11-20
Catalyst 6500 Series Content Switching Module Configuration Note
OL-4612-01
Chapter 11 Configuring Firewall Load Balancing
Configuring Regular Firewall Load Balancing
Configuring Virtual Servers on CSM A
To configure two virtual servers on CSM A, perform this task:
1. FORWARD-SF is actually a route forwarding policy, not an actual server farm, that allows traffic to reach the Internet
(through VLAN 100); it does not contain any real servers.
2. This is a required step when configuring a server farm that contains a forwarding policy rather than real servers.
3. INSEC-SF contains (Firewall 1 and Firewall 2); their insecure-side IP addresses are configured as real servers in this server
farm.
4. This is a required step when configuring a server farm that contains firewalls.
5. We recommend this step when configuring insecure-side firewall interfaces in a server farm.
Command Purpose
Step 1
Switch-A(config)# module csm 5
Enters multiple module configuration mode and
specifies that the CSM A is installed in slot 5.
Step 2
Switch-A(config-module-csm)# vserver
FORWARD-VS
Specifies FORWARD-VS
1
as the virtual server that
is being configured and enters virtual server
configuration mode.
1. FORWARD-VS allows Internet traffic to reach the insecure side of the firewalls (through VLAN 101).
Step 3
Switch-A(config-slb-vserver)# virtual
0.0.0.0 0.0.0.0 any
Specifies a match for any IP address and any
protocol
2
.
2. Client matching is only limited by VLAN restrictions. (See Step 4.)
Step 4
Switch-A(config-slb-vserver))# vlan 101
Specifies that the virtual server will only accept
traffic arriving on VLAN 101, which is traffic
arriving from the insecure side of the firewalls.
Step 5
Switch-A(config-slb-vserver)# serverfarm
FORWARD-SF
Specifies the server farm for this virtual server
3
.
3. This server farm is actually a forwarding predictor rather than an actual server farm containing real servers.
Step 6
Switch-A(config-slb-vserver)# inservice
Enables the virtual server.
Step 7
Switch-A(config-slb-vserver)# exit
Returns to multiple module configuration mode.
Step 8
Switch-A(config-module-csm)# vserver
INSEC-VS
Specifies INSEC-VS
4
as the virtual server that is
being configured and enters virtual server
configuration mode.
4. INSEC-VS allows traffic from the Internet to reach CSM A (through VLAN 101).
Step 9
Switch-A(config-slb-vserver)# virtual
200.0.0.0 255.255.255.0 any
Specifies the IP address, netmask, and protocol (any)
for this virtual server
5
.
5. Clients reach the server farm represented by this virtual server through this address.
Step 10
Switch-A(config-slb-vserver))# vlan 100
Specifies that the virtual server will only accept
traffic arriving on VLAN 100, which is traffic
arriving from the Internet.
Step 11
Switch-A(config-slb-vserver)# serverfarm
INSEC-SF
Specifies the server farm for this virtual server
6
.
6. The server farm contains firewalls rather than real servers.
Step 12
Switch-A(config-slb-vserver)# inservice
Enables the virtual server.
To Next Page
Loading...
