group of addresses For instance in cases where clients hide behind a NAT device which selects NAT addresses from an address block of 255 addresses enabli...

Страница 185: ...the P333R LB a Real Server can belong to multiple server groups as long as the groups are not running the same Virtual Service If the groups are running the same service e g HTTP port re mapping shou...

Страница 186: ...so known as Cache Redirection The AR feature can also be used for policy based source based routing For full details see Policy Based Routing Source Based Routing on page 57 Benefits By redirecting cl...

Страница 187: ...f needed but the packet still has the Web server s IP address as the destination IP address 3 If the cache has the required page the cache returns the page to the client with the destination IP addres...

Страница 188: ...ocal subnet of one of the P333R LB s local subnets 2 The clients must not reside on the cache s subnet or VLAN In order to configure the load balancer according to Figure 14 14 perform the following c...

Страница 189: ...Done P333R LB 1 configure real ar server 10 1 1 1 Done P333R LB 1 config rsrvr 10 1 1 1 exit P333R LB 1 configure real ar server 10 1 1 2 Done P333R LB 1 config rsrvr 10 1 1 2 exit P333R LB 1 configu...

Страница 190: ...ip vlan name v2 ip address 10 1 1 3 255 255 255 0 interface 2 ip vlan name Default ip address 10 2 2 3 255 255 255 0 interface 1 ip vlan name Default ip address 10 4 1 3 255 255 255 0 ip default gatew...

Страница 191: ...configured as non spoofing i e caches that use their IP address as the source address This is as opposed to Spoofing caches which are capable of retaining the characteristics of the incoming packet ev...

Страница 192: ...e id slb 1 real slb server 10 1 1 1 real slb server 10 1 1 2 rsg transparent proxy group type id ar 1 real ar server 10 1 1 1 real ar server 10 1 1 2 virtual server none transparent proxy server id 1...

Страница 193: ...et is routed to the Real Server since its IP address is now the Destination IP address and the cache sends the packet back to the client Traffic not destined to the proxy cache is sent with the Web Se...

Страница 194: ...The first Real Server in the group receives the first n sessions where n is the Real Server weight The second Real Server receives the next n sessions and so on When all the servers receive at least o...

Страница 195: ...ervers are redistributed to the list entries freed by the failing cache server Figure 14 17 illustrates how persistency is maintained even though a cache server becomes non operational Figure 14 17 Mi...

Страница 196: ...servers P333R LB supports the following health check methods ICMP Echo Each server is periodically pinged and checked if an answer was received TCP Port Checking A TCP connection is periodically open...

Страница 197: ...searches for the expected strings only in the first HTTP packet sent by the server as a response to the GET HEAD request If the string search fails use the show hc last response command to view the re...

Страница 198: ...ent load balancing schemes such as Hash or MinMiss Hash or by forcing persistent load balancing decisions on non persistent load balancing schemes such as Round Robin Decision forcing is performed by...

Страница 199: ...ad balancing metrics and persistency options provide you with the following flexibility Round Robin generally gives you the best load balancing solution MinMiss Hash with the key set to Source IP give...

Страница 200: ...Chapter 14 Load Balancing in the P333R LB 58 Avaya P333R LB User s Guide...

Страница 201: ...rt Mirroring Setting up port mirroring for ports in an Avaya P330 Switch Trap Managers Configuration Viewing and modifying the Trap Managers Table Switch Connected Addresses View devices connected to...

Страница 202: ...Note You should assign an IP address to the switch before beginning this procedure 1 Open your browser 2 Enter the url of the switch in the format http aaa bbb ccc ddd where aaa bbb ccc ddd is the IP...

Страница 203: ...Chapter 15 Embedded Web Manager Avaya P333R LB User s Guide 61 The welcome page is displayed Figure 15 1 The Welcome Page...

Страница 204: ...ava plug in installed the Web based manager should open in a new window see Figure 15 2 Figure 15 2 Web based Manager If you do not have the Java plug in installed follow the instructions on the Welco...

Страница 205: ...ons for installing it manually Installing from the Avaya P330 Documentation and Utilities CD 1 Close all unnecessary applications on your PC 2 Insert the Avaya P330 Documentation and Utilities CD into...

Страница 206: ...enables automatic installation of the Java plug in the first time the users tries to manage the device 1 Copy the emweb aux files directory from the Avaya P330 Documentation and Utilities CD to your...

Страница 207: ...Avaya AVAYA P333R LB SECTION 2 TROUBLESHOOTING AND MAINTAINING THE P330...

Страница 208: ......

Страница 209: ...the power cord If the cord is inserted correctly check that the AC power source is working by connecting a different device in place of the P3330 If that device works refer to the next step If that d...

Страница 210: ...16 Troubleshooting the Installation 68 Avaya P333R LB User s Guide Expansion module not inserted correctly Check that module are installed correctly Table 16 1 Troubleshooting Problem Cause Suggested...

Страница 211: ...late or other sub module if installed 2 Insert the sub module gently into the slot ensuring that the Printed Circuit Board PCB is aligned with the guide rails The PCB not the metal base plate fits int...

Страница 212: ...o the switch may remain on 2 Loosen the screws to the stacking sub module by turning the knobs 3 Take hold of the two knobs one near each side of the front panel and pull gently but firmly towards you...

Страница 213: ...i Service Network Manager Suite Obtain Software Online You can download the firmware and Embedded Web Manager from the Software Download section at www avaya com support Downloading Software Download...

Страница 214: ...embedded web image file from being downloaded into Bank A by providing a non existant file name for the Embedded Web image file preserves the old version in Bank A allows the user to boot from either...

Страница 215: ...ny 49 69 95307 680 Bahrain 800 610 Ghana 31 70 414 8044 Belgium 32 2 626 8420 Gibraltar 31 70 414 8013 Belorussia 31 70 414 8047 Greece 00800 3122 1288 Bosnia Herzegovina 31 70 414 8042 Hungary 06800...

Страница 216: ...414 8023 Tunisia 31 70 414 8069 Nigeria 31 70 414 8056 Turkey 800 4491 3919 Norway 47 235 001 00 UAE 31 70 414 8036 Oman 31 70 414 8057 Uganda 31 70 414 8061 Pakistan 31 70 414 8058 UK 44 0207 519500...

Страница 217: ...Hot Line 1 720 4449 998 Fax 1 720 444 9103 For updated information visit www avaya com support and click Global Support Organization GSO Indonesia 800 1 255 227 Philippines 1800 1888 7798 Japan 0 120...

Страница 218: ...User s Guide 2003 Avaya Inc All rights reserved All trademarks identified by the or TM are registered trademarks or trademarks respectively of Avaya Inc All other trademarks are the property of their...

Результаты поиска

Содержание P333R-LB

Отзывы:

Бренды по названию

Популярные бренды

Avaya P333R-LB, Руководство по установке и настройке

Результаты поиска

Содержание P333R-LB

Отзывы:

Бренды по названию

Популярные бренды