Nortel Networks WEB OS 212777 User Manual
Page 331
Web OS 10.0 Application Guide
Chapter 13: Firewall Load Balancing
n
331
212777-A, February 2002
Configure Connectivity for the Primary Dirty-Side Web Switch
1.
Configure VLANs on the primary dirty-side Web switch.
Two VLANs are required. VLAN 1 includes port 1, for the Internet connection. VLAN 2
includes port 2, for the firewall connection, and port 9, for the interswitch connection.
N
OTE
–
Port 1 is part of VLAN 1 by default and does not require manual configuration.
2.
Configure IP interfaces on the primary dirty-side Web switch.
Three IP interfaces (IF’s) are used. IF 1 is on placed on Subnet 1. IF 2 will be used for routing
traffic through the top firewall. IF 3 will be used for routing traffic through the lower firewall.
To avoid confusion, IF 2 and IF 3 will be used in the same way on all Web switches.
N
OTE
–
By configuring the IP interface mask prior to the IP address, the broadcast address is
automatically calculated. Also, only the first IP interface in a given subnet is given the full sub-
net range mask. Subsequent IP interfaces (such as IF 3) are given individual masks.
3.
Turn Spanning Tree Protocol (STP) off for the primary dirty-side Web switch.
>> # /cfg/vlan 2
>> # add 2
(Port 2 connects to the firewall)
>> # add 9
(Port 9 is the inter-switch connection)
>> # ena
>> # /cfg/ip/if 1
>> # mask 255.255.255.0
>> # addr 195.1.1.10
>> # ena
>> # ../if 2
>> # mask 255.255.255.0
>> # addr 10.10.2.1
>> # vlan 2
>> # ena
>> # ../if 3
>> # mask 255.255.255.255
>> # addr 10.10.2.2
>> # vlan 2
>> # ena
>> # /cfg/stp/off