News: This forum is now permanently frozen.
Pages: [1]
Topic: Trunking  (Read 3430 times)
« on: March 04, 2013, 22:23:49 »
terrano74 *
Posts: 8

Hello,
I have an appliance with 6 gigabit-ports and search for an option to trunk 2 or 3 port for one interface. Since many of today's appliances have more ports than needed, trunking would be a very useful feature.
My second request would be to bind the management-ip hard on one interface. So that, for example, the administration is only possible from the LAN interface and not from OPTx.
Thanks
Terrano74
« Reply #1 on: March 05, 2013, 00:46:00 »
Fred Grayson *****
Posts: 994

Should't it be possible to prevent access to the administrative interface from OPTx interfaces with the appropriate firewall rules?

--
Google is your friend and Bob's your uncle.
« Reply #2 on: March 05, 2013, 18:11:23 »
Lennart Grahl ***
Posts: 153

I agree that bonding (trunking, link aggregation, ...) would be useful.

Should't it be possible to prevent access to the administrative interface from OPTx interfaces with the appropriate firewall rules?

Yep.
« Reply #3 on: May 03, 2013, 22:40:28 »
Lee Sharp *****
Posts: 517

I have an appliance with 6 gigabit-ports and search for an option to trunk 2 or 3 port for one interface. Since many of today's appliances have more ports than needed, trunking would be a very useful feature.
Back to the first question, this is not as easy as you think...

If you have LAC on two interfaces, now what?  It has to go somewhere, and that means LAC on two other interfaces.  Now to use that you have to push 2 gig (less overhead) on two different virtual interfaces.  (Total 4 gig of traffic)  How fast do you think your system buss is in that appliance?  There is a reason for Layer 3 Switches...  It is because full routing and firewall functions take system power, and to "route" 2-10 gig traffic, you really need switching fabric over a powerful backplane.

So, until we have a new bus standard (by which time 10g nics will be standard) this will not really be possible.
« Reply #4 on: October 29, 2013, 16:33:24 »
terrano74 *
Posts: 8

My intention was not expanding the bandwidth but rather the availability in case of portfailure by the appliance or the switch.
Thanks
Terrano74
« Reply #5 on: November 07, 2013, 01:10:56 »
Lee Sharp *****
Posts: 517

My second request would be to bind the management-ip hard on one interface. So that, for example, the administration is only possible from the LAN interface and not from OPTx.
Thanks
Terrano74
Skipping the LACP request as that is a pandoras box...

But default it is already set up this way.  You only have the "Let me in no matter what" rule on the LAN interface, and no pass rules at all on other interfaces.  However, when you copied that default outbound rule from LAN to Opt1, you gave Opt1 access to the config pages.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines