how to configure link aggregation groups on ipso · how to configure link aggregation groups on...
TRANSCRIPT
6 May 2012
How To Configure Link Aggregation Groups on
IPSO
© 2012 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.
Important Information Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.
Latest Documentation
The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=16621
For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com).
Revision History
Date Description
5/6/2012 First release of this document
Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments (mailto:[email protected]?subject=Feedback on How To Configure Link Aggregation Groups on IPSO ).
Contents
Important Information ............................................................................................. 3 How To Configure Link Aggregation Groups on IPSO ......................................... 5 Objective ................................................................................................................. 5
Supported Versions ............................................................................................. 5 Supported Operating Systems ............................................................................. 5 Supported Appliances ......................................................................................... 5
Before You Start ..................................................................................................... 5 Related Documentation and Assumed Knowledge .............................................. 5
Configuring Link Aggregation Groups on IPSO ................................................... 5 Verifying the Procedure........................................................................................ 10 Index ...................................................................................................................... 13
How To Configure Link Aggregation Groups on IPSO
How To Configure Link Aggregation Groups on IPSO | 5
How To Configure Link Aggregation Groups on IPSO
Objective This document explains how to set up a Link Aggregation Group in IPSO 6.2MR2.
Supported Versions Any
Supported Operating Systems IPSO 4.X
IPSO 6.x
Supported Appliances This document is related to the IP Appliances
Before You Start
Related Documentation and Assumed Knowledge Voyager Referenced Guide for IPSO 4.X/6.X (http://dl3.checkpoint.com/paid/02/IPSO_6.2_Voyager_Reference_Guide.pdf?HashKey=1332171012_cb5267025c663f3ec5d138df19da5168&xtn=.pdf)
Configuring Link Aggregation Groups on IPSO
1. Login to Voyager.
2. From the tree view, under Interface Configuration, select Interfaces.
3. Make sure that the interfaces you wish to use do not have any configuration attached to them. For example (in the image below): eth-s1p3 and eth-s1p4 are to be used.
Configuring Link Aggregation Groups on IPSO
How To Configure Link Aggregation Groups on IPSO | 6
4. Make sure that the physical properties of both interfaces are identical and set to maximum speed and duplex.
5. From the tree view, select Link Aggregation.
6. In the New Group ID field, enter a new Link Aggregation Group ID number of your choice. For example
(in the image below): 100
7. Click Apply > Save. The 100 Link Aggregation Group appears below Existing link Aggregation Groups.
8. You can add interfaces to the group. To add interfaces:
a) In Aggregated Port, from the Add Port dropdown list, select a port.
b) Click Apply > Save.
Configuring Link Aggregation Groups on IPSO
How To Configure Link Aggregation Groups on IPSO | 7
9. In Minimum Active Ports, enter the minimum amount of interfaces that need to be active for the Link Aggregation Group to be up (for a green dot to appear under Up). This prevents from one port failure to trigger a VRRP failover. The Link Aggregation Group remains active with another port.
10. To access the physical properties of the Link Aggregation group, in Interface, click the ae<ID> link. The physical properties of the Link Aggregation group opens.
11. To change settings here (if required), base the adjustment on the In Line Help page in Voyager for L2, L3, L4 settings.
Note - It is recommended to leave LACP off at this time because it is not needed for static configurations. LACP is beyond the scope of this document.
12. To configure VLANs (optional):
a) In the Create New VLAN field, enter the VLAN number.
b) Click Apply. The VLAN Configuration window opens.
c) Apply a logical IP address to your newly configured VLAN.
Configuring Link Aggregation Groups on IPSO
How To Configure Link Aggregation Groups on IPSO | 8
13. To configure the Logical IP address for the Link Aggregation group, click the ae<ID>c0 link. The Logical Configuration window opens.
14. To add a logical IP address for this Link Aggregation group:
a) In Add New Address, in the New IP Address field, enter the IP address.
b) In the New Mask Length field, enter the mask length. For example (in the image below): New
Address: 172.26.252.21 New Mask Length: 24 as the IP address of the user.
c) In Logical Configuration, select Activate.
Configuring Link Aggregation Groups on IPSO
How To Configure Link Aggregation Groups on IPSO | 9
d) Click Apply > Save.
15. To view your newly created Link Aggregation group, return to Interfaces. Link Aggregation groups are designated as ae<ID>c0 interface.
Verifying the Procedure
How To Configure Link Aggregation Groups on IPSO | 10
To Configure the Corresponding Switch Ports for the Link Aggregation Group:
This procedure uses a Cisco 2960G IOS Catalyst switch as an example for a corresponding device. Cisco generally supports Ether channel:
1. From the Cisco device command line, configure the Port channel (in this example, Port channel 1).
2. From the Cisco device command line, configure the Ports that participate in the Port Channel Group (in this example, Interface 0/4 and 0/5).
Cat2950#show run Building configuration...
version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Cat2950 ! ip subnet-zero ! interface Port-channel1 switchport mode trunk ! interface FastEthernet0/1 ! interface FastEthernet0/2 switchport mode trunk
!--- Configured port to be in trunking mode.
channel-group 1 mode on
!--- Configured port to participate in PAgP-negotiated port channel 1. This is optional to your configuration. Please review the options and how they will affect your configuration
! interface FastEthernet0/3
!--- Repeated trunk and channel configuration.
switchport mode trunk channel-group 1 mode on ! interface FastEthernet0/4
!--- Repeated trunk and channel configuration.
switchport mode trunk channel-group 1 mode desirable ! interface FastEthernet0/5
!--- Repeated trunk and channel configuration for each interface that will participate in the LAG group.
! interface FastEthernet0/25 ! interface FastEthernet0/26 ! interface VLAN1 ip address 10.10.10.1 255.255.255.0 no ip route-cache
Verifying the Procedure Ports that are members of the Link Aggregation group on the Check Point appliance must be connected
to ports 0/4 and 0/5 (in this example) on the switch. Verify on the switch that the Port Channel is up with:
Show int po1
Verifying the Procedure
How To Configure Link Aggregation Groups on IPSO | 11
Show int fa0/3
Show int fa0/4
In Voyager, verify that the Link Aggregation interface is green.
Index B
Before You Start • 5
C
Configuring Link Aggregation Groups on IPSO • 5
H
How To Configure Link Aggregation Groups on IPSO • 5
I
Important Information • 3
O
Objective • 5
R
Related Documentation and Assumed Knowledge • 5
S
Supported Appliances • 5 Supported Operating Systems • 5 Supported Versions • 5
V
Verifying the Procedure • 10