Product: WXC WAN Accleration
Version: Any
Network Topology:
The diagram notes the before and after network logical diagram for the site. The before scenario shows the standard active/passive cluster connecting to both the internal and external vlan segments. The after diagram inserts the WXC device between the cluster devices and the local LAN in a way that insures all traffic remains in-line.
Description:
When using the WXC WAN Acceleration in-line mode all traffic from the site must go through the WXC device as a bridge in the local network. The remote jack on the WXC is towards the WAN side of the site and the local jack is connected to the LAN site of the site.
When an active/passive cluster is the router or firewall connection to the WAN the WXC cannot be directly inserted into the line between the local router/firewall interface and the LAN any longer. There are two router/firewalls and either of them could be the active device at any given time.
This design creates an additional local vlan that is used as an isolation vlan between the WAN and the local LAN. All LAN traffic must pass through the WXC device local port. When it comes out of the remote port the traffic can successfully enter either of the two clustered router/firewalls depending on which is currently active on the shared ip address for the LAN. This design requires two additional ports on the local switch to add the WXC device into the system. An additional vlan is created for the isolation between WAN and LAN. And the port memberships in vlans are adjusted to achieve the correct traffic flow.
Configuration:
VLAN Configuration
- Assign the WXC local and remote ports to available access ports on the switch
- Add the WXC local port as a member of the LAN vlan
- Create the isolation vlan on the switch
- Add the WXC remote port to the isolation vlan
- Change the port membership of the LAN ports on both router/firewalls from the LAN vlan to the isolation vlan
Reminders
- WXC interfaces should be configured without auto-negociation whenever possible
- All router/firewall interfaces should likewise be manually set to a full-duplex setting with the local equipment
Verification:
Log into the web interface on the WXC
Menu: Device Setup – Interfaces
“Test Settings” button
Select “remote” and the ip address of shared LAN ip of the active/passive cluster
submit
The interface test will confirm the remote port is correctly connected to LAN on the firewall Repeat with an ip address active on the LAN for the “local” port.
Originally Posted October 24, 2010
Last Revised on November 27, 2010