Cisco catalyst 6500 series Configuration Note page 148
Content switching module
Hide thumbs
Also See for catalyst 6500 series:
- Software configuration manual (570 pages) ,
- Configuration manual (392 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Configuring Regular Firewall Load Balancing
1.
FORWARD-SF is actually a route forwarding policy, not an actual server farm, that allows traffic to reach the Internet
(through VLAN 100); it does not contain any real servers.
2.
This is a required step when configuring a server farm that contains a forwarding policy rather than real servers.
3.
INSEC-SF contains (Firewall 1 and Firewall 2); their insecure-side IP addresses are configured as real servers in this server
farm.
4.
This is a required step when configuring a server farm that contains firewalls.
5.
We recommend this step when configuring insecure-side firewall interfaces in a server farm.
Configuring Virtual Servers on CSM A
To configure two virtual servers on CSM A, perform this task:
Command
Step 1
Switch-A(config)# module csm 5
Step 2
Switch-A(config-module-csm)# vserver
FORWARD-VS
Step 3
Switch-A(config-slb-vserver)# virtual
0.0.0.0 0.0.0.0 any
Step 4
Switch-A(config-slb-vserver))# vlan 101
Step 5
Switch-A(config-slb-vserver)# serverfarm
FORWARD-SF
Step 6
Switch-A(config-slb-vserver)# inservice
Step 7
Switch-A(config-slb-vserver)# exit
Step 8
Switch-A(config-module-csm)# vserver
INSEC-VS
Step 9
Switch-A(config-slb-vserver)# virtual
200.0.0.0 255.255.255.0 any
Step 10
Switch-A(config-slb-vserver))# vlan 100
Step 11
Switch-A(config-slb-vserver)# serverfarm
INSEC-SF
Step 12
Switch-A(config-slb-vserver)# inservice
1.
FORWARD-VS allows Internet traffic to reach the insecure side of the firewalls (through VLAN 101).
2.
Client matching is only limited by VLAN restrictions. (See Step 4.)
3.
This server farm is actually a forwarding predictor rather than an actual server farm containing real servers.
4.
INSEC-VS allows traffic from the Internet to reach CSM A (through VLAN 101).
5.
Clients reach the server farm represented by this virtual server through this address.
6.
The server farm contains firewalls rather than real servers.
Catalyst 6500 Series Content Switching Module Configuration Note
11-20
Chapter 11
Configuring Firewall Load Balancing
Purpose
Enters multiple module configuration mode and
specifies that the CSM A is installed in slot 5.
1
Specifies FORWARD-VS
is being configured and enters virtual server
configuration mode.
Specifies a match for any IP address and any
2
protocol
.
Specifies that the virtual server will only accept
traffic arriving on VLAN 101, which is traffic
arriving from the insecure side of the firewalls.
Specifies the server farm for this virtual server
Enables the virtual server.
Returns to multiple module configuration mode.
4
Specifies INSEC-VS
as the virtual server that is
being configured and enters virtual server
configuration mode.
Specifies the IP address, netmask, and protocol (any)
5
for this virtual server
.
Specifies that the virtual server will only accept
traffic arriving on VLAN 100, which is traffic
arriving from the Internet.
Specifies the server farm for this virtual server
Enables the virtual server.
as the virtual server that
3
.
6
.
OL-4612-01
Advertisement
Table of Contents
Related Manuals for Cisco catalyst 6500 series
Related Products for Cisco catalyst 6500 series
- Cisco 6503 - Catalyst Firewall Security Sys
- Cisco 6503-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6504-E - Catalyst Chassis With Supervisor Engine 32 Switch
- Cisco 6506 - Catalyst Chassis Switch
- Cisco 6513 - Catalyst Switch
- Cisco Catalyst 6509
- Cisco Catalyst 6513-E
- Cisco Catalyst 6500-E Series