Table Of Contents
Configuring VLANs
This chapter describes how to configure VLANs on the CSM-S and contains these sections:
•Configuring Client-Side VLANs
•Configuring Server-Side VLANs
To configure VLANs on the SSL daughter card, see the "Configuring VLANs on the SSL Daughter Card" section.
When you install the CSM-S in a Catalyst 6500 series switch, you need to configure the client-side and server-side VLANs. (See Figure 4-1.)
Client-side or a server-side VLAN terminology logically distinguishes the VLANs facing the client-side and the VLANs connecting to the servers or destination devices. However, the CSM-S client and server VLANs function very similarly. For example, new connections can be received on a server VLAN and then be load-balanced to a client VLAN.
The differences between the client-side and server-side VLANs are as follows:
•When configuring bridge mode, you cannot bridge two server VLANs or two client VLANs. You can only bridge a client and a server VLAN.
•Denial of service (DoS) protection features are more aggressive on the client-side VLANs, especially when rate limiting control traffic is sent to the central processing unit.
Note You must configure VLANs on the Catalyst 6500 series switch before you configure VLANs for the CSM-S. The VLAN IDs must be the same for the switch and the module.
Figure 4-1 Configuring VLANs
Note The numbers in Figure 4-1 correspond to the numbers in the following operation.
1. The CSM-S does not perform a Layer 3 lookup to forward traffic; the CSM-S cannot respond to ICMP redirects.
2. You can configure up to 7 gateways per VLAN for up to 511 client and server VLANs and up to 224 gateways for the entire system. If an HSRP gateway is configured, the CSM-S uses 3 of the 224 gateway entries because traffic can come from the virtual and physical MAC addresses of the HSRP group. The fault-tolerant VLAN does not use an IP interface, so it does not apply toward the 512 VLAN limit.
Configuring Client-Side VLANs
To configure the client-side VLANs, perform this task:
Caution You cannot use VLAN 1 as a client-side or server-side VLAN for the CSM-S.
Command PurposeStep 1
Router(config-module-csm)# vlan vlanid clientConfigures the client-side VLANs and enters the client VLAN mode1 .
Step 2
Router(config-slb-vlan-client)# ip ip-address netmaskConfigures an IP address to the CSM-S used by probes and ARP requests on this particular VLAN2 .
Step 3
Router(config-slb-vlan-client)# gateway ip-addressConfigures the gateway IP address.
1 Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's-top level.
2 The no form of this command restores the defaults.
This example shows how to configure the CSM-S for the client-side VLANs:
Router(config-module-csm)# vlan 130 clientRouter(config-slb-vlan-client)# ip addr 123.44.50.6 255.255.255.0Router(config-slb-vlan-client)# gateway 123.44.50.1Router(config-slb-vlan-client)# exitRouter# show module csm vlan 1Configuring Server-Side VLANs
To configure the server-side VLANs, perform this task:
Command PurposeStep 1
Router(config-module-csm)# vlan vlanid serverConfigures the server-side VLANs and enters the server VLAN mode1 .
Step 2
Router(config-slb-vlan-server)# ip ip-address netmaskConfigures an IP address for the server VLAN2 .
Step 3
Router(config-slb-vlan-server)# alias ip-address netmask(Optional) Configures multiple IP addresses to the CSM-S as alternate gateways for the real server3 .
Step 4
Router(config-slb-vlan-server)# route ip-address netmask gateway gw-ip-addressConfigures a static route to reach the real servers if they are more than one Layer 3 hop away from the CSM-S.
Step 5
Router # show module csm slot vlan [client | server | ft] [id vlan-id] [detail]Displays the client-side and server-side VLAN configurations.
1 Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's-top level.
2 The no form of this command restores the defaults.
3 The alias is required in the redundant configuration. See "Configuring Redundancy."
This example shows how to configure the CSM-S for the server-side VLANs:
Router(config-module-csm)# vlan 150 serverRouter(config-slb-vlan-server)# ip addr 123.46.50.6 255.255.255.0Router(config-slb-vlan-server)# alias 123.60.7.6 255.255.255.0Router(config-slb-vlan-server)# route 123.50.0.0 255.255.0.0 gateway 123.44.50.1Router(config-slb-vlan-server)# exit