This example shows how to create an SLB-L2 dual-switch configuration. Repeat steps 1 through 3 on each switch.
SEFOS# configure terminal SEFOS(config)# interface extreme-ethernet 0/1 SEFOS(config-if)# shutdown SEFOS(config-if)# exit SEFOS(config)# interface range extreme-ethernet 0/15-18 SEFOS(config-if-range)# shutdown SEFOS(config-if-range)# exit
SEFOS(config)# set gvrp disable SEFOS(config)# set gmrp disable
SEFOS(config)# slb l2 1 extreme-ethernet 0/15-18 SEFOS(config-if-range)# exit
SEFOS# show slb l2 L2 SLB Group #1 Failover Method: Failover to Standby Port(s) first, then All Ports Port Members: Port State Comments ==== ===== ================= 15 IDLE 16 IDLE 17 IDLE 18 IDLE
The same output will appear from group 2 after you run these commands on switch 2.
All ports are in idle state because the interface ports 15 through 18 are still disabled.
SEFOS(config)# slb l2 failover-method 1 prefer-standby
To get forward and reverse traffic to be hashed to the same node (referred to as hash symmetry), you must choose a policy that includes the sym option. Use either of the following methods to maintain hash symmetry.
This example includes both source and destination IP addresses for hashing in a symmetrical manner. The same hash results even if the source and destination IP addresses are swapped.
SEFOS(config)# slb l2 policy src-ip dest-ip sym
Alternatively, you could maintain hash symmetry while using only the src-ip field on switch A and the dest-ip field on switch B.
On switch A, type.
SEFOS(config)# slb l2 policy src-ip sym
On switch B, type.
SEFOS(config)# slb l2 policy dest-ip sym
To set up the bump-in-the-wire configuration, you must use a VLAN tag to identify ingress and egress traffic ports. This example associates the LBG and the ingress/egress port with VLAN 2. The following steps set up VLAN membership for the ports that participate in the LBG and also set up the switch to insert the VLAN tag to outgoing packets from port 15-18.
SEFOS(config)# vlan 2 SEFOS(config-vlan)# port extreme-ethernet 0/15-18 SEFOS(config-if-range)# exit
SEFOS(config)# interface extreme-ethernet 0/1 SEFOS(config-if)# switchport access vlan 2 SEFOS(config-if)# exit
SEFOS# show vlan
Vlan database
-------------
Vlan ID : 1
Member Ports : Ex0/2, Ex0/3, Ex0/4, Ex0/5, Ex0/6, Ex0/7
Ex0/8, Ex0/9, Ex0/10, Ex0/11, Ex0/12, Ex0/13
Ex0/14, Ex0/15, Ex0/16, Ex0/17, Ex0/18, Ex0/19
Ex0/20, Ex0/21, Ex0/22, Ex0/23, Ex0/24
Untagged Ports : Ex0/2, Ex0/3, Ex0/4, Ex0/5, Ex0/6, Ex0/7
Ex0/8, Ex0/9, Ex0/10, Ex0/11, Ex0/12, Ex0/13
Ex0/14, Ex0/15, Ex0/16, Ex0/17, Ex0/18, Ex0/19
Ex0/20, Ex0/21, Ex0/22, Ex0/23, Ex0/24
Forbidden Ports : None
Name :
Status : Permanent
-------------
Vlan ID : 2
Member Ports : Ex0/1, Ex0/15, Ex0/16, Ex0/17, Ex0/18
Untagged Ports : Ex0/1
Forbidden Ports : None
Name :
Status : Permanent
----------------------------------------------------
In this example, all packets with a source IP address of 1.2.3.4 are redirected to LBG group 1, which was set up in the preceding steps. All other packets will be denied access by the ingress port.
SEFOS(config)# ip access-list extended 20 SEFOS(config-ext-nacl)# permit ip any any loadbalance 1 SEFOS(config-ext-nacl)# exit SEFOS(config)# interface extreme-ethernet 0/1 SEFOS(config-if)# ip access-list 20 in SEFOS(config-if)# exit
All packets arriving the switch ports from the servers within the LBG need to be steered to the egress port. In this example, the processed packets are steered from the servers back to same switch port used as the ingress port.
SEFOS(config)# mac access-list extended 21 SEFOS(config-ext-macl)# permit any any vlan 2 redirectport extreme-ethernet 0/1 SEFOS(config-ext-macl)# exit SEFOS(config)# mac access-list extended 91 SEFOS(config-ext-macl)# deny any any SEFOS(config-ext-macl)# exit SEFOS(config)# interface range extreme-ethernet 0/15-18 SEFOS(config-if-range)# mac access-list 21 in SEFOS(config-if-range)# mac access-list 91 in SEFOS(config-if-range)# end
SEFOS# show access-list Extended IP Access List 20 ----------------------------- Filter Priority : 1 Filter Protocol Type : ANY IP address Type : IPV4 Source IP address : 0.0.0.0 Source IP address mask : 0.0.0.0 Source IP Prefix Length : 0 Destination IP address : 0.0.0.0 Destination IP address mask : 0.0.0.0 Destination IP Prefix Length : 0 Flow Identifier : 0 In Port List : Ex0/1 Out Port List : NIL Filter TOS : NIL Filter DSCP : NIL Filter Action : Load balance to Group 1 Status : Active Extended IP Access List 90 ----------------------------- Filter Priority : 1 Filter Protocol Type : ANY IP address Type : IPV4 Source IP address : 0.0.0.0 Source IP address mask : 0.0.0.0 Source IP Prefix Length : 0 Destination IP address : 0.0.0.0 Destination IP address mask : 0.0.0.0 Destination IP Prefix Length : 0 Flow Identifier : 0 In Port List : Ex0/1 Out Port List : NIL Filter TOS : NIL Filter DSCP : NIL Filter Action : Deny Status : Active MAC ACCESS LISTS ----------------- Extended MAC Access List 21 ----------------------------- Filter Priority : 1 Ether Type : 0 Protocol Type : 0 Vlan Id : 2 User-Priority : 0 Destination MAC Address : 00:00:00:00:00:00 Source MAC Address : 00:00:00:00:00:00 In Port List : Ex0/15 , Ex0/16 , Ex0/17 , Ex0/18 Filter Action : Redirect to Port 1 Status : Active Extended MAC Access List 91 ----------------------------- Filter Priority : 1 Ether Type : 0 Protocol Type : 0 Vlan Id : 0 User-Priority : 0 Destination MAC Address : 00:00:00:00:00:00 Source MAC Address : 00:00:00:00:00:00 In Port List : Ex0/15 , Ex0/16 , Ex0/17 , Ex0/18 Filter Action : Deny Status : Active
SEFOS(config)# interface range extreme-ethernet 0/15-18 SEFOS(config-if-range)# no shutdown SEFOS(config-if-range)# exit SEFOS(config)# interface extreme-ethernet 0/1 SEFOS(config-if)# no shutdown SEFOS(config-if)# end
SEFOS# show slb l2 L2 SLB Group #1 Failover Method: Failover to Standby Port(s) first, then All Ports Port Members: Port State Comments ==== ===== ================= 15 ACTIVE 16 ACTIVE 17 ACTIVE 18 ACTIVE
It might take up to 30 seconds for the port status to show. If executing the slb show command does not show the port status, try again in intervals of a few seconds until the status displays. If no status appears after 30 seconds, ensure that you have correctly completed the preceding steps.
For information about the status of a server member, see Conditions for a Member Participating in Load Distribution.
SEFOS# write startup-config