The Citrix NetScaler appliance is an amazingly flexible Application Delivery Controller (ADC). It is capable of both simple and very complex tasks, it determines for the eighth consecutive year in the Gartner Leaders Quadrant for ADC positioning: http://www.citrix.com/news/announcements/oct-2014/citrix-positioned-for-the-eighth-consecutive-year-in-the-leaders.html
Unlike many network devices of NetScaler 'floating' IP addresses, which means that each NetScaler own IP address can exit any NetScaler interface with the general standard 'vanilla' configuration instead.
This may actually be the desired configuration, but if it is necessary that ingress and egress traffic a specific interface on the NetScaler to ensure flows, this is easy by using layer-three ( L3) of the VLAN to be configured to bind IP subnets to specific interfaces. With configured L3 VLAN, all traffic for a particular network / subnet the desired interface determines are forced
. Note: VLAN layer are actually two constructs, but the term L3 VLAN is used to describe VLAN-IP subnet bonding occurs.
, how it all works?
By default, all interfaces are members of the native VLAN 1. Apart from this, specifically for RX and TX, there is to understand a few different rules
below shows the structure of a VLAN packet .:
Port-based VLANs
Let us add to NetScaler (VLAN 10) a new VLAN. This new VLAN is created with the following command: 'add vlan 10'
Then leave the slot 10/1 on the VLAN newly created natively bind 10th This is done with the following command: "bind
If natively bound vlan 10 -ifnum 10/1 '
, interface 10/1 is automatically removed from VLAN 1, the current native VLAN It is then added to VLAN. 10. If this configuration is implemented, the following rules, the following applies: 
Tagged VLAN
is a labeled VLAN add Let NetScaler (VLAN 30). This new VLAN is created with the following command: 'add vlan 30'
Then leave the slot 10/2 on the newly created VLAN 30 as tagged binding member This is accomplished with the following command:. "bind vlan 30 -ifnum 10/2 -labeled '
If VLAN 30 is attached as a tagged member of the interface 10/2, it is in VLAN 1 is held as a native member, but also on VLAN 30 is added as a tagged member. If this configuration is implemented the following rules then apply.
Summary
- An interface only (therefore also referred to as "port-based ') Native VLAN.
- arrive untagged packets to an interface, are believed to have arrived on the native VLAN.
- may be an interface part of any number of tagged VLANs.
- If an interface to a VLAN Nativ, his native VLAN change from the current to the new is bound.
- If an interface is bound to a specific VLAN as a tagged member, it is only to additional new VLAN as a tagged member of
an overview of the rules are as follows :.
the interface configuration TAGALL
the TAGALL configuration on the NetScaler is specific only to the interface. The following rules apply when the TAGALL use function:
Link Aggregation (LA)
Let us have a new link aggregation channel. This new LA-channel is created with the following command: "Add channel LA / 1 '
Then let us bind interfaces 01:10 and 10/2 in the newly created channel with the following command:" bind channel LA / 1 -ifnum 10/1 10/2 '
Then the following rules for the standard LA-channel applies:
link aggregation (LA) and VLANs
Let us create a new link aggregation channel (LA / 2). This new LA-channel is created with the following command: "Add channel LA / 2 '
Then let us bind interfaces 01:10 and 10/2 in the newly created channel with the following command: bind channel LA / 2 -ifnum 10/1 10/2 '(as previously referenced VLAN bonds of 01:10 and 10/2 are lost when they are part of a LA-channel - unless expressly as such is configured, as we see in the following example . be)
We can bind the new LA-channel to a new VLAN using the following commands 'add vlan 2' and then 'bind vlan 2 -ifnum LA / 2'
Notes:
- If we interfaces 10/1 and 10/2 (for example) from an LA channel (eg 'unbind channel LA / 1 -ifnum 10/1 10/2') and then remove the channel with unbind the following command: rm channel LA / 1 ', interfaces are then moved 10/1 and 10/2 back to VLAN 1 as a native members
- the NetScaler not the concept of the "trunk ports has ". Which by default accepts any VLAN IDs and accept only name Transport. , Further restrictions on the VLANs can accept by becoming the configuration of an "Allowed List" of VLAN IDs to a particular interface controlled
Other References:
As a NetScaler interface VLANs to associate an IP subnet: http://support.citrix.com/article/CTX136926
How restrict management access to a NetScaler appliance of a specific interface: http://support.citrix.com/article/CTX126038
0 Komentar