Catalyst 6500 Series Switch Content Switching Module with SSL (CSM-S) Installation and Configuration Note
Configuring VLANs
Download this chapter
Configuring VLANsConfiguring VLANs
give_us_feedback

Table Of Contents

Configuring VLANs

Configuring Client-Side VLANs

Configuring Server-Side VLANs


Configuring VLANs

This chapter describes how to configure VLANs on the CSM-S and contains these sections:

Configuring Client-Side VLANs

Configuring Server-Side VLANs

To configure VLANs on the SSL daughter card, see the "Configuring VLANs on the SSL Daughter Card" section on page 7-2.

When you install the CSM-S in a Catalyst 6500 series switch, you need to configure the client-side and server-side VLANs. (See Figure 4-1.)

Client-side or a server-side VLAN terminology logically distinguishes the VLANs facing the client-side and the VLANs connecting to the servers or destination devices. However, the CSM-S client and server VLANs function very similarly. For example, new connections can be received on a server VLAN and then be load-balanced to a client VLAN.

The differences between the client-side and server-side VLANs are as follows:

When configuring bridge mode, you cannot bridge two server VLANs or two client VLANs. You can only bridge a client and a server VLAN.

Denial of service (DoS) protection features are more aggressive on the client-side VLANs, especially when rate limiting control traffic is sent to the central processing unit.

Note You must configure VLANs on the Catalyst 6500 series switch before you configure VLANs for the CSM-S. The VLAN IDs must be the same for the switch and the module.

Note If you execute command show module csm x conn, the output shows an entry for VLAN 4095. You can ignore this VLAN, which the system creates for communication between the CSM and the SSL daughter card.

Figure 4-1 Configuring VLANs

Note The numbers in Figure 4-1 correspond to the numbers in the following operation.

1. The CSM-S does not perform a Layer 3 lookup to forward traffic; the CSM-S cannot respond to ICMP redirects.

2. You can configure up to 7 gateways per VLAN for up to 511 client and server VLANs and up to 224 gateways for the entire system. If an HSRP gateway is configured, the CSM-S uses 3 of the 224 gateway entries because traffic can come from the virtual and physical MAC addresses of the HSRP group. (See the "Configuring HSRP" section on page 9-5.) The fault-tolerant VLAN does not use an IP interface, so it does not apply toward the 512 VLAN limit.

Configuring Client-Side VLANs

To configure the client-side VLANs, perform this task:

Caution You cannot use VLAN 1 as a client-side or server-side VLAN for the CSM-S.

 
Command
Purpose

Step 1  

Router(config-module-csm)# vlan vlanid 
client

Configures the client-side VLANs and enters the client VLAN mode1 .

Step 2  

Router(config-slb-vlan-client)# ip 
active_ip_addr [netmask] [alt 
standby_ip_addr [netmask]]

Configures an IP address to the active CSM-S used by probes and ARP requests on this particular VLAN. When using redundant CSM-S modules, enter the alt keyword to specify an alternate IP address that is sent to the standby CSM-S.2

Step 3  

Router(config-slb-vlan-client)# description 
description

(Optional) Specifies a description for the VLAN. Limit the description to 80 characters.

Step 4  

Router(config-slb-vlan-client)# gateway 
ip-address

Configures the gateway IP address.

1 Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's-top level.

2 The no form of this command restores the defaults.

This example shows how to configure the CSM-S for the client-side VLANs: 

Router(config-module-csm)# vlan 130 client

Router(config-slb-vlan-client)# ip addr 123.44.50.6 255.255.255.0 alt 123.44.50.7 
255.255.255.0

Router(config-slb-vlan-client)# gateway 123.44.50.1

Router(config-slb-vlan-client)# exit

Configuring Server-Side VLANs

To configure the server-side VLANs, perform this task:

 
Command
Purpose

Step 1  

Router(config-module-csm)# vlan vlanid server

Configures the server-side VLANs and enters the server VLAN mode1 .

Step 2  

Router(config-slb-vlan-server)# ip 
active_ip_addr [netmask] [alt standby_ip_addr 
[netmask]]

Configures an IP address for the server VLAN. When using redundant CSM-S modules, enter the alt keyword to specify an alternate IP address that is sent to the standby CSM-S2 .

Step 3  

Router(config-slb-vlan-server)# description 
description

(Optional) Specifies a description for the VLAN. Limit the description to 80 characters.

Step 4  

Router(config-slb-vlan-server)# alias 
ip-address netmask

(Optional) Configures multiple IP addresses to the CSM-S as alternate gateways for the real server3 .

Step 5  

Router(config-slb-vlan-server)# route 
ip-address netmask gateway gw-ip-address

Configures a static route to reach the real servers if they are more than one Layer 3 hop away from the CSM-S.

Step 6  

Router # show module csm slot vlan [client | 
server | ft] [id vlan-id] [detail]

Displays the client-side and server-side VLAN configurations.

1 Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's-top level.

2 The no form of this command restores the defaults.

3 The alias is required in the redundant configuration. See Chapter 9, "Configuring Redundancy."

This example shows how to configure the CSM-S for the server-side VLANs: 

Router(config-module-csm)# vlan 150 server

Router(config-slb-vlan-server)# ip addr 123.46.50.6 255.255.255.0

Router(config-slb-vlan-server)# alias 123.60.7.6 255.255.255.0

Router(config-slb-vlan-server)# route 123.60.0.0 255.255.0.0 gateway 123.46.50.1

Router(config-slb-vlan-server)# exit