D-Link DFL-260E User Manual for DFL-260E - Page 237
Enabling Transparent Mode Directly on Interfaces, High Availability and Transparent Mode
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 237 highlights
4.7.1. Overview Chapter 4. Routing To better explain this, let us consider a VLAN vlan5 which is defined on two physical interfaces called if1 and if2. Both physical interfaces have switch routes defined so they operate in transparent mode. Two VLAN interfaces with the same VLAN ID are defined on the two physical interfaces and they are called vlan5_if1 and vlan5_if2. For the VLAN to operate in transparent mode we create a routing table with the ordering set to only and which contains the following 2 switch routes: Network all-nets all-nets Interface vlan5_if1 vlan5_if2 Instead of creating individual entries, an interface group could be used in the above routing table. No other non-switched routes should be in this routing table because traffic that follows such routes will be tagged incorrectly with the VLAN ID. Finally, we must associate this routing table with its VLAN interface by defining a Policy Based Routing Rule. Enabling Transparent Mode Directly on Interfaces The recommended way to enable Transparent Mode is to add switch routes, as described above. An alternative method is to enable transparent mode directly on an interface (a check box for this is provided in the graphical user interfaces). When enabled in this way, default switch routes are automatically added to the routing table for the interface and any corresponding non-switch routes are automatically removed. This method is used in the detailed examples given later. High Availability and Transparent Mode Switch Routes cannot be used with High Availability and therefore true transparent mode cannot be implemented with a NetDefendOS High Availability Cluster. Instead of Switch Routes the solution in a High Availability setup is to use Proxy ARP to separate two networks. This is described further in Section 4.2.6, "Proxy ARP". The key disadvantage with this approach is that firstly, clients will not be able to roam between NetDefendOS interfaces, retaining the same IP address. Secondly, and more importantly, their network routes will need to be manually configured for proxy ARP. Transparent Mode with DHCP In most Transparent Mode scenarios, the IP address of users is predefined and fixed and is not dynamically fetched using DHCP. Indeed, the key advantage of Transparent Mode is that these users can plug in anywhere and NetDefendOS can route their traffic correctly after determining their whereabouts and IP address through ARP exchanges. However, a DHCP server could be used to allocate user IP addresses in a Transparent Mode setup if desired. With Internet connections, it may be the ISP's own DHCP server which will hand out public IPv4 addresses to users. In this case, NetDefendOS MUST be correctly configured as a DHCP Relayer to forward DHCP traffic between users and the DHCP server. It may be the case that the exact IP address of the DHCP server is unknown but what is known is the Ethernet interface to which the DHCP server is connected. To enable DHCP requests to be relayed through the firewall, the following steps are needed: • Define a static route which routes the IPv4 address 255.255.255.255 to the interface on which the DHCP server is found. 237