Depending on your deployment and configuration choices, the Ethernet ports on the NIOS appliance perform different functions. The Ethernet ports that handle traffic on the NIOS appliance are as follows:
- LAN1 port – A 10/100/1000-Mbps gigabit Ethernet port that connects the appliance to the network. This is the default port for single independent appliances, single Grid members, and passive nodes in HA pairs. You must use the LAN1 port to set up the appliance initially. It handles traffic for all management services if you do not enable the MGMT and LAN2 ports. The passive node in an HA pair uses this port to synchronize the database with the active node.
- LAN2 port – A 10/100/1000-Mbps gigabit Ethernet port that connects the appliance to the network. The LAN2 port is not enabled by default. You can enable the LAN2 port and define its use through the GUI after the initial setup. By default, the appliance uses the LAN1 port (and HA port when deployed in an HA pair). To enable and configure the LAN2 port, you must have read/write permission to the Grid member on which you want to enable the port. The LAN2 port is available on the TE-810, TE-820, TE-1410, TE-1420, TE-2210, TE-2220, and IB-4010 appliances. For information about how to use the LAN2 port, see see Using the LAN2 Port.
- HA port – A 10/100/1000-Mbps gigabit Ethernet port through which the active node in an HA (high availability) pair connects to the network using a VIP (virtual IP) address. HA pair nodes also use their HA ports for VRRP (Virtual Router Redundancy Protocol) advertisements.
MGMT port – A 10/100/1000-Mbps gigabit Ethernet port that you can use for appliance management or DNS service. You can enable the MGMT port and define its use through the GUI after the initial setup. If the MGMT port is enabled, the NIOS appliance uses it for management services (see the Sources and Destinations for Services table below for specific types).
You can do the following on some of the Ethernet ports, depending on your network requirements and configurations:
...
- From the Grid tab, select the Grid Manager tab.
- Expand the Toolbar and select Grid Properties -> Edit.
- In the Grid Properties editor, select the General tab -> click the Advanced tab (or click Toggle Advanced Mode) and complete the following:
- Enable GUI/API Access via both MGMT and LAN1/VIP: Select this checkbox to allow access to the Infoblox GUI and API using both the MGMT and LAN1 ports for standalone appliances and allow both the MGMT and VIP ports for an HA pair. This feature is valid only if you have enabled the MGMT port. For information about enabling the MGMT port, see
Appliances - Click Save to save the changes.
About Virtual LANs
...
When you first set up a NIOS appliance, you can assign VLANs through the Grid Setup Wizard. For more information, see Using the Setup Wizard. After the initial setup, you can assign VLANs to the LAN1 or LAN2 ports in the Required Ports and Addresses table, as described in Modifying Ethernet Port Settings.
On a Grid member, you can assign up to 10 VLANS for each protocol (IPv4 or IPv6) on the LAN1 and LAN2 ports. You can assign up to 10 IPv4 VLAN addresses and 10 IPv6 VLAN addresses for each interface. You can configure only IPv4 VLAN addresses for an IPv4 Grid member and only IPv6 VLAN addresses for an IPv6 Grid member, but for a dual mode Grid member you can configure both IPv4 and IPv6 VLAN addresses.
To assign additional VLANs to the LAN1 or LAN2 port, complete the following:
...
You can implement DiffServ (Differentiated Services) on the appliance by configuring the DSCP (Differentiated Services Code Point) value. DiffServ is a scalable and class-based mechanism that provides relative priorities to the type of services on your network. It can provide low latency for critical network traffic while providing simple best-effort service for non-critical services. The Infoblox DSCP implementation fully conforms to RFC 2475. For more information about DiffServ, refer to RFC 2475, An Architecture for Differentiated Services.
In IPv4 and IPv6 headers, DiffServ uses the DS (Differentiated Services) field for packet classification purposes. The DS field defines the layout of the ToS (Type of Services) octet in IPv4 and the Traffic Class octet in IPv6. The first six bits of the DS field are used as the DSCP value, which determines the PHBs (per-hope behaviors) on DiffServ compliant nodes and enables priorities of services to be assigned to network traffic. For more information about the DS field, refer to RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers.
When you configure the DSCP value for DiffServ, the appliance sets priorities for all outgoing IP traffic. It implements QoS (quality of service) rules so you can effectively classify and manage your critical network traffic. To ensure that core network services, such as DNS services, continue to operate in the event of network traffic congestion, you can set the DSCP value for the entire Grid and override it at the member level. Note that on an appliance, all outgoing IP traffic on all interfaces uses the same DSCP value.
DSCP is supported on both IPv4 and IPv6 transports and the DSCP value for both IPv4 and IPv6 transports must be the same. This feature is currently supported on the following Infoblox appliances: Trinzic 2210, 2215, 2220, 2225, Infoblox-4010, Infoblox-4030, Infoblox-4030-10GE, PT-1400, PT-1405, PT-2200, PT-2205, PT-4000, PT-4000-10GE, TE-1410, TE-1420, TE-1415, TE-1425, and TE-4015. For information about these appliances, refer to the respective installation guides on the Infoblox Support web site at https://www.infoblox.com/support.
...
- From the Grid tab -> Grid Manager tab, click Grid Properties -> Edit from the toolbar.
- In the General -> Advanced tab of the Grid Properties editor, complete the following: DSCP Value: Enter
- enter a value from 0 to 63 . The
- in the:DSCP Value field. The default is 0 and it represents the lowest priority.
- Save the configuration.
To override the DSCP value for a member:
- From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member checkbox, and then click the Edit icon.
- In On the Network tab -> Basic tab of the Grid Member Properties editor, complete the following:
...
- click Override, and then enter a value from 0 to 63 in the DSCP value field. The default is 0 and it represents the lowest priority.
...
- Save the configuration.
You can override the Grid and member DSCP value at the interface level. For more information, see the following:
- For the LAN1 port, see Modifying Ethernet Port Settings below.
- For the LAN2 port, see Using the LAN2 Port.
- For the MGMT port, see see Using the MGMT Port.
Ethernet Port Usage
This section provides tables that detail the port usage and source and destination ports for different services, depending on your Grid configuration.
The table below displays the type of traffic per port for both Grid and independent deployments. For a more detailed list of the different types of traffic, see the Sources see the Sources and Destinations for Services table.
Table 8.3 Appliance Roles and Configuration, Communication Types, and Port Usage
Appliance Role | HA Pair | HA Status | MGMT Port | Database Synchronization | Core Network Services | Management Services | GUI Access |
|---|---|---|---|---|---|---|---|
HA Grid Master | Yes | Active | Disabled | VIP on HA | VIP on HA | LAN1 | VIP on HA |
HA Grid Master | Yes | Passive | Disabled | LAN1 | – | LAN1 | – |
Single Grid Master | No | – | Disabled | LAN1 | LAN1 | LAN1 | LAN1 |
HA Grid Member | Yes | Active | Disabled | LAN1 | VIP on HA | LAN1 | – |
HA Grid Member | Yes | Passive | Disabled | LAN1 | – | LAN1 | – |
Single Grid Member | No | – | Disabled | LAN1 | LAN1 | LAN1 | – |
Independent HA Pair | Yes | Active | Disabled | VIP on HA | VIP on HA | LAN1 | VIP on HA |
Independent HA Pair | Yes | Passive | Disabled | LAN1 | – | LAN1 | – |
Single Independent | No | – | Disabled | – | LAN1 | LAN1 | LAN1 |
HA Grid Master | Yes | Active | Enabled | VIP on HA | VIP on HA | MGMT | MGMT |
HA Grid Master | Yes | Passive | Enabled | LAN1 | – | MGMT | – |
Single Grid Master | No | – | Enabled | LAN1 | LAN1 or MGMT | MGMT | MGMT and LAN1/VIP |
HA Grid Member | Yes | Active | Enabled | LAN1 or MGMT | VIP on HA | MGMT | – |
HA Grid Member | Yes | Passive | Enabled | LAN1 or MGMT | – | MGMT | – |
Single Grid Member | No | – | Enabled | LAN1 or MGMT | LAN1 or MGMT | MGMT | – |
Independent HA Pair | Yes | Active | Enabled | VIP on HA | VIP on HA | MGMT | MGMT |
Independent HA Pair | Yes | Passive | Enabled | LAN1 | – | MGMT | – |
Single Independent | No | – | Enabled | – | LAN1 or MGMT | MGMT | MGMT |
Reporting Member | No | – | Enabled | LAN1 or MGMT | LAN1 or MGMT | MGMT | MGMT |
Table 8.4 Appliance Roles and Configuration, Communication Types, and Port Usage for Appliances with LAN2 Ports
...
To see the service port numbers and the source and destination locations for traffic that can go to and from a NIOS appliance, see the Sources and Destinations for Services table. This information is particularly useful for firewall administrators so that they can set policies to allow traffic to pass through the firewall as required.
| Note | ||
|---|---|---|
| ||
The colors in both tables represent a particular type of traffic and correlate with each other. |
Table 8.5 Sources and Destinations for Services
...
- From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member check box, and then click the Edit icon.
Note: You must enable the MGMT port before modifying its port settings. See /wiki/spaces/nios84draft/pages/26151621See Using the MGMT Port. - In the Network tab of the Grid Member Properties editor, the Required Ports and Addresses table lists the network settings that were configured. This table lists the network settings of LAN1(IPv4) interface for an IPv4 member and LAN1(IPv6) interface for an IPv6 member. For a dual mode Grid member, this table lists the settings for both LAN1(IPv4) and LAN1(IPv6) interfaces. Complete the following to modify port settings:
- Interface: Displays the name of the interface. You cannot modify this.
- Address: Click the field and modify the IP address for the LAN1 port, which must be in a different subnet from that of the LAN2 and HA ports.
- Subnet Mask (IPv4) or Prefix Length (IPv6): For IPv4 address, click the field and specify an appropriate subnet mask and for IPv6 address, specify the prefix length.
- Gateway: Click the field and modify the default gateway for the LAN1 port.
- VLAN Tag: Click the field and enter the VLAN tag ID if the port is configured for VLANs. You can enter a number from 1 to 4095.
- Port Settings: From the drop-down list, choose the connection speed that you want the port to use. You can also choose the duplex setting. Choose Full for concurrent bidirectional data transmission or Half for data transmission in one direction at a time. Select Automatic to instruct the NIOS appliance to negotiate the optimum port connection type (full or half duplex) and speed with the connecting switch automatically. This is the default setting. You cannot configure port settings for vNIOS appliances.
- DSCP Value: Displays the Grid DSCP value. To modify, click Override and enter the DSCP value. You can enter a value from 0 to 63.
Save the configuration and click Restart if it appears at the top of the screen.
...