Amer Networks E5Web GUI User Manual

Transparent Mode with VLANs

If transparent mode is being set up for all hosts and users on a VLAN then the technique
described above of using multiple routing tables also applies. A dedicated routing table should
be defined for each VLAN ID and switch routes should then be defined in that routing table
which refer to the VLAN interfaces. The reason for doing this is to restrict the ARP requests to the
interfaces on which the VLAN is defined.

To better explain this, let us consider a VLAN vlan5 which is defined on two physical interfaces
called if1 and if2. Both physical interfaces have switch routes defined so they operate in
transparent mode. Two VLAN interfaces with the same VLAN ID are defined on the two physical
interfaces and they are called vlan5_if1 and vlan5_if2.

For the VLAN to operate in transparent mode we create a routing table with the ordering set to
only and which contains the following 2 switch routes:

Network

Interface

all-nets

vlan5_if1

all-nets

vlan5_if2

Instead of creating individual entries, an interface group could be used in the above routing
table.

No other non-switched routes should be in this routing table because traffic that follows such
routes will be tagged incorrectly with the VLAN ID.

Finally, we must associate the created routing table with its VLAN interface by using the option
to make each VLAN interface a member of a specific routing table.

Enabling Transparent Mode Directly on Interfaces

The recommended way to enable transparent mode is to add switch routes, as described above.
An alternative method is to enable transparent mode directly on an interface (a check box for
this is provided in the graphical user interfaces). When enabled in this way, default switch routes
are automatically added to the routing table for the interface and any corresponding non-switch
routes are automatically removed. This method is used in the detailed examples given later.

High Availability and Transparent Mode

Switch Routes cannot be used with High Availability and therefore true transparent mode cannot
be implemented with a cOS Core High Availability Cluster.

Instead of Switch Routes the solution in a High Availability setup is to use Proxy ARP to separate
two networks. This is described further in Section 4.2.6, “Proxy ARP”. The key disadvantage with
this approach is that firstly, clients will not be able to roam between cOS Core interfaces,
retaining the same IP address. Secondly, and more importantly, their network routes will need to
be manually configured for proxy ARP.

Transparent Mode with DHCP

In most transparent mode scenarios, the IP address of users is predefined and fixed and is not
dynamically fetched using DHCP. It is a key advantage of using transparent mode that users can
plug in anywhere and cOS Core can route traffic correctly after determining their location and IP
address from ARP exchanges.

However in some transparent mode scenarios, user IP addresses might be allocated by a DHCP
server. For example, it may be an ISP's DHCP server that hands out public IPv4 addresses to

Chapter 4: Routing

344