Document toolboxDocument toolbox

Using the LAN2 Port

Owned by Panna .
Last updated: Jan 09, 2023 by Jyothi KP
9 min read

Note

NIC failover for LAN1 and LAN2 is not supported on AWS members.

The LAN2 port is a 10/100/1000Base-T Ethernet connector on the front panel of the TE-810, TE-820, TE-1410, TE-1420, TE-2210, TE-2220, and IB-4010 appliances. By default, the LAN2 port is disabled and the appliance uses the LAN1 port (and HA port when deployed in an HA pair). Before you can enable and configure the LAN2 port on a Grid member, you must first configure the member and join it to the Grid. You must also have read/write permission to the Grid member on which you want to enable the port. When you enable the LAN2 port and SNMP, the appliance sends traps from this port for LAN2 related events.

You can configure the LAN2 port in different ways. You can enable the port redundancy or port failover feature, which groups the LAN1 and LAN2 ports into one logical interface. The LAN1/LAN2 grouping can be activated for both IPv4 and IPv6. Alternatively, you can configure the LAN2 port on a different IP network than LAN1, and enable the LAN2 port to provide DNS and DHCP services. 

Note that you cannot use the LAN2 port to access the GUI and the API, or to connect to the Grid. This can impact the ability of other appliances, such as the NetMRI and PortIQ appliances, to communicate with the Grid Master. Any IPv6 services enabled for the LAN2 port also require provisioning of an IP address on the LAN2 port.

About Port Redundancy

You can configure the LAN2 or LAN2 (VLAN) port to provide redundancy and additional fault tolerance in your network. Port redundancy is transparently supported for both IPv4 and IPv6. When you enable port redundancy, the LAN1 or LAN1 (VLAN) and LAN2 or LAN2 (VLAN) ports are grouped into one logical interface. They share one IP address and appear as one interface to the network. Then, if a link to one of the ports fails or is disabled, the appliance fails over to the other port, avoiding a service disruption.
You can connect the LAN1 or LAN1 (VLAN) and LAN2 or LAN2 (VLAN) ports to the same switch or to different switches, but the VLAN configuration between LAN1 and LAN2 must match. One port is active and the other port is idle at all times. In case of failure in the LAN1 or LAN1 (VLAN) port, the LAN2 or LAN2 (VLAN) port becomes active and once the LAN1 or LAN1 (VLAN) port is active again, the LAN2 or LAN2 (VLAN) port becomes passive if the Use LAN1 when available option is enabled. For more information, see the Enabling Port Redundancy section.

Note

  • When configuring port redundancy, the speed of the interfaces is not taken into consideration when selecting the active interface.
  • All L2 packets are dropped on the bond0 passive interface if you enable port redundancy on the node. This is applicable only for PT-1405, PT-2205, PT-2205-10GE, IB-4030, and IB-4030-10GE appliances.

The LAN1 or LAN1 (VLAN) and LAN2 or LAN2 (VLAN) ports share the IP address of the LAN1 or LAN1 (VLAN) port; the port that is currently active owns the IP address. When you enable services on the appliance, such as DNS and DHCP, clients send their service requests to the LAN1 or LAN1 (VLAN) port IP address and receive replies from it as well. The port supports the services and features supported on the LAN1 or LAN1 (VLAN) port as listed in tables Appliance Roles and Configuration, Communication Types, and Port Usage for Appliances with LAN2 Ports and Sources and Destinations for Services in topic Configuring Ethernet Ports. You cannot enable the port redundancy feature if the LAN2 or LAN2 (VLAN) port is serving DNS or DHCP.
For example, you can use the MGMT port for Grid communications, and the LAN1 and LAN2 ports are connected to the same switch. The LAN1 and LAN2 port share the IP address of the LAN1 port, which is 1.1.1.5. In the illustration, LAN1 is the active port.

You can also have the MGMT port disabled and configure LAN1 and LAN2 for port redundancy. You can enable port redundancy on single or HA independent appliances and Grid members.

Using the LAN2 Failover Feature

Enabling Port Redundancy

Before you enable port redundancy, ensure that both LAN1 and LAN2 are enabled. To enable port redundancy:

  1. From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member checkbox, and then click the Edit icon.
  2. In the Network -> Basic tab of the Grid Member Properties editor, select the Enable port redundancy on LAN1/LAN2 checkbox.
  3. Select the Use LAN1 when available checkbox to enable the NIOS appliance to automatically revert to the LAN1 port when it is available. In case of a connection failure, if the LAN1 port is not available, the NIOS appliance fails over to the LAN2 port. If you do not enable this option, the NIOS appliance will not automatically revert from the LAN2 port to the LAN1 port when it is available.
  4. Save the configuration and click Restart if it appears at the top of the screen.

The Detailed Status panel displays the status of both the LAN1 and LAN2 ports. In an HA pair, both nodes display the port information when port redundancy is enabled.

Warning

When port redundancy on LAN1/LAN2 is enabled on members in vNIOS for OpenStack, a fatal error is displayed in the debug log files. You must manually assign the same MAC address for LAN1 and LAN2.

Configuring the LAN2 Port

Before you enable the LAN2 port to provide DHCP and DNS services, you must specify its IP address and other properties. You can configure both IPv4 and IPv6 addresses for the LAN2 port of an IPv4, IPv6 and dual mode (IPv4 and IPv6) Grid member.
To configure the LAN2 port:

  1. From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member checkbox, and then click the Edit icon.
  2. In the Network -> Basic tab of the Grid Member Properties editor, click the Add icon of the Additional Ports and Addresses table and select LAN2 (IPv4) or LAN2 (IPv6) from the drop-down list. Enter the following:
    • Interface: Displays the name of the interface. You cannot modify this.
    • Address: Type the IP address for the LAN2 port, which must be in a different subnet from that of the LAN1 and HA ports.
    • Subnet Mask (IPv4) or Prefix Length (IPv6): Specify an appropriate subnet mask for IPv4 address and prefix length for IPv6 address.
    • Gateway: Type the default gateway for the LAN2 port.
    • VLAN Tag: Enter the VLAN tag ID if the port is configured for VLANs. You can enter a number from 1 to 4095.For information about VLAN, see About Virtual LANs.
    • Port Settings: From the drop-down list, choose the connection speed that you want the port to use. You can also choose the duplex setting. Choose Full for concurrent bidirectional data transmission or Half for data transmission in one direction at a time. Select Automatic to instruct the NIOS appliance to negotiate the optimum port connection type (full or half duplex) and speed with the connecting switch automatically. This is the default setting. You cannot configure port settings for vNIOS appliances.
    • DSCP Value: Displays the Grid DSCP value. To modify, click Override and then enter the DSCP value. You can enter a value from 0 to 63. For information about DSCP, see Implementing Quality of Service Using DSCP.
    • LAN2 Virtual Router ID (if HA): If the appliance is in an HA pair, enter a VRID number.
  3. Save the configuration and click Restart if it appears at the top of the screen.

The Detailed Status panel displays the status of the LAN2 port. In an HA pair, only the active node displays the LAN2 information.

Configuring LAN1/LAN2 for Automated Failover

You can use both LAN1 and LAN2 interfaces for DNS recursion. Both these interfaces have different gateways and you can send the DNS query source using the ANY IP address.  If the default route interface goes down, the route redundancy feature configures another working interface so that there is automatic failover of recursion traffic from the failed interface to the working interface. This provides for a seamless flow of recursive traffic movement.

To configure automated failover, ensure that LAN1 and LAN2 have the same network configuration. Automated failover is supported on VLAN, IPv4, and IPv6 configurations.

To enable route redundancy:

  1. From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member checkbox, and then click the Edit icon.
  2. In the Network -> Basic tab of the Grid Member Properties editor, select the Enable default route redundancy on LAN1/LAN2 checkbox.
  3. Save the configuration and click Restart if it appears at the top of the screen.

The Detailed Status panel displays the status of both the LAN1 and LAN2 ports.

If you select the Enable default route redundancy on LAN1/LAN2 checkbox and then run the show routes CLI command, the output displays two default routes each having a different metric number. The primary default route that is set using the set default_route LAN1|LAN2 CLI command has a metric value of 0 and the secondary default route has a metric value of 10 for IPv4 networks. For IPv6 networks, the primary default route has a metric value of 1024 and the secondary default route has a metric value of 1124.  For more information, see show routes.

In case of a failover, there may be a delay of a few seconds before the switchover to the secondary interface occurs.

If you want to enable port redundancy on LAN2 using WAPI, you have to use the entire lan2_port_setting struct even though the LAN2 IP addresses are already configured. The lan2_port_setting struct does not support partial updates.

Enabling DHCP on LAN2

You can configure an appliance to provide DHCP service through the LAN1 port, LAN2 port, or both the LAN1 and LAN2 ports. Note that when you enable both ports, they must be connected to different subnets. You can also start and stop DHCP service for IPv4 or IPv6 on the LAN1 or LAN2 port after you have enabled the service.
After you configure the LAN2 port, you can enable DHCP services on the LAN2 port as follows:

  1. From the Data Management tab, select the DHCP tab -> Members tab -> Grid_member checkbox, and then click the Edit icon.
  2. If you are running DHCP for IPv4: In the General -> Basic tab of the Member DHCP Configuration editor, select the IPv4 checkbox for LAN2 under DHCP Interfaces.
    If you are running DHCP for IPv6: In the General -> Basic tab of the Member DHCP Configuration editor, select the IPv6 checkbox for LAN2 under DHCP Interfaces. (An IPv6 address must also be provisioned for the port.)
    You can run either or both protocols for DHCP depending on your network deployment.
  3. Save the configuration and click Restart if it appears at the top of the screen.

Enabling DNS on LAN2

If you enable DNS on an appliance, it always serves DNS on the LAN1 port. Optionally, you can configure the appliance to provide DNS services through the LAN2 port as well. For example, the appliance can provide DNS services through the LAN1 port for internal clients on a private network, and DNS services through the LAN2 port for external clients on a public network.
After you configure the LAN2 port, you can enable DNS services on the LAN2 port as follows:

  1. From the Data Management tab, select the DNS tab -> Members tab -> Grid_member checkbox, and then click the Edit icon.
  2. In the General -> Basic tab of the Member DNS Configuration editor, do the following:
    If you are running DNS for IPv4: In the General -> Basic tab of the Member DHCP Configuration editor, select the IPv4 checkbox for LAN2 under DNS Interfaces. 
    If you are running DNS for IPv6: In the General -> Basic tab of the Member DHCP Configuration editor, select the IPv6 checkbox for LAN2 under DNS Interfaces. (An IPv6 address must also be provisioned for the port.) 
    You can run either or both protocols for DNS depending on your network deployment. 
    • Automatically create glue A and PTR records for LAN2's address: The NIOS appliance can automatically generate A (address) and PTR records for a primary name server whose host name belongs to the name space of the zone. Select this checkbox to enable the appliance to automatically generate an A and PTR record. 
    • Automatically create IPv6 glue AAAA and PTR records for LAN2's address: automatically generate AAAA and PTR records for the LAN2 IPv6 address. A glue record is the IP address of a name server held at the domain name registry. They are needed to set a domain's name server to a host name within the domain. Example: to set the name servers of ns1.corpxyz.com and ns2.corpxyz.com, provide the glue records, which are in effect the IP addresses, for ns1.corpxyz.com and ns2.corpxyz.com, within specific DNS record types.
      Without the glue records, DNS requests never resolve to the correct IP address because the domain registry does not associate the IP with the correct records.
  3. In the General -> Advanced tab (click Toggle Advanced Mode if necessary), select one of the following from the Send queries from and the Send notify messages and zone transfer request from drop-down lists:
    • VIP: The appliance uses the IP address of the HA port as the source for queries, notifies, and zone transfer requests.
    • MGMT: The appliance uses the IP address of the MGMT port as the source for queries, notifies, and zone transfer requests.
    • LAN2: The appliance uses the IP address of the LAN2 port as the source for queries, notifies, and zone transfer requests.
    • Any: The appliance chooses which port to use as the source for queries, notifies, and zone transfer requests.
      The Send queries from drop-down list also includes loopback IP addresses that you configured. You can select a loopback address as the source for queries.
  4. Save the configuration and click Restart if it appears at the top of the screen.
  5. Click Restart to restart services.