[f-nsp] ServerIron XL, VLANs, DSR, Management...

Sun Jan 11 21:34:59 EST 2009

I am working on getting our ServerIron XL setup to support multiple VLANs w/ DSR. Everything works with the configuration posted below but does not give me access to the management IP unless I supply another untagged port access to my management network. I find it hard to believe the management IP cannot be accessed via a VLAN that is provided on the tagged port. I tried both using the default-vlan and non-defualt-vlan. The management network is on VLAN ID 1.

ver 07.4.01T12
global-protocol-vlan
!
!
server source-ip 10.0.0.11 255.255.255.0 10.0.0.1
server source-ip 10.1.0.11 255.255.255.0 10.1.0.1
!
!
!
!
server real server-1 10.0.0.190
 port http
 port http url "HEAD /"
 port ssl
!
server real server-2 10.0.0.191
 port http
 port http url "HEAD /"
 port ssl
!
server real server-3 10.1.0.190
 port http
 port http url "HEAD /"
 port ssl
!
server real server-4 10.1.0.191
 port http
 port http url "HEAD /"
 port ssl
!
server virtual vserver-1 10.0.0.163
 sym-priority 254
 predictor least-conn
 port ssl
 no port ssl sticky
 port ssl dsr
 port http
 port http dsr
 bind ssl server-1 ssl server-2 ssl
 bind http server-1 http server-2 http
!
server virtual vserver-2 11.0.0.163
 sym-priority 254
 predictor least-conn
 port ssl
 no port ssl sticky
 port ssl dsr
 port http
 port http dsr
 bind ssl server-3 ssl server-4 ssl
 bind http server-3 http server-4 http
!
!
vlan 200 name DEFAULT-VLAN by port
!
vlan 4 by port
 tagged ethe 1
 ip-subnet 10.0.0.0 255.255.255.0
!
vlan 2 by port
 tagged ethe 1
 ip-subnet 10.1.0.0 255.255.255.0
!
vlan 1 by port
 tagged ethe 1
 ip-subnet 10.2.0.0 255.255.255.0
!
default-vlan-id 200
ip address 10.2.0.22 255.255.255.0
ip default-gateway 10.2.0.1

Cal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20090112/61adbc49/attachment.html>