Server Iron 1230 GUI

53-1002074-01 25 March 2011
ServerIron ADX
Graphical User Interface Guide
Supporting ServerIron ADX 1000, ServerIron ADX 4000, ServerIron ADX 8000, and ServerIron ADX 10000
Copyright 2008-2011 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCFM, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron, TurboIron, and Wingspan are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, Extraordinary Networks, MyBrocade, VCS, and VDX are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.
Brocade Communications Systems, Incorporated

Corporate and Latin American Headquarters Brocade Communications Systems, Inc. 130 Holger way San Jose, CA 95134 Tel: 1-408-333-8000 Fax: 1-408-333-8101 E-mail: info@brocade.com Asia-Pacific Headquarters Brocade Communications Systems China HK, Ltd. No. 1 Guanghua Road Chao Yang District Units 2718 and 2818 Beijing 100020, China Tel: +8610 6588 8888 Fax: +8610 6588 9999 E-mail: china-info@brocade.com Asia-Pacific Headquarters Brocade Communications Systems Co., Ltd. (Shenzhen WFOE) Citic Plaza No. 233 Tian He Road North Unit 1308 13th Floor Guangzhou, China Tel: +8620 3891 2000 Fax: +8620 3891 2111 E-mail: china-info@brocade.com
European Headquarters Brocade Communications Switzerland Srl Centre Swissair Tour B - 4me tage 29, Route de l'Aroport Case Postale 105 CH-1215 Genve 15 Switzerland Tel: +41 22 799 5640 Fax: +41 22 799 5641 E-mail: emea-info@brocade.com
Document History
Title
ServerIron ADX Graphical User Interface Guide
Publication number
53-1002074-01
Summary of changes
New document
Date
March 2011
Contents
About This Document

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii Notes, cautions, and danger notices . . . . . . . . . . . . . . . . . . . . . xii Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Getting technical help or reporting errors . . . . . . . . . . . . . . . . . . . . . xiii Web access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii E-mail access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Chapter 1
Getting Started with the GUI

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 The ServerIron ADX GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Accessing the GUI through HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Step 1: Connecting to the switch . . . . . . . . . . . . . . . . . . . . . . . . . 3 Step 2a: Logging in with switch code . . . . . . . . . . . . . . . . . . . . . . 3 Step 2b: Logging in with router code . . . . . . . . . . . . . . . . . . . . . . 3 Step 3: Connecting ServerIron to the network. . . . . . . . . . . . . . . 4 Step 4: Opening a browser (Internet Explorer or Firefox) . . . . . . 4 Accessing the GUI through HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Step 1: Connecting to the switch . . . . . . . . . . . . . . . . . . . . . . . . . 6 Step 2 : Logging commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Step 3: SSL configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Step 4: Enabling HTTPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Step 5: Connecting ServerIron to the network. . . . . . . . . . . . . . . 9 Step 6: Opening a browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Web management using the management port . . . . . . . . . . . . . . . . 13 Step 1: Connecting to the switch . . . . . . . . . . . . . . . . . . . . . . . . 13 Step 2a: Logging in with switch code . . . . . . . . . . . . . . . . . . . . . 13 Step 2b: Logging in with router code . . . . . . . . . . . . . . . . . . . . . 14 Step 3: Connecting ServerIron to the network. . . . . . . . . . . . . . 14 Step 4: Opening a browser (Internet Explorer or Firefox) . . . . . 14 Configuring IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Configuring an IP address on switch code . . . . . . . . . . . . . . . . . 15 Configuring an IP address on router code . . . . . . . . . . . . . . . . . 16
ServerIron ADX Graphical User Interface Guide 53-1002074-01
Configuring Source IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Configuring Source IP, Source NAT IP, and Source Standby IP addresses on switch code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Configuring Source NAT IP addresses on router code. . . . . . . . 19 Displaying the Dashboard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Displaying the Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Defining global system settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Displaying and saving the running configuration . . . . . . . . . . . . . . . 23
Chapter 2
Configuring a Real Server and a Real Server Port

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Creating a basic real server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Creating a real server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Enabling or disabling a real server . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Enabling at Summary tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Disabling at Summary tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Enabling at Basic tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Disabling at Basic tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Enabling or disabling a real server port. . . . . . . . . . . . . . . . . . . . . . . 29 Enabling at Summary tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Disabling at Summary tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Enabling at Port tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Disabling at Port tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Cloning a real server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Defining advanced parameters for real servers . . . . . . . . . . . . . . . . 33 Viewing real server summary information. . . . . . . . . . . . . . . . . . . . . 35 Real server status indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Real server port status indicators . . . . . . . . . . . . . . . . . . . . . . . 35 Viewing real server summary information . . . . . . . . . . . . . . . . . 35
Chapter 3
Configuring a Virtual Server and a Virtual Server Port

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Creating a virtual server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Creating a virtual server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Binding the virtual server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Enabling or disabling a virtual server . . . . . . . . . . . . . . . . . . . . . . . . 41 Enabling at Summary tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Disabling at Summary tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Enabling at Basic tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Disabling at Basic tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
vi
Enabling or disabling a virtual server port . . . . . . . . . . . . . . . . . . . . 43 Enabling at Summary tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Disabling at Summary tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Enabling at Port tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Disabling at Port tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Defining advanced virtual server parameters. . . . . . . . . . . . . . . . . . 46
Chapter 4
Configuring Health Checks

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Configuring health check for a real server . . . . . . . . . . . . . . . . . . . . 49 Enabling Layer 2 to Layer 4 health checks . . . . . . . . . . . . . . . . . . . . 52 Disabling Layer 2 to Layer 4 health checks. . . . . . . . . . . . . . . . . . . . 53 Creating a port profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Creating a port policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Configuring element health checks . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Configuring TCP or UDP health check policy . . . . . . . . . . . . . . . 59 Configuring ICMP health check policy . . . . . . . . . . . . . . . . . . . . 60 Configuring Boolean health check policy . . . . . . . . . . . . . . . . . . 61 Configuring a match list policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Chapter 5
Application Templates
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Generic HTTP application template . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Chapter 6
Configuring Role Based Management

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Creating a context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Creating a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Assigning a user role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Creating a role template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Web server authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 AAA web server authentication with the RADIUS method . . . . . 76 AAA web server authentication with the TACACS+ method. . . . 76 AAA web server authentication with the enable or line method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 AAA web server authentication failover to alternative method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 System log details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Chapter 7
Configuring VLANs, ACLs, and Routes

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
vii
Configuring VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Configuring a VLAN on switch code . . . . . . . . . . . . . . . . . . . . . . 79 Configuring a VLAN on router code. . . . . . . . . . . . . . . . . . . . . . . 80 Configuring standard Access Control List . . . . . . . . . . . . . . . . . . . . . 81 Configuring a static route on router code . . . . . . . . . . . . . . . . . . . . . 82
Chapter 8
Configuring High Availability

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 High Availability modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Configuring Hot Standby mode on switch code . . . . . . . . . . . . . . . . 85 Configuring Symmetric Active-Standby mode . . . . . . . . . . . . . . . . . . 88 Configuring Symmetric Active-Active mode . . . . . . . . . . . . . . . . . . . . 91 Displaying High Availability summary . . . . . . . . . . . . . . . . . . . . . . . . 93 Hot Standby summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Symmetric Active-Standby and Symmetric Active-Active summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Chapter 9
SSL Acceleration and Certificate Management

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Generating an SSL key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Uploading an existing SSL Key to ServerIron . . . . . . . . . . . . . . . . .101 Generating a self-signed certificate. . . . . . . . . . . . . . . . . . . . . . . . .102 Generating a certificate signing request . . . . . . . . . . . . . . . . . . . . .105 Uploading certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Creating an SSL profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108 Defining SSL accelerated services . . . . . . . . . . . . . . . . . . . . . . . . .114 Displaying SSL summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116
Chapter 10
Configuring Layer 7 Switching

In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119 Creating a Layer 7 Switching Rule (Request) . . . . . . . . . . . . . . . . .119 Creating a nested rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121 Creating a Layer 7 Request Policy . . . . . . . . . . . . . . . . . . . . . . . . . .122 Enabling Layer 7 Switching (HTTP Requests) . . . . . . . . . . . . . . . . .123 Displaying Layer 7 Summary (HTTP Requests) . . . . . . . . . . . . . . . .124 Creating Layer 7 Rules for HTTP Response . . . . . . . . . . . . . . . . . . .124 Creating Layer 7 Policies for HTTP Responses . . . . . . . . . . . . . . . .125 Configuring Response Rewrite on HTTP Header . . . . . . . . . . .126 Configuring Response Rewrite on HTTP Body . . . . . . . . . . . . .127 Enabling Layer 7 Switching for HTTP Responses . . . . . . . . . . . . . .128
viii
Displaying Layer 7 Summary of Response Rules, Policies, and associated virtual servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129 Using the L7 Switching Request Wizard . . . . . . . . . . . . . . . . . . . . .130 Launching the Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130 Wizard 1: Traffic Forwarding based on URL prefix. . . . . . . . . .131 Step 1: Creating a rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132 Step 2: Creating a policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132 Step 3: Enabling Layer 7 Switching . . . . . . . . . . . . . . . . . . . . .133 Wizard 2: Traffic Forwarding based on URL suffix . . . . . . . . . .134
Chapter 11
Maintenance
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135 Software upgrade overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135 Copying system software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136 Rebooting the device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136
Chapter 12
Displaying Statistics
In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139 Statistics overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139 Viewing system resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140 Displaying traffic statistics for a real server . . . . . . . . . . . . . . . . . . 141 Current Connection Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142 Current Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143 Connection Distribution among Application Ports. . . . . . . . . .144 Total Accumulated Connections to Server . . . . . . . . . . . . . . . .144 Total Accumulated Connections per Application Port . . . . . . .145 Received and Transmitted Packets among Application Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145 Displaying statistics for a real server port . . . . . . . . . . . . . . . . . . . .146 Current Connections on Ports. . . . . . . . . . . . . . . . . . . . . . . . . . 147 Total Accumulated Connections on Ports. . . . . . . . . . . . . . . . . 147 Received and Transmitted Packets on Ports . . . . . . . . . . . . . .148 Displaying statistics for a virtual server. . . . . . . . . . . . . . . . . . . . . .148 Connection Distribution among Application Ports. . . . . . . . . .149 Total Accumulated Connections to Server . . . . . . . . . . . . . . . .150 Total Accumulated Connections per Port . . . . . . . . . . . . . . . . .150 Displaying statistics for virtual server port . . . . . . . . . . . . . . . . . . .151 Current Connections on Ports. . . . . . . . . . . . . . . . . . . . . . . . . .152 Current Connection Distribution among Real Servers . . . . . .152 Total Accumulated Connections . . . . . . . . . . . . . . . . . . . . . . . .153 Total Accumulated Connection Distribution among Real Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153 Displaying global traffic statistics . . . . . . . . . . . . . . . . . . . . . . . . . .154 Displaying interface statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154 Viewing Syslog entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
ix
About This Document
In this chapter
Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Getting technical help or reporting errors . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Audience
This document is designed for system administrators with a working knowledge of Layer 2 and Layer 3 switching and routing. If you are using a Brocade Layer 3 Switch, you should be familiar with the following protocols if applicable to your network: IP, RIP, OSPF, BGP, ISIS, IGMP, PIM, DVMRP, and VRRP.
Supported hardware and software

Although many different software and hardware configurations are tested and supported by Brocade Communications Systems, Inc. for 12.3, documenting all possible configurations and scenarios is beyond the scope of this document. The following hardware platforms are supported by this release of this guide:
ServerIron ADX 1000 ServerIron ADX 4000 ServerIron ADX 8000 ServerIron ADX 10000
Document conventions
This section describes text formatting conventions and important notice formats used in this document.
xi
In this chapter
Text formatting
The narrative-text formatting conventions that are used are as follows: bold text Identifies command names Identifies the names of user-manipulated GUI elements Identifies keywords Identifies text to enter at the GUI or CLI italic text Provides emphasis Identifies variables Identifies document titles
code text
Identifies CLI output
For readability, command names in the narrative portions of this guide are presented in bold: for example, show version.
Notes, cautions, and danger notices

The following notices and statements are used in this manual. They are listed below in order of increasing severity of potential hazards.
NOTE
A note provides a tip, guidance or advice, emphasizes important information, or provides a reference to related information.
CAUTION A Caution statement alerts you to situations that can be potentially hazardous to you or cause damage to hardware, firmware, software, or data.
DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you. Safety labels are also attached directly to products to warn of these conditions or situations.
Notice to the reader

This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations. These references are made for informational purposes only.
xii
In this chapter
Corporation
Microsoft Corporation Mozilla Corporation Sun Microsystems
Referenced Trademarks and Products

Internet Explorer Mozilla Firefox Java Runtime Environment
Related publications
The following Foundry Networks documents supplement the information in this guide:
Release Notes for ServerIron Switch and Router Software TrafficWorks 12.0.00 ServerIron ADX TrafficWorks Graphical User Interface ServerIron ADX TrafficWorks Server Load Balancing Guide ServerIron ADX TrafficWorks Advanced Server Load Balancing Guide ServerIron ADX TrafficWorks Global Server Load Balancing Guide ServerIron ADX TrafficWorks Security Guide ServerIron ADX TrafficWorks Administration Guide ServerIron ADX TrafficWorks Switching and Routing Guide ServerIron ADX Firewall Load Balancing Guide ServerIron ADX Hardware Installation Guide IronWare MIB Reference
NOTE
For the latest edition of these documents, which contain the most up-to-date information, see Product Manuals at kp.foundrynet.com.
Getting technical help or reporting errors

Brocade is committed to ensuring that your investment in our products remains cost-effective. If you need assistance, or find errors in the manuals, contact Brocade using one of the following options:
Web access
The Knowledge Portal (KP) contains the latest version of this guide and other user guides for the product. You can also report errors on the KP. Log in to my.Brocade.com, click the Product Documentation tab, then click on the link to the Knowledge Portal (KP). Then click on Cases > Create a New Ticket to report an error. Make sure you specify the document title in the ticket description.
xiii
In this chapter
E-mail access
Go to http://www.brocade.com/services-support/index.page for the latest e-mail and telephone contact information.
xiv
Chapter
Getting Started with the GUI
In this chapter
The ServerIron ADX GUI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Accessing the GUI through HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Accessing the GUI through HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Web management using the management port . . . . . . . . . . . . . . . . . . . . . . 13 Configuring IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Configuring Source IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Displaying the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Displaying the Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Defining global system settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Displaying and saving the running configuration . . . . . . . . . . . . . . . . . . . . . 23
The ServerIron ADX GUI

This guide describes the Graphical User Interface (GUI) of the Brocade ServerIron ADX devices. Features or options not documented in this guide are not supported through GUI. This section describes the basic components that you need to know to navigate through the ServerIron ADX GUI and how to access the ServerIron ADX using both non-secure (HTTP) and secure (HTTPS) communication methods.
NOTE
NOTE
The ServerIron ADX GUI has been tested with Internet Explorer and Firefox Web browsers. Also, you must have the latest version of Java Runtime Environment (JRE) installed on your system to be able to view some of the graphics on the GUI. Obtain the latest JRE version from the Sun Microsystems Java Web site.
The ServerIron ADX GUI
FIGURE 1
ServerIron web interface home page
The context bars allow you to access the main functions by clicking the background. The main functions are: Overview, System, Traffic Management, L7 Traffic Management, Security, Network, and Maintenance. The option tabs allow you to access the detailed functions by clicking the tab on top of the respective content area; for example, Real Server, and Statistics. The content area allows you to configure, monitor, or troubleshoot the detailed functions; for example, a Real Server. The Log Out button allows you to log out from any window in the application.
2 3 4
Accessing the GUI through HTTP
The circular arrow in the right hand corner of the content window refreshes the screen. The file save button saves the content you enter. The "help button" (?) in the right hand corner of the content window links to the Brocade ADC Community website.
NOTE

The steps below vary depending on whether you are running switch code or router code.
Step 1: Connecting to the switch

1. Connect your PC to the ServerIron console connector using the serial cable. 2. Press Enter to bring up the command line prompt. 3. If you are using switch code, go to Step 2a; for router code, go to Step 2b.
Step 2a: Logging in with switch code

If you are using switch code, enter the following commands. 1. Enable configuration mode.
ServerIronADX> ServerIronADX> enable No password has been assigned yet... ServerIronADX# ServerIronADX# config term
2. Assign an IPv4 address and default gateway.

ServerIronADX(config)# ip address 1.1.1.1 255.255.255.0 ServerIronADX(config)# ip default-gateway 1.1.1.254
Or assign an IPv6 address and default gateway.

ServerIronADX(config)# ipv6 address fd00:60:69bc::100/64 ServerIronADX(config)# ipv6 default-gateway fd00:60:69bc::1
3. Write to memory.
ServerIronADX# write memory .Write startup-config in progress. .Write startup-config done. ServerIronADX#
Step 2b: Logging in with router code

If you are using router code, enter the following commands.
1. Enable configuration mode.

2. Configure an interface.
ServerIronADX(config)# interface ethernet 1
3. Assign an IPv4 address.

ServerIronADX(config-if-e1000-1)# ip address 1.1.1.1/24 ServerIronADX(config-if-e1000-1)# exit
Or assign an IPv6 address.

ServerIronADX(config)# ipv6 address fd00:60:69bc::100/64
4. Configure an IPv4 default route.

ServerIronADX(config)# ip route 0.0.0.0/0 1.1.1.254
Or configure an IPv6 default route.

ServerIronADX(config)# ipv6 route 0::0/0 fd00:60:69bc::1
5. Write to memory.
ServerIronADX(config)# ^Z ServerIronADX# write memory .Write startup-config in progress. .Write startup-config done. ServerIronADX#
Step 3: Connecting ServerIron to the network

1. Connect ServerIron ADX to your network infrastructure. 2. Check to see if ping access to the ServerIron IP address is working.
Step 4: Opening a browser (Internet Explorer or Firefox)

1. If an IPv4 address is used, type the address into the address bar of the browser.
Example http://1.1.1.1
If an IPv6 address is used, type the address into the address bar enclosed by square brackets.
Example http://[fd00:60:69bc::100]
2. Press Enter. The Login window displays.
3. Click HTTP. The User name and Password window displays.
NOTE
The default User name is admin. The default Password is brocade. The password can be edited for greater security.
4. Enter the user name and password and click OK.
NOTE
You have three attempts to log in to the web management. If all three log in tries fail, you will be locked out for 30 minutes. During the locked out period, you cannot log in even if you provide a correct password.
Accessing the GUI through HTTPS
The home page for the ServerIron web interface is displayed.

The steps below vary depending on whether you are running switch code or router code.

1. Connect your PC to the ServeIron console connector using the serial cable. 2. Press Enter to bring up the command line prompt.
Step 2 : Logging commands

The logging commands vary depending on whether you are running switch code or router code. Follow Step 2a if you are logging in with switch code, or Step 2b if you are logging in with router code.

2. Assign an IPv4 address and default gateway.

ServerIronADX(config)# ip address 1.1.1.1 255.255.255.0 ServerIronADX(config)# ip default-gateway 1.1.1.254
Or assign an IPv6 address and default gateway.

ServerIronADX(config)# ipv6 address fd00:60:69bc::100/64 ServerIronADX(config)# ipv6 default-gateway fd00:60:69bc::1
3. Write to memory.

If you are using router code, enter the following commands. 1. Enable configuration mode.
2. Configure an interface.
ServerIronADX(config)# interface ethernet 1
3. Assign an IPv4 address.

ServerIronADX(config-if-e1000-1)# ip address 1.1.1.1/24 ServerIronADX(config-if-e1000-1)# exit
Or assign an IPv6 address.

ServerIronADX(config)# ipv6 address fd00:60:69bc::100/64
4. Configure an IPv4 default route.

Or configure an IPv6 default route.

ServerIronADX(config)# ipv6 route 0::0/0 fd00:60:69bc::1
5. Write to memory.
ServerIronADX(config)#^Z ServerIronADX# write memory .Write startup-config in progress. .Write startup-config done. ServerIronADX#
Step 3: SSL configuration

The ServerIron ADX supports Secure Socket Layer (SSL) for enabling HTTPS access. When enabled, SSL protocol uses a digital certificate and public-private keypair to establish a secure connection to ServerIron. A digital certificate serves to prove the identity of participating entities, and a public-private key pair provides the means to encrypt data that is sent between two entities. The SSL digital certificate and private key for HTTPS access to ServerIron either can be imported from an external device or self-generated by ServerIron. Follow Step 3a if you are importing the digital certificate and private key file, or Step 3b if you are generating a default certificate on ServerIron.
Step 3a: Importing digital certificates and private key files

To import a digital certificate using TFTP, enter the following command.
ServerIronADX(config)# ip ssl certificate-data-file tftp <ip address> <certificate file-name>
To import a private key using TFTP, enter the following command.

ServerIronADX(config)# ip ssl private-key-file tftp <ip address> <key file-name>
After you have imported the digital certificate, reformat and prepare the SSL certificate for use by HTTPS access by entering the following command.
ServerIronADX(config)# crypto-ssl certificate generate
NOTES:
Imported certificates can be no larger than 2048 bytes. Encrypted private key files (DES, DES3, or other ciphers) are not supported. Private
key files must be unencrypted; private keys greater than 1024 bits are not supported; and private key files must be either 512 or 1024 bits.
Step 3b: Generating a default SSL certificate

To generate a default SSL certificate, enter the following command.
ServerIronADX(config)# crypto-ssl certificate generate default_cert
Step 4: Enabling HTTPS

To enable HTTPS access, use the following command.
ServerIronADX(config)#web-management https ServerIronADX(config)# exit ServerIronADX# write memory .Write startup-config in progress. .Write startup-config done. ServerIronADX#
Syntax: [no] web-management https

1. Connect ServerIron to your network infrastructure. 2. Check to see if ping access to the ServerIron IP address is working.
Step 6: Opening a browser

This procedure applies to the Internet Explorer or Firefox browsers. 1. If an IPv4 address is used, type the address into the address bar of the browser.
If an IPv6 address is used, type the address into the address bar enclosed by square brackets.
Example http://[fd00:60:69bc::100]
2. Press Enter. The Login window displays.
3. Click HTTPS. The system prompts you for certificate verification.
4. Click Yes. The system prompts for the user name and password.
10
NOTE
The default User name is admin. The default Password is brocade. This password can be edited for greater security. 5. Enter the user name and password and click OK.
NOTE
You have three attempts to log in to the web management. If all three log in tries fail, you will be locked out for 30 minutes. During the locked out period, you cannot log in even if you provide a correct password.
11
The home page for the ServerIron web interface is displayed. A lock symbol displayed on the top right corner indicates that the current connection is a secure HTTPS connection.
6. To log out, click Log Out in the upper right corner of the window. The message You are successfully logged out is displayed.
12
Web management using the management port

The management port supports IPv4 addresses only. The IP address configuration procedure is the same for both HTTP and HTTPS. The steps below vary depending on whether you are running switch code or router code.
NOTE

1. Connect your PC to the ServerIron console connector using the serial cable. 2. Press Enter to bring up the command line prompt. 3. If you are using switch code, go to Step 2a; for router code, go to Step 2b.

2. Assign an IP address to the management port.

ServerIronADX(config)# interface management 1 ServerIronADX(config-if-mgmt-1)# ip address 1.1.1.1 255.255.255.0
13
3. Configure a static route (the default route cannot point to the management port).
ServerIronADX(config-if-mgmt-1)# ip route 10.54.1.0/24 1.1.1.254
4. Write to memory.

If you are using router code, enter the following commands. 1. Enable configuration mode.
2. Configure the management interface.

ServerIronADX(config)# interface management 1
3. Assign an IP address.
ServerIronADX(config-if-mgmt-1)# ip address 1.1.1.1/24 ServerIronADX(config-if-mgmt-1)# exit
4. Configure a static route (the default route cannot point to the management port).
5. Write to memory.

1. Connect the ServerIron ADX management port to your network infrastructure. 2. Check to see if ping access to the ServerIron IP address is working.
Step 4: Opening a browser (Internet Explorer or Firefox)

1. Type the IP address into the address bar of the browser.
2. Press Enter.
14
Configuring IP addresses
The Login window displays.
You can log in to the web management by clicking either HTTP (non secure) or HTTPS (secure). If you click HTTPS, the system prompts you for certificate verification, and you must click Yes to proceed further. The User name and Password window displays. Enter the user name and password and click OK.
This section describes the procedure to configure an IP address on switch code and router code.
Configuring an IP address on switch code

To configure an IP address on a ServerIron that runs switch code, follow these steps. 1. Click System on the context bar and select IP/VLAN/Source IP. 2. Click the IP Address tab.
15
3. Enter the information for the following fields:
Management IP: Enter the IP address. Subnet Mask: Enter the subnet mask. Default Gateway: Enter the default gateway address.
4. Click Apply.
Configuring an IP address on router code

To configure an IP address on a ServerIron that runs router code, follow these steps. 1. Click System on the context bar and select IP/VLAN/Source IP. 2. Click the IP Address tab.
3. Select a router interface from the Interface list.
16
Configuring Source IP addresses
NOTE
You can also configure multiple IP addresses for the management port (mgmt1). 4. Enter the information for the following fields:
IP Address: Enter the management IP address. Subnet Mask: Enter the subnet mask. Default Gateway: Enter the default gateway address.
You can configure a secondary IP address for an interface using the GUI.
NOTE

You can configure Source IP, Source NAT IP, and Source Standby IP addresses using the GUI.
Configuring Source IP, Source NAT IP, and Source Standby IP addresses on switch code
You can configure the following addresses on a ServerIron running switch code:
Source IP Source NAT IP Source Standby IP
Defining Source IP addresses

To define Source IP addresses, follow these steps. 1. Click System on the context bar and select IP/VLAN/Source IP. 2. Click the Source IP tab. 3. Click Source IP for Type.
17
4. Provide the following information:
IP Address: Enter the IP address. Subnet Mask: Enter the subnet mask. Default Gateway: Enter the default gateway address. Use this IP for SSL Traffic (Optional): Select the check box to use the Source IP address for SSL terminate or proxy traffic. to be allocated on the real server.
Allocate Source Port per Real Server (Optional): Select the check box if the source port is
5. Click Add to add the Source IP address. The new Source IP address is displayed in the summary table.
Defining Source NAT IP address

To define Source NAT IP address, follow these steps. 1. Click System on the context bar and select IP/VLAN/Source IP. 2. Click the Source IP tab. 3. Click Source NAT IP for Type. 4. Provide the following information:
IP Address: Enter the IP address. Subnet Mask: Enter the subnet mask. Default Gateway: Enter the default gateway address. Source Port Range: Select Lower Port Range or Higher Port Range.
18
Use this IP for SSL Traffic (Optional): Select the check box to use this Source IP address for
SSL terminate or proxy traffic.
Allocate Source Port per Real Server (Optional): Select the check box if the source port is
to be allocated on the real server. 5. Click Add to add the Source NAT IP address. The new Source NAT IP address is displayed in the summary table.
Defining Source Standby IP address

To define Source Standby IP address, follow these steps. 1. Click System on the context bar and select IP/VLAN/Source IP. 2. Click the Source IP tab. 3. Click Source Standby IP for Type.
IP Address: Enter the IP address. Subnet Mask: Enter the subnet mask. Default Gateway: Enter the default gateway address.
5. Click Add to add the Source Standby IP address. The new Source Standby IP address is displayed in the summary table.
Configuring Source NAT IP addresses on router code

You can configure only Source NAT IP addresses on a ServerIron running router code. 1. Click System on the context bar and select IP/VLAN/Source IP. 2. Click the Source IP tab.
19
IP Address: Enter the IP address. Subnet Mask: Enter the subnet mask. Default Gateway: Enter the default gateway address. Source Port Range: Select Lower Port Range or Higher Port Range. Allocate Source Port per Real Server (Optional): Select the check box if the source port is to be allocated on the real server.
4. Click Add to add the Source NAT IP address. The new Source NAT IP address is displayed in the summary table.
20
Displaying the Dashboard
Displaying the Dashboard

By default, the Dashboard is displayed when you log in to the ServerIron GUI. To view the Dashboard, click Overview on the context bar and select Dashboard.
The Dashboard shows CPU utilization for the management processor, available and used memory in the management processor, CPU utilization by the barrel processors, and the number of used and available sessions in the barrel processors. The Dashboard additionally provides status of fans, power supplies, and system temperature. It also shows software images installed on the system.
21
Displaying the Front Panel
Displaying the Front Panel

To dynamically display the front view of the ServerIron hardware, click Overview on the context bar and select Front Panel. An example is shown below.
Defining global system settings

You can modify global settings from the Global Settings page. 1. Click System on the context bar and select Global Settings.
2. You can change one or more of the following parameters:
Load Balancing Predictor: Select the predictor to be used by the ServerIron from the Load
Balancing Predictor list.
TCP Age: Enter the number of minutes for TCP age. UDP Age: Enter the number of minutes for UDP age. Sticky Age: Enter the number of minutes for Sticky age. Clock Scale: Enter a value from 1 to 24 for clock scale. Max Sessions Per BP: Enter the maximum number of sessions allowed for each BP.
NOTE
If you change the Max Session Per BP setting, you must reload the ServerIron from the CLI.
Source NAT: Select to globally enable source NAT on the system.
22
Displaying and saving the running configuration
TCP SYN NAK Threshold: Select the Enable check box to edit the TCP NAK threshold value.
The default value is 20. 3. Click Apply to save your changes.

To display the running configuration of the ServerIron ADX, click Overview on the context bar and select Running Configuration.
Scroll down the display to view the running configuration. To save the configuration to a file, click Download. A file download dialog box displays.
23
Click Save to save the configuration file.
24
Chapter
Configuring a Real Server and a Real Server Port
In this chapter
Creating a basic real server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a real server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling or disabling a real server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling or disabling a real server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cloning a real server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining advanced parameters for real servers . . . . . . . . . . . . . . . . . . . . . . Viewing real server summary information . . . . . . . . . . . . . . . . . . . . . . . . . . .
25 26 27 29 32 33 35
Creating a basic real server

To configure a basic real server, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. The real server window is displayed.
25
Creating a real server port
The configuration details of the real server are displayed in the right panel. The summary table displays the first 20 entries of the real servers. Click Next Page and Previous Page to navigate to the respective pages or select the page number from the Go To list. 2. Click the Basic tab at the top of the window. The basic real server window is displayed.
3. Click New, if New is not already displayed. 4. Enter the following information:
Real Server Name: Enter the real server name; for example, real1. Server IP: Enter the server IP address. You can configure both IPv4 and IPv6 addresses.
5. Click Enable for Admin Status. Enable is the default option. 6. Click Apply. The message The operation was successful is displayed.
Creating a real server port

To configure a real server port, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. 2. Click the Port tab.
26
Enabling or disabling a real server
3. In the Applications panel, select HTTP and click Add to enter a new application type. 4. In the Characteristics panel, click Enable for Admin Status (Enable is the default option). 5. Optionally, configure other port level parameters. 6. Click Update. The message The operation was successful is displayed.

You can enable or disable a real server using the Summary or Basic tab.
Enabling at Summary tab

To enable a real server at the Summary tab, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. 2. Click the Summary tab.
27
The list of real servers in the system is displayed.
3. Find the real server you want in the Real Server Name column. In the example above, "real1" is in the "Disabled" running state. 4. Click the arrow button in the Status column and select Enable. 5. Click Apply in the User Action column. The Running State column now shows Enabled.
Disabling at Summary tab

To disable a real server at the Summary tab, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. 2. Click the Summary tab. The list of the real servers in the system is displayed. 3. Find the real server you want in the Real Server Name column. 4. Click the arrow button in the Status column for your device and select Disable. 5. Click Apply in the User Action column.
Enabling at Basic tab

To enable a real server at the Basic tab, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. 2. Click the Basic tab.
28
Enabling or disabling a real server port
The basic real server window is displayed.
3. Select a real server from the list. 4. Click Enable for Admin Status. 5. Click Apply.
Disabling at Basic tab

To disable a real server at the Basic tab, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. 2. Click the Basic tab. 3. Select a real server from the list. 4. Click Disable for Admin Status. 5. Click Apply.

You can enable or disable a real server port using the Summary or Port tab.

To enable a real server port at the Summary tab, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. 2. Click the Summary tab.
29
The list of real servers in the system is displayed.
3. Find the real server you want in the Real Server Name column. In the above example, "real1" is in the "Enable" running state. 4. Click the arrow in the Port column to view a list of configured ports. The DNS port for real1 is Disabled.
5. Click the arrow button in the DNS row and select Enable. 6. Click Apply. The status should now show Enable.

To disable a real server port at the Summary tab, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. 2. Click the Summary tab. The list of the real servers in the system is displayed. 3. Find the real server you want in the Real Server Name column. 4. Click the arrow in the Port column to view a list of configured ports.
30
5. Click the arrow button in the Port row and select Disable. 6. Click Apply. The status should now show Disabled.
Enabling at Port tab

To enable a real server port at the Port tab, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. 2. Click the Port tab. The Port window is displayed.
3. Select the real server from the Real Server Name list and the port from the Port list. 4. Click Enable for Admin Status. 5. Click Update.
Disabling at Port tab

To disable a real server port at the Port tab, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. 2. Click the Port tab.
31
Cloning a real server
3. Select the real server from the Real Server Name list and the port from the Port list. 4. Click Disable for Admin Status. 5. Click Update.
Cloning a real server

To clone a real server, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. 2. Click the Cloning tab. The clone real server window is displayed.
3. Select a real server from the Real Server Name list. 4. Enter an IP address in the Base IP field and the number of clones you want in the Number of Clones field, and click Preview. The number of clones you specified are displayed. You can edit clone names and IP addresses.
32
Defining advanced parameters for real servers
5. Click Create Clones to create the clones. The message The operation was successful is displayed at the top of the window.

To define additional optional parameters for real servers, follow these steps. 1. Click Traffic Management on the context bar and select Real Server. 2. Click the Advanced tab.
33
Real Server Name: Select a real server from the list. Description: Enter a description for the real server. Alias Name: Enter the alias name. Ping Health Check: Click Disable to disable Layer 3 health check. By default, Layer 3 health check is enabled.
Backup: Select the check box to designate the real server to be a backup server. Source-NAT: Select the check box to enable Source NAT on the real server. Source-NAT ACL: Select the check box to enter the Source NAT access list number in the
ACL # field.
Max Connections: Enter the maximum number of sessions the ServerIron will maintain in
its session table.
Max TCP Connection Rate: Enter the maximum TCP connection rate. Max UDP Connection Rate: Enter the maximum UDP connection rate.
34
Viewing real server summary information
Port Number: Enter the port number and specify the community name in the Community
Name field.
Entry ID: Enter the entry IDs in the respective fields and the SNMP OID value in the SNMP
Request OID fields.
Least Connection Weight: Enter the weight of the real server relative to other real servers
in terms of the number of connections on the server. 4. Click Apply to accept your entries.

This section describes the status indicators for real servers and real server ports.
Real server status indicators

Real servers display their status by using different colors. Enabled Disabled Failed Testing Suspect Shutting-down Active Amber Light Red Light Red Light Amber Light Amber Light Amber Light Green Light
Real server port status indicators

Real server ports display their status by using different colors. Enabled Disabled Green Light Red Light

You can view the real server summary information sorted by IP address, running state, or real server name.
Sorted by IP address
To view real server status sorted by IP address, follow these steps. 1. Click the Summary tab. 2. Click the IP column heading. The real server information sorted by IP address is displayed.
35
Sorted by running state

To view real server status sorted by running state, follow these steps. 1. Click the Summary tab. 2. Click the Running State column heading. The real server information sorted by running state is displayed.
Sorted by real server name

To view real server status sorted by real server name, follow these steps. 1. Click the Summary tab. 2. Click the Real Server Name column heading. The real server information sorted by real server name is displayed.
36
Chapter
Configuring a Virtual Server and a Virtual Server Port
In this chapter
Creating a virtual server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a virtual server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Binding the virtual server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling or disabling a virtual server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling or disabling a virtual server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining advanced virtual server parameters . . . . . . . . . . . . . . . . . . . . . . . .
37 38 40 41 41 46
Creating a virtual server

To configure a basic virtual server, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. The virtual server window is displayed.
37
Creating a virtual server port
The content area for configuring the virtual server is displayed in the right panel. The Summary tab displays a list of the virtual servers in the system. 2. Click the Basic tab at the top of the window. The basic virtual server window is displayed.
3. Click New, if New is not already displayed. 4. Enter the following information:
Virtual Server Name: Enter the virtual server name. Server IP: Enter the server IP address. You can configure both IPv4 and IPv6 addresses.
5. Click Enable for Admin Status (Enable is the default option). 6. Select a predictor in the Predictor list; for example, Least Connection. 7. Click Apply. The message The operation was successful is displayed.

To configure a virtual server port, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. 2. Click the Port tab.
38
The Port window is displayed.
3. In the Applications panel, select a port from the list and click Add to enter a new application type. 4. In the Characteristics panel, select Enable for Admin Status. (Enabled is the default option.) Optionally, specify other port level items.
39
Binding the virtual server port
5. Click Update. The message The operation was successful is displayed.
Binding the virtual server port

To bind a virtual server port to a real port, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. 2. Click the Bind tab.
40
Enabling or disabling a virtual server
The virtual server bind window is displayed.
3. Enter the following information:
From the Virtual Server list, select the virtual server name. From the Port list, select the virtual server port name. From the Real Server list, select the real server name. From the Port list, select the real server port name.
4. Click Bind. 5. Repeat the above steps for binding additional real servers.

You can enable or disable a virtual server using the Summary or Basic tab.

To enable a virtual server at the Summary tab, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. 2. Click the Summary tab. The list of the virtual servers in the system is displayed.
41
3. Find the virtual server you want in the Virtual Server Name column. 4. Click the arrow button in the Admin column and select Enable. 5. Click Apply in the User Action column. The Running State column should now show Enabled.

To disable a virtual server at the Summary tab, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. 2. Click the Summary tab. The list of the virtual servers in the system is displayed. 3. Find the virtual server you want in the Virtual Server Name column. 4. Click the arrow button in the Admin column and select Disable. 5. Click Apply in the User Action column. The Running State column should now show Disabled.
Enabling at Basic tab

To enable a virtual server at the Basic tab, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. 2. Click the Basic tab. The basic virtual server window is displayed.
3. Select a virtual server from the list. 4. Click Enable for Admin Status. 5. Click Apply.
42
Enabling or disabling a virtual server port
Disabling at Basic tab

To disable a virtual server at the Basic tab, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. 2. Click the Basic tab. 3. Select a virtual server from the list 4. Click Disable for Admin Status. 5. Click Apply.

You can enable or disable a virtual server port using the Summary or Port tab.

To enable a virtual server port at the Summary tab, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. 2. Click the Summary tab. The list of the virtual servers in the system is displayed.
3. Find the virtual server you want in the Virtual Server Name column. In the example above, "vip2" is in the "Enabled" running state. 4. Click the arrow in the Port column to view the list of virtual ports. The DNS port for vip2 is Disabled.
43
5. Click the arrow button in the DNS row and select Enable. 6. Click Apply. The Port status should now show Enable.

To disable a virtual server port at the Summary tab, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. 2. Click the Summary tab. The list of the virtual servers in the system is displayed. 3. Find the virtual server you want in the Virtual Server Name column. 4. Click the arrow in the Port column to view a list of virtual ports. The DNS port for vip2 is Enabled.
5. Click the arrow button in the DNS row and select Disable. 6. Click Apply. The Port status should now show Disable.
44
Enabling at Port tab

To enable a virtual server port at the Port tab, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. 2. Click the Port tab. The Port window is displayed.
3. Select a virtual server in the Virtual Server Name list and a virtual port in the Port list. 4. Click Enable for Admin Status. 5. Click Update.
45
Defining advanced virtual server parameters
Disabling at Port tab

To disable a virtual server port at the Port tab, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. 2. Click the Port tab. 3. Select a virtual server in the Virtual Server Name list and a virtual port in the Port list. 4. Click Disable for Admin Status. 5. Click Update.

To define additional optional parameters for a virtual server, follow these steps. 1. Click Traffic Management on the context bar and select Virtual Server. 2. Click the Advanced tab.
Virtual Server Name: Select a virtual server from the list.
46
Description: Enter a description for the virtual server. Track Group: Select to enable track group. Track Port: Select to enable track port. Master Port: Select the master port from the list. TCP Age: Enter the TCP age. UDP Age: Enter the UDP age. Sticky Age: Enter the sticky age. Rate Limiting, Client Connection Limit: Select the maximum number of client connections allowed for the virtual server. transactions allowed for the virtual server.
Rate Limiting, Transaction Rate Limit: Select the maximum number of TCP, UDP, and ICMP Click the down arrow next to VIP Route Health Injection (VIP RHI) to display the parameters
to be configured. Enter the information for the following fields:
VIP Route: Select the Advertise VIP Route check box to advertise the availability of a VIP address throughout the network. Click Enable to enable VIP RHI for the virtual server or click Disable to disable VIP RHI for the virtual server. Enable is the default option. Subnet Mask: You can enter the subnet mask of VIP RHI injected route for the virtual server using the prefix length. The default prefix length for IPv4 address is 32 and for IPv6 address is 128. To specify the full subnet mask, select the Specify Full Mask check box and enter the full subnet mask.
4. Click Apply to accept your entries.
47
48
Chapter
Configuring Health Checks
In this chapter
Configuring health check for a real server. . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling Layer 2 to Layer 4 health checks . . . . . . . . . . . . . . . . . . . . . . . . . . Disabling Layer 2 to Layer 4 health checks . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a port profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a port policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring element health checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring a match list policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
49 52 53 53 57 59 62
Configuring health check for a real server

To configure health check for an individual real server, follow these steps. 1. Click Traffic Management on the context bar and select Health Checks. The health check window is displayed.
49
2. Click the Summary tab. The Summary tab displays the links to configure global health check settings and individual real server health checks.
3. Follow the links available under Step 1 (Optional): Define global health check settings to create or modify system level health check containers such as port profiles, port policies, element health checks, and match lists, or modify global health check settings. 4. Under Step 2: Configure Health Check, select the real server name from the Select Real Server list. 5. Select the port name from the Select Real Port list. 6. Click Open Port Health Check configuration page. The system opens a new dialog box for displaying the port configurations for the selected real server.
50
7.
Under Health Check, enter the following information:
Click Enable to enable periodic health check for the real server. Click L4 Check Only to enable a Layer 4 check. Enter the Bringup Health Check Interval in the L4 and L7 fields. Click Update.
8. Close the dialog box and click Finish on the parent window.
51
Enabling Layer 2 to Layer 4 health checks
Enabling Layer 2 to Layer 4 health checks

To globally enable Layer 2, Layer 3, and Layer 4 health checks, follow these steps. 1. Click Traffic Management on the context bar and select Health Checks. 2. Click the Generic tab. or Click the Summary tab and then click Generic. The Generic Health Checks window is displayed.
3. Click Enable for Periodic ARP to enable Layer 2 ARP check. Enable is the default option. 4. Click Enable for Real Server and Remote Server to enable Layer 3 ping check. Enable is the default option. 5. Click Enable for Layer 4 Health Check and Fast Port Bring-up to enable Layer 4 TCP/UDP check. Enable is the default option. 6. Click Apply.
52
Disabling Layer 2 to Layer 4 health checks
Disabling Layer 2 to Layer 4 health checks

To globally disable Layer 2, Layer 3, and Layer 4 health checks, follow these steps. 1. Click Traffic Management on the context bar and select Health Checks. 2. Click the Generic tab. or Click the Summary tab and then click Generic. 3. Click Disable for Periodic ARP to disable Layer 2 ARP check. 4. Click Disable for Real Server and Remote Server to disable Layer 3 ping check. 5. Click Disable for Layer 4 Health Check and Fast Port Bring-up to disable Layer 4 TCP/UDP check. 6. Click Apply.
Creating a port profile

Define a port profile to globally configure the ports parameters and configure the keepalive health check. To create a port profile, follow these steps. 1. Click Traffic Management. on the context bar and select Health Checks. The health check window is displayed.
53
The content area for configuring the health checks is displayed on the right side of the window. The Summary tab displays links to configure global health check settings and individual real server health checks.
54
2. Click the Port Profile tab. or Click the Summary tab and then click Port Profile. The Port Profile Health Checks window is displayed.
55
3. Click New, if New is not already displayed. 4. Enter the well-known port name or port number in the Port field. 5. Select the protocol from the Protocol list. 6. Select Enable for Status to enable health check for the port. 7. Select TCP or UDP for Type to globally define the type for this port, and enter the following information:
Age: You can edit the default age value.

56 ServerIron ADX Graphical User Interface Guide 53-1002074-01
Creating a port policy
8. Select Enable or Disable for Periodic HC. (This option is available only for the TCP type).
Interval: You can edit the default interval value. Retries: You can edit the default retries value.
NOTE
The ServerIron assumes that ports for which it does not know the type are UDP ports. 9. Select the L4 Check Only check box to enable only Layer 4 checks. This selection disables Layer 7 checks if applicable. 10. Select Enable for Session Sync to enable session synchronization for the port in high availability designs. 11. Click Apply. The port profile is listed in the Summary table. You can click Edit in the table or select the port profile from the list (next to the New button) at the top of the page to modify the port profile. Also click Del to delete the port profile from the Summary table. However, you cannot edit or delete port profiles if they are in use.

To create a port policy, follow these steps. 1. Click Traffic Management on the context bar and select Health Checks. 2. Click the Port Policy tab. or Click the Summary tab and then click Port Policy. The Port Policy Health Checks window is displayed.
57
3. Click New, if New is not already displayed. 4. Enter the name of the port policy in the Name field. 5. Edit the default health check interval value in the HC Interval field. 6. Edit the default health check retries in the HC Retries field. 7. Select the L4 Check Only check box to enable only Layer 4 checks. This selection disables Layer 7 checks if applicable.
8. Optionally, select the port from the Port list. 9. Select the protocol from the HC Protocol list. The port value is displayed in the field next to the HC Protocol list. Depending on the selected HC Protocol, the display changes and the system asks for additional information. 10. Provide the required additional information and click Apply. The port policy is listed in the table at the bottom of the page. You can click Edit in the table or select the port policy from the list (next to the New button) at the top of the page to modify the port policy. Also click Del to delete the port profile from the Summary table. However, you cannot edit or delete port policies if they are in use.
58
Configuring element health checks

You can configure health check of an individual server or group several health checks together from the Element HC tab. You can create Element health checks for the following types:
TCP UDP ICMP Boolean
Configuring TCP or UDP health check policy

To configure a TCP or UDP health check policy, follow these steps. 1. Click Traffic Management on the context bar and select Health Checks. 2. Click the Element HC tab. The Element HC window is displayed.
59
3. Click New, if New is not already displayed. 4. Enter the name for the health check in the Name field. 5. Select TCP or UDP for Type. 6. Enter the following information:
Destination IP: Enter the destination IP address. You can configure both IPv4 and IPv6
addresses.
State: Select Enable or Disable. HC Interval: You can edit the default interval value. HC Retries: You can edit the default retries value. Port: Select the port from the Port list. The port value is displayed in the field next to the Port list. field next to the HC Protocol list. Depending on the selected HC Protocol, the display changes and the system asks for additional information.
HC Protocol: Select the protocol from the HC Protocol list. The port value is displayed in the L4 Check: Select Enable or Disable. L7 Check: Select Enable or Disable.
7. Click Apply. The details are listed in the table at the bottom of the page. You can click Edit in the table or select the TCP or UDP health check policy from the list (next to the New button) at the top of the page to modify the health check policy. You can also delete the health check policy from the table by clicking Del. However, you cannot edit or delete health check policies if they are in use.
Configuring ICMP health check policy

To configure an ICMP health check policy, follow these steps. 1. Click Traffic Management on the context bar and select Health Checks. 2. Click the Element HC tab.
60
The Element HC window is displayed.

.
3. Click New, if New is not already displayed. 4. Enter the name for the health check in the Name field. 5. Click ICMP for Type. 6. Enter the destination IP address in the Destination IP field. You can configure both IPv4 and IPv6 addresses. 7. Click Apply. The details are listed in the table at the bottom of the page.You can click Edit in the table or select the ICMP health check policy from the list (next to the New button) at the top of the page to modify the health check policy. You can also delete the ICMP policy from the table by clicking Del. However, you cannot edit or delete ICMP health check policies if they are in use.
Configuring Boolean health check policy

To configure a Boolean health check policy, follow these steps. 1. Click Traffic Management on the context bar and select Health Checks. 2. Click the Element HC tab.
61
Configuring a match list policy
The Element HC window is displayed.
3. Click New, if New is not already displayed. 4. Enter the name for the health check in the Name field. 5. Click Boolean for Type. 6. Enter the following information:
Select an Element health check policy from the Element HC #1 list. Select a boolean operator from the Operator list. Select an Element health check policy from the Element HC #2 list.
7. Click Apply. The details are listed in the table at the bottom of the page. You can click Edit in the table or select the Boolean health check policy from the list (next to the New button) at the top of the page to modify the health check policy. You can also delete the boolean policy from the table by clicking Del. However, you cannot edit or delete the boolean health check policies if they are in use.

You can configure a match list policy to mark the server port up or down when the rule defined in the match list is met. To create a match list, follow these steps. 1. Click Traffic Management on the context bar and select Health Check. 2. Click the Match List tab.
62
The Match List Health Check window is displayed.
3. Click New, if New is not already displayed. 4. Enter the name of the match list in the Name field. 5. Select Up or Down from the Health State list. 6. Select one of the following conditions from the Match Condition list to define a rule:
Select String Starts With and enter the string in the String field. Select String Ends With and enter the string in the String field. Select Simple String Match and enter the following details:
Enter the string in the String field. Select the Log check box. Select Compound String Match and enter the following details:

Enter the string start text in the Starts With field. Enter the string end text in the Ends With field. Select the Log check box.
7.
Click Add. The rule is displayed in the table below the Add button. You can click Edit in the table to modify the rule. Also click Del to delete the rule from the table.
63
8. Repeat step 5 to step 7 to define additional match conditions. 9. Select Up or Down for Default. 10. Click Apply. The configured match list is listed in the table at the bottom of the page. You can click Edit in the table to modify the match list. Also click Del to delete the match list from the table.
64
Chapter
Application Templates
In this chapter
Generic HTTP application template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Generic HTTP application template

You can use the built-in generic HTTP application template for configuring the HTTP load balancing service. The same template can also be used for configuring simple Layer 4 load balancing for any other TCP or UDP based application. 1. Click Traffic Management on the context bar and select Application Templates. The template window is displayed.
2. Click the HTTP link in the Template page. or Click the HTTP tab. The HTTP tab is displayed.
65
3. Edit the Specify Naming Prefix field to enter any string which will be used as prefix in generating distinguishable virtual server and real server names. The default prefix is app_http_. 4. Provide the following information under Virtual Server Details:
What is the IP Address: Enter the virtual server IP address. What is the Port: By default, the HTTP port value is displayed. You can change this value to
specify any other port.
Load Balancing Method: Select the appropriate load balancing method from the list.
5. Provide the following information under Real Server Details:
What is the IP Address: Enter the real server IP address. Service Port: Select the service port from the list.
The selected service port value is displayed in the adjacent field. 6. Click Add. The real server details are displayed in the table below the Add button. You can click Delete to delete a selected real server from the table or click Delete All to delete all the real servers listed in the table. 7. Repeat steps 5 and 6 to add multiple real servers. 8. Enter the server health check URL address in the Health check URL field.
66
9. Click Apply to save the configuration. The system automatically creates a sample Layer 4 server load balancing configuration in the background. You can verify the changes by viewing the running configuration (refer to Displaying and saving the running configuration on page 23) or using a CLI interface. A sample output is shown as follows.
! server real app_http_rs_1 10.1.1.1 port http port http url "GET /" ! server real app_http_rs_2 10.1.1.2 port http port http url "GET /" ! server real app_http_rs_3 10.1.1.3 port http port http url "GET /" ! server real app_http_rs_4 10.1.1.4 port 8080 port 8080 url "GET /" ! server real app_http_rs_5 10.1.1.5 port 8080 port 8080 url "GET /" ! ! server virtual app_http_vip_1 100.10.10.1 predictor least-conn port http bind http app_http_rs_1 http app_http_rs_2 http app_http_rs_3 http app_http_rs_4 8080 bind http app_http_rs_5 8080 !
67
68
Chapter
Configuring Role Based Management
In this chapter
Creating a context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Assigning a user role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a role template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Web server authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System log details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
69 71 72 75 76 77 78
Creating a context
To create a context, perform the following steps. 1. Click System on the context bar and select User/Role Management. The user/role based window is displayed.
The Summary tab displays the list of users. 2. Click the Context tab.
69
Creating a context
The context window is displayed.
3. In the Name field, enter the context name; for example, Finance. 4. Click Add. The message The operation was successful is displayed and the context name is included in the table.
70
Creating a user
Creating a user
To create a user, follow these steps. 1. Click the User tab. The user window is displayed.
2. Click New. 3. Enter the following information:
User Name: Enter the user name. User Type: Select Super User, Role Based, or Read Only as the user type.
NOTE
For more information on the role based user type, refer to Assigning a user role on page 72.
Password: Enter the password with a minimum of eight characters containing the following
combinations:

At least two uppercase characters At least two lowercase characters At least two numeric characters At least two special characters
71
Assigning a user role
The password is always masked to ensure security.
Confirm Password: Enter the password again for confirmation.

4. Click Apply. If the user is created successfully, the message The operation was successful is displayed.

To assign role to a role based user, perform the following steps. 1. Click the User tab. 2. Select a user from the list.
72
3. Click None, Viewer, or Manager for Global (non-Context) Config. The global configuration refers to Layer 2, Layer 3, and other miscellaneous configurations on the system.
NOTE
The global configuration does not include configurations from other contexts. 4. Select a context from the Context list and the respective role from the Role list and then click Add. 5. Repeat step 4 for every context as desired. 6. Select a context from the Default Operational Context list for the user. On logging in, you will find the selected default operational context. 7. Optionally, define a Role Template for the user. The user role is displayed with the message The operation was successful. 8. Click Apply.
73
74
Creating a role template
Creating a role template

To create a role template, follow these steps. 1. Click the Role Template tab. The role template window is displayed.
2. Click New. 3. Enter the role template name in the Name field. 4. Click None, Viewer, or Manager for Global (non-Context) Config. The global configuration refers to Layer 2, Layer 3, and other miscellaneous configurations on the system. 5. Select a context from the Context list and the respective role from the Role list and then click Add. 6. Select a context from the Default Context list. 7. Click Apply. The role template is displayed with the message The operation was successful.
75
Web server authentication
Web server authentication

This section explains how to configure ServerIron to use different methods for authentication.
AAA web server authentication with the RADIUS method

To configure the ServerIron to use the RADIUS method for authentication, enter the following command in the CLI.
ServerIronADX(config)# aaa authentication web-server default radius
During the RADIUS authentication process, if a user supplies a valid user name and password, the RADIUS server sends an Access-Accept packet to the ServerIron, authenticating the user. The Access-Accept packet contains three attributes as given below.
Vendor Specific Attribute
foundry-privilege-level
Value
0
Description
Super User level. Allows user to modify configuration through web GUI Read Only level. Allows user to view configurations only (All Submit buttons are disabled) If exists, it will be ignored If exists, it will be ignored
5 foundry-command-string foundry-command-exception-flag <string> <int>
AAA web server authentication with the TACACS+ method

To configure the ServerIron to use the TACACS+ method for authentication, enter the following commands in the CLI.
ServerIronADX(config)# aaa authentication web-server default tacacs+ ServerIronADX(config)# aaa authorization exec default tacacs+
If the EXEC authorization command aaa authorization exec default tacacs+ is not configured, the user will get Super User privilege by default upon successful authentication by the TACACS+ server. Otherwise, the user obtains the privilege through TACACS+ EXEC authorization. During TACACS+ EXEC authorization, the ServerIron expects the TACACS+ server to send a response containing an A-V (Attribute-Value) pair that specifies the privilege level of the user. When the ServerIron receives the response, it extracts an A-V pair configured for the EXEC service and uses it to determine the user's privilege level. To set a user's privilege level, you can configure the "foundry-privlvl" A-V pair for the EXEC service on the TACACS+ server.
Example
user=admin0 { default service = permit member admin # Global password global = cleartext "cat" service = exec { foundry-privlvl = 0 } }
76
System log details
In the previous example, the A-V pair foundry-privlvl=0 grants the user full read-write access.
user=admin5 { default service = permit member admin # Global password global = cleartext "cat" service = exec { foundry-privlvl = 5 } }
In the previous example, the A-V pair foundry-privlvl=5 grants the user read-only access.
AAA web server authentication with the enable or line method

The following command configures the device to use the Super User accounts to authenticate access to the device through the web management interface.
aaa authentication web-server default enable
The following command configures the device to use the Telnet password to authenticate access to the device through the web management interface.
aaa authentication web-server default line
AAA web server authentication failover to alternative method

To configure the device to consult a RADIUS server first for web server access, then consult the local user accounts if the RADIUS server is unavailable, enter the following command in the CLI.
aaa authentication web-server default radius local
System log details

The web server logs important user events in the system log. The following events will be logged with the user name, IP address, and time:
User logged in User logged out User login failed User locked out (3 login tries failed)
77
Navigation
To display the system log details, click Overview on the context bar and select Statistics and then click the System Log tab.
Navigation
1. Log in as a valid user and create Layer 4-7 objects such as real, virtual, etc. 2. Log out and log in as a different user. You can only view objects that belong to respective user contexts.
78
Chapter
Configuring VLANs, ACLs, and Routes
In this chapter
Configuring VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Configuring standard Access Control List . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Configuring a static route on router code . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Configuring VLANs
This section describes the procedure to configure a VLAN on switch code and router code.
Configuring a VLAN on switch code

To configure a VLAN on a ServerIron that runs switch code, follow these steps. 1. Click System on the context bar and select IP/VLAN/Source IP.
79
Configuring VLANs
2. Click the VLAN tab. 3. Click New, if New is not already displayed. 4. Enter the information for the following fields:
VLAN #: Enter the value between 1 and 4095. VLAN Name: Enter the VLAN name.
5. To assign VLAN port membership, do the following:
Select the Tag check box if the port is expected to be a tagged port and carry multiple
VLANs.
Select the Show All Ports check box if you want to see all ports on the system. Use Add Port and Remove to assign ports to the VLAN.
6. Click Apply.
Configuring a VLAN on router code

To configure an IP address on a ServerIron that runs router code, follow these steps. 1. Click System on the context bar and select IP/VLAN/Source IP.
80
Configuring standard Access Control List
2. Click the VLAN tab. 3. Click New, if New is not already displayed. 4. Enter the information for the following fields:
VLAN #: Enter the value between 1 and 4095. VLAN Name: Enter the VLAN name. Router Interface: Define a virtual routing interface, if necessary.
5. To assign VLAN port membership, do the following:
Select the Tag check box if the port is expected to be a tagged port and carry multiple
VLANs.
Select the Show All Ports check box if you want to see all ports on the system. Use Add Port and Remove to assign ports to the VLAN.
6. Click Apply.
Configuring standard Access Control List

To configure a standard ACL on a ServerIron that runs switch code, follow these steps. 1. Click Security on the context bar and select ACL. The Standard ACL window is displayed.
2. Select New from the list. 3. Select either ID# or Name and enter the number or name of a standard ACL.
81
Configuring a static route on router code
4. Select Permit or Deny for Action. 5. Enter the information for the following fields:
Source IP Address: Enter the IP address. Subnet Mask: Enter the subnet mask. Remark (optional): Enter the remark. Log (optional): Select or clear the check box.
6. Click Apply.

To configure a static route on a ServerIron that runs router code, follow these steps. 1. Click Network on the context bar and select Static Route.
2. Enter the information for the following fields:
IP Version: By default, IPV4 is enabled. Destination Network: Enter the IP address. Subnet Mask: Enter the subnet mask or select the Specify Prefix Length check box and
enter the prefix length.
Gateway: If you click IP, enter the IP address in the IP field. If you click Interface, select the
port from the Interface list.
82
Metric: Enter the metric between 1 and 16. Distance: Enter the distance between 1 and 255.
3. Click Apply. The message The operation was successful is displayed and the configured static route is listed in the summary table. Click Edit to modify the static route. You can also delete the static route from the summary table by clicking Del.
83
84
Chapter
Configuring High Availability
In this chapter
High Availability modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Hot Standby mode on switch code. . . . . . . . . . . . . . . . . . . . . . . Configuring Symmetric Active-Standby mode . . . . . . . . . . . . . . . . . . . . . . . . Configuring Symmetric Active-Active mode . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying High Availability summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
85 85 88 91 93
High Availability modes

The web GUI allows configuration of the three high availability modes:
Hot Standby Symmetric Active-Standby Symmetric Active-Active
Configuring Hot Standby mode on switch code

Hot Standby allows you to configure two ServerIrons to serve as a redundant pair. One ServerIron is always active while the other ServerIron is always standby. If the active ServerIron fails, the idle standby ServerIron assumes the active duties and becomes the new active device. Hot standby is supported only in switch code and not in router code. To configure the Hot Standby feature on a ServerIron that runs switch code, follow these steps. 1. Click System on the context bar and select High Availability.
NOTE
85
The high availability window is displayed.
The content area for configuring High Availability is displayed on the right side of the window. The Summary tab displays the configured ServerIron services. 2. Click the Configuration tab.
86
The Basic panel provides the minimum required configuration for Hot Standby mode.
3. Provide the following information under the Basic panel:
Sync VLAN: Click the Sync VLAN list to select a VLAN. If none exists, then click Create VLAN
to create one. For creating a VLAN, refer to Configuring a VLAN on switch code on page 79.
Sync Port: Select the Hot Standby port from the list. Shared MAC: Specify the MAC address of one of the ServerIrons. Be sure to use a chassis
MAC address from one of the two devices, not the MAC address of one of the backup ports.
Router Ports: Click Add Port to specify the number of router ports for the ServerIron to
become active. Click Remove to remove an added router port.
Spanning Tree: Select the Disable check box to avoid system conflicts.
4. Optionally, select Advanced to configure advanced settings.
87
Configuring Symmetric Active-Standby mode
Provide the following information under the Advanced panel:
Backup Preference: Enter the number of minutes for the ServerIron to wait before
assuming the active role.
Failover Delay Time: Enter the number of seconds for the ServerIron to wait before
beginning the failover check.
Track Active VIP Count: Select this check box to include an active VIP count in a failover
decision.
Track Virtual Port Count: Select this check box to include a virtual port count in a failover
decision.
Track Trunk Port Count: Select this check box to include a router port count in a failover
decision.
Backup Timer: Enter a value between 5 and 100 in units of 100 milliseconds to set the
timer. The default value is 10.
Backup Group: Enter the backup group value.

5. Click Apply. The message The operation was successful is displayed.

Symmetric Active-Standby service is an active-standby VIP. Both ServerIrons handle traffic, but the active VIP handles the Layer 4 to Layer 7 and the standby VIP serves only as a standby. Each ServerIron is the active ServerIron for a specific set of VIPs, while the other ServerIron is the backup for the same set of VIPs.
NOTE
Symmetric Active-Standby mode is supported in both switch code and router code. Use of router code is highly recommended.
88
To configure the Symmetric Active-Standby mode on a ServerIron, follow these steps. 1. Click System on the context bar and select High Availability. 2. Click the Configuration tab. 3. Click the Symmetric Active-Active / Symmetric Active-Standby down arrow to display the parameters to be configured.
4. Symmetric Active-Standby configuration is a six step process in which step 2 to step 6 are optional. 5. For Step 1: Assign Sym-Priority & Enable Session Synchronization, enter the information for the following fields:
89
Sym Priority: Enter the priority value for the ServerIron. The range is 0 through 225. Dyn Sym Pri Factor (optional): Specify the value for the dynamic priority. Session Sync: Click the image button under this column to enable session synchronization
for a specific port. If a port profile is not available, a new port profile will be created. 6. For Step 2: (Optional) Enable Symmetric Active-Active HA, by default Disable is selected. Select Enable if you want to enable Symmetric Active-Active HA mode. 7. For Step 3: (Optional) Define Synchronization (Symmetric) Port, enter the following information:
Select Sync VLAN from the list or click Create VLAN to create one. To create a VLAN, see
Configuring VLANs on page 79.
Select the port from the Sync Port list.

8. For Step 5: (Optional) Create VIP group & associate with VRRP / VRRPE, select New from the list to create a VIP group.
Enter the information in the following fields:
VIP Group ID: Enter the VIP group ID. Member VIPs: Click Add to include an available VIP as a member of this group. Click
Remove to remove an added VIP.
Select Interface: Select the required interface from the list. Associate VRRE-E VRID: Enter the VRRE-E VRID.
90
Configuring Symmetric Active-Active mode
9. For Step 6: (Optional) Advanced Settings, enter the following information:
Symmetric PDU Rate

In the Discover Multiplier field, enter the multiplier for the SSLB send and wait interval. You can specify a multiplier from 1 through 60. The default is 1. In the Wait Time Multiplier field, enter how many multiples of the wait interval the ServerIron will wait for an SSLB discovery packet. You can specify a multiplier from 1 through 60. The default is 20.
Delay Symmetric: Select the Enable check box and enter the minutes you want the
recovered ServerIron to wait before becoming active again.
Group ID: Enter the group ID.

10. Click Apply. The message The operation was successful is displayed.

In Symmetric Active-Active mode, both the ServerIrons handle traffic (active-active), and both ServerIrons are active for the same VIP on both ServerIrons.
NOTE
Symmetric Active-Active mode is supported in both switch code and router code. Use of router code is highly recommended. To configure Symmetric Active-Active mode on a ServerIron follow these steps. 1. Click System on the context bar and select High Availability. 2. Click the Configuration tab. 3. Click the Symmetric Active-Active / Symmetric Active-Standby down arrow. The window displays the configuration details in a step-by-step process.
91
4. For Step 1: Assign Sym-Priority & Enable Session Synchronization, enter the information for the following fields:
Sym Priority: Enter the priority value for the ServerIron. The range is 0 through 225. Dyn Sym Pri Factor (optional): Specify the value for the dynamic priority.
92
Displaying High Availability summary
Session Sync: Click the image button under this column to enable session synchronization
for a specific port. If a port profile is not available, a new port profile will be created. 5. For Step 2: (Optional) Enable Symmetric Active-Active HA, click Enable. 6. For Step 4: (Optional) Define Active-Active Port, enter the following information:
Select a VLAN from the Sync VLAN list or click Create VLAN to create one. To create a
VLAN, see Configuring VLANs on page 79.
Select the required port from the Active-Active Port list.

7. Optionally, configure other parameters. The message The operation was successful is displayed. 8. Click Apply.
NOTE
You can only enable one of the three HA modes on ServerIron.

You can view the details of the following options from the Summary tab:
Hot Standby summary Symmetric Active-Standby and Symmetric Active-Active summary
Hot Standby summary

To view the Hot Standby summary, follow these steps. 1. Click System on the context bar and select High Availability. 2. Click the Summary tab. 3. Click the Hot Standby down arrow to display the configuration details for the Hot Standby mode configured on a ServerIron.
93
If this mode is configured for switch code, then the details will appear as shown in the following image.
NOTE
This mode is not applicable for router code and thus the message Hot Standby High Availability mode is not enabled will be displayed.
Symmetric Active-Standby and Symmetric Active-Active summary

To view the Symmetric Active-Standby and Symmetric Active-Active summary, follow these steps. 1. Click System on the context bar and select High Availability. 2. Click the Summary tab. 3. Click the Symmetric Active-Standby / Active-Active down arrow to display the configuration details for the Symmetric Active-Standby and Symmetric Active-Active modes configured on a ServerIron.
94
The Summary window is displayed.
95
96
Chapter
SSL Acceleration and Certificate Management
In this chapter
Generating an SSL key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Uploading an existing SSL Key to ServerIron. . . . . . . . . . . . . . . . . . . . . . . . 101 Generating a self-signed certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Generating a certificate signing request . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Uploading certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Creating an SSL profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Defining SSL accelerated services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Displaying SSL summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Generating an SSL key

The SSL Traffic Management selection on the context bar allows you to manage SSL certificates, SSL keys, SSL profiles, and to configure SSL acceleration for service VIPs. To generate a Secure Sockets Layer (SSL) key, follow these steps. 1. Click Security on the context bar and select SSL Traffic Management.
97
The SSL traffic management window is displayed.
2. Click the SSL Keys tab.
98
3. Click the down arrow next to Key Generation on ServerIron to display the parameters for generating an SSL key.
Key File Name: Enter the key name. Encryption Algorithm: Select RSA. Key Length: Select the key length from the list. The default is 1024.
99
Encryption Password: Enter the password.

5. Click Generate. If the key is generated successfully, the message The operation was successful is displayed at the top of the page and the SSL key is displayed in the Summary tab.
The Summary tab lists the SSL keys available in the ServerIron. When the key entries exceed 20, page mode is automatically displayed. You can navigate through the pages by clicking Next Page and Previous Page, or you can use the Go To list. You can search for a particular key or keys by entering the string in the Search Keys field in one of the following ways:
* -- Enter to display all keys. *<string>* -- Enter to search keys that contain <string>. <string>* -- Enter to search keys that start with <string>. *<string> -- Enter to search keys that end with <string>.
After entering the <string>, click Find to display the keys.
100
Uploading an existing SSL Key to ServerIron
The following actions can be performed on the keys:
Click Delete to delete a key. Click Details to view the contents of the key. Click Download to save the key. The key is displayed in a separate window. You can then save
the key to a file on your local drive.
Uploading an existing SSL Key to ServerIron

To upload an existing SSL key to ServerIron, follow these steps. 1. Click Security on the context bar and select SSL Traffic Management. 2. Click the SSL Keys tab.
3. Under Key Upload to ServerIron, enter the following information:
Key Format: Select the key format from the list. The default is PEM. Encryption Password: (Optional) Enter the password if the key is encrypted; otherwise
leave this field blank.
101
Generating a self-signed certificate
Save As File Name: (Optional) Enter the file name if you want to save the key file on the
ServerIron with a different name. If this field is left blank, the key file is saved with the same name.
Select Local Key File: Click Browse to find the key file in the local directory.
4. Click Upload. If the key is uploaded successfully, the message The operation was successful is displayed at the top of the page. The newly uploaded key is listed in the Summary tab.

To generate a self-signed certificate, follow these steps. 1. Click Security on the context bar and select SSL Traffic Management. 2. Click the Certificates tab.
102
3. Click the down arrow next to Self-Signed Certificate Generation.
Certificate File Name: Enter the certificate name. Select Key File: You can select the previously generated or uploaded SSL key file in two
ways.

The Select Key File list displays the first 20 entries. To view other entries, use the arrow keys. Select the key you want and it will appear in the Search Key File field. Enter the string in the Select Key File field in one of the following ways and then click Find.
*<string>* <string>* *<string> Enter to search keys that contain <string> Enter to search keys that start with <string> Enter to search keys that end with <string>
The keys are displayed in the Select Key File list. Select the key file you want.
Encryption Password: Enter the password. Organization: Enter the organization name. Domain Name: Enter the domain name. City: Enter the city name. State or Province: Enter the state name. Country: Enter the country name. Only two characters are allowed. Department: Enter the department name. Email: Enter the e-mail address.
103
5. Click Generate to generate the certificate. If the operation is successful, the message The operation was successful is displayed at the top of the page. The certificate will be listed in the Summary tab.
The Summary tab lists the generated SSL certificates available in the ServerIron. When the entries exceed 20, page mode is automatically displayed. You can navigate through the pages by clicking Next Page and Previous Page, or you can use the Go To list. You can search for a particular certificate or certificates by entering the string in the Search Certificates field in one of the following ways:
* -- Enter to display all certificates.
104
Generating a certificate signing request
*<string>* -- Enter to search certificates that contain <string>. <string>* -- Enter to search certificates that start with <string>. *<string> -- Enter to search certificates that end with <string>.
After entering the <string>, click Find to display the certificates. The following actions can be performed on the certificates:
Click Delete to delete the certificate. Click Details to view the contents of the certificate. Click Download to save the certificate. The certificate is displayed in a separate window. You
can then save the certificate to a file on your local drive.

To generate a request for a certificate that will be sent to a CA to be digitally signed, perform the following tasks. 1. Click Security in the context bar and select SSL Traffic Management. 2. Click the Certificates tab. 3. Click the down arrow next to Certificate Signing Request (CSR) Generation.
105
Select Key File: You can select the previously generated or uploaded SSL key file in two
ways.

The Select Key File list displays the first 20 entries. To view other entries, click the arrow keys. Select the key you want and it will appear in the Search Key File field. Enter the string in the Select Key File field in one of the following ways and then click Find.
*<string>* <string>* *<string> Enter to search keys that contain <string> Enter to search keys that start with <string> Enter to search keys that end with <string>
The keys are displayed in the Select Key File list. Select the key file you want.
Organization: Enter the organization name. Domain Name: Enter the domain name. City: Enter the city name. State or Province: Enter the state name. Country: Enter the country name. Only two characters are allowed. Department: Enter the department name.
106
Uploading certificates
Email: Enter the e-mail address.

5. Click Generate to generate the certificate signing request (CSR). If the operation is successful, the message The operation was successful is displayed at the top of the page. The certificate request is displayed in the field at the bottom of the page.
6. Copy the entire certificate request and save it to a file. 7. Send the certificate request to an authorized certificate signing agency. The agency will send you a signed certificate file that you must upload into ServerIron.
Uploading certificates
Once you receive an SSL certificate from the CA, upload it to the ServerIron by performing the following tasks. 1. Click Security in the context bar and select SSL Traffic Management. 2. Click the Certificates tab.
107
Creating an SSL profile
3. Click the down arrow next to Certificate Upload to ServerIron.
Certificate Format: Select PEM.

NOTE
If your certificate type is PKCS12, both the SSL key and certificate are included inside a single file. In this situation, you must upload the certificate and key file through the key upload procedure, which is under the SSL keys tab.
Save As File Name: (Optional) Enter a name for the certificate if you want to upload the
certificate on the ServerIron with a different name. If you leave this field blank, the certificate will be uploaded with the same name.
Chain CA Certificate: Select the check box to chain (append) the certificate you are
uploading to an existing certificate on the ServerIron.
NOTE
The title of the Select Server Certificate changes to Select CA Certificate when you select the Chain CA Certificate check box.
Select Server Certificate on ServerIron: Select the existing certificate on the ServerIron to
which you want to chain the selected CA certificate. The Select Server Certificate on ServerIron list displays the first 20 entries. You can use the arrow keys to view other sets of certificates.
Select Server Certificate or Select CA Certificate: Select the server certificate or CA

certificate from your local directory. 5. Click Upload. If the operation is successful, the message The operation was successful is displayed at the top of the page. The certificate is listed in the Summary tab.

To create an SSL profile, ensure that the SSL key and SSL certificate have been created or uploaded to the ServerIron. Follow the steps below to define an SSL profile.
108
1. Click Security in the context bar and select SSL Traffic Management. 2. Click the SSL Profiles tab.
Click New or select New from the list. SSL Profile Name: Enter the profile name. SSL Key: You can select the previously generated or uploaded SSL key file in two ways:

The SSL Key list displays the first 20 entries. To view other entries, use the arrow keys. Select the key you want and it will appear in the SSL Key field. Enter the string in the SSL Key field in one of the following ways and then click Find.
*<string>* <string>* *<string> Enter to search keys that contains <string> Enter to search keys that start with <string> Enter to search keys that end with <string>
The keys are displayed in the SSL Key list. Select the key file you want. If no key is available, click Create New Key to create a new key.
SSL Certificate: You can select the previously generated or uploaded SSL certificate in two
ways:
The SSL Certificate list displays the first 20 entries. To view other entries, use the arrow keys. Select the certificate you want and it will appear in the SSL Certificate field. Enter the string in the SSL Certificate field in one of the following ways and then click Find.
109
*<string>* <string>* *<string>
Enter to search certificates that contain <string> Enter to search certificates that start with <string> Enter to search certificates that end with <string>
The certificates are displayed in the SSL Certificate list. Select the certificate you want. If no certificate is available, click Create New Certificate to create a new certificate.
Check if Certificate is self-signed: Select the check box to check if the SSL certificate is a
self-signed certificate.
Certificate Chaining: Click Enable if the certificate in use is a chained certificate. Cipher Suites: Select the cipher suites you want from the left field and click the right arrow
to move them to the right field. 4. Click Apply to accept and create the SSL profile. 5. If you want to specify additional options under the SSL profile, click the down arrow next to Advanced Options to display these options.
110
SSL 2.0: Select Enable or Disable. The default is Disable. Verify Client Certificate: By default, client certificate verification is disabled. Select this
option if you want ServerIron to verify the connecting client. Select the appropriate option:

Per New Connection: Verify the client certificate with every new connection. Per SSL Handshake: Verify the client certificate with every SSL handshake. Accept Connection Only if Certificate is present: If selected, the ServerIron rejects any client connection if the client does not present a certificate for verification. If this option is not selected, then the ServerIron will verify the client certificate only if presented.
111
Select CA Certificates: This selection is applicable if ServerIron is configured in SSL proxy

mode, where it acts as an SSL client to a server-side SSL certificate. You can specify up to four CA certificates.
Enable CLOSE-NOTIFY Alert: Select to enable sending close notify alert. Enable SSL Session Cache: Select to enable SSL session cashing. By default, session
caching is turned off. Client Side: Select to enable session caching for the SSL client only. Server Side: Select to enable session caching for the SSL server only. Both Side: Select to enable session caching for the SSL client and the SSL server. Cache Timeout: Enter the cache timeout between 30 and 86400. Maximum Cache Entries: Enter the maximum number of cache entries. The default is 1024. Create / Edit TCP Profile: Select to create or edit the TCP profile.

Select the TCP profile you want to edit from the list or click New to create a new profile. Profile Name: Enter the profile name. Nagle Algorithm: Select On or Off. Delayed ACK Algorithm: Select On or Off. PUSH Bit: Select On or Off. Click Apply. The message The operation was successful is displayed. To delete a TCP profile, select the profile from the list and click Delete.
Associate TCP Profile: Select a TCP profile from the list.

7. Click Update. If the operation is successful, the message The operation was successful is displayed at the top of the page. The profile will be listed under the Summary table.
112
The Summary tab lists the SSL profiles available in the ServerIron. When the entries exceed 20, page mode is automatically displayed. You can navigate through the pages by clicking Next Page and Previous Page, or you can use the Go To list. You can search for a particular profile by entering the string in the Search Profiles field in one of the following ways:
* -- Enter to display all profiles. *<string>* -- Enter to search profiles that contain <string>. <string>* -- Enter to search profiles that start with <string>. *<string> -- Enter to search profiles that end with <string>.
After entering the <string>, click Find to display the profiles. You can click Edit to modify the profile. You can also delete the profile by clicking Delete. However, you cannot delete a profile if it is in use.
113
Defining SSL accelerated services

Before enabling SSL acceleration, make sure the following have been created:
Virtual server: Refer to Creating a virtual server on page 37. Virtual server port: Refer to Creating a virtual server port on page 38. SSL (TCP) profile: Refer to Creating an SSL profile on page 108.
1. Click Security in the context bar and select SSL Traffic Management. 2. Click the SSL Services tab.
Virtual Server: Select a virtual server from the list or click Create Virtual Server to create
one.
Virtual Server Port: Select a virtual server port from the list or click Add Virtual Server Port
to create one.
SSL Mode: Select Terminate or Proxy. SSL Client Communication: Select the SSL profile from the Server Profile list or click
Create SSL Profile to create one. The list displays the first 20 profiles. Use the arrow keys to view other sets of profiles.
114
Real Server Communication: (Plain-Text): If SSL Terminate mode is enabled, select a

profile from the TCP Profile list or click Create TCP Profile to create a new one. The list displays the first 20 profiles. Use the arrow keys to view other sets of profiles.
Real Server Communication: (Cipher-Text): If SSL Proxy mode is enabled, select a profile
from the Client Profile list or click Create SSL Profile to create one. The list displays the first 20 profiles. Use the arrow keys to view other sets of profiles. 4. Click Apply to enable SSL acceleration for a service (VIP). 5. If real servers (member servers) are already bound to VIPs, then those members are shown under the member servers summary table. If none are bound, then you can bind them or create new ones and bind them under Member Servers. Click the down arrow next to Member Servers.
Real Server: Select a real server from the list or click Create Real Server to create one. Real Server Port: Select a real server port from the list or click Add Real Server Port to
create one.
Real Port: (Optional) Specify the real port.

7. Click Add to bind the selected real server to an SSL accelerated virtual server. The summary table shows the real server member that is bound to a virtual server.
115
Displaying SSL summary

You can display details of SSL keys, SSL certificates, and SSL services from the Summary tab or from the tab where they are configured. From the Summary tab, click SSL Keys, SSL Services, or SSL Certificate.
116
Depending on which option you selected, the entries are displayed. When the entries exceed 20, page mode is automatically displayed. You can navigate through the pages by clicking Next Page and Previous Page, or you can use the Go To list. You can search for a particular virtual server by entering the string in the Search Virtual Servers field in one of the following ways:
* -- Enter to display all profiles. *<string>* -- Enter to search profiles that contain <string>. <string>* -- Enter to search profiles that start with <string>. *<string> -- Enter to search profiles that end with <string>.
You can view and download the SSL keys and SSL certificates from ServerIron. For example, if you selected SSL Certificates, the Certificate Name field is displayed with a list of the certificates that have been created in the ServerIron. When you click View, the details for the selected certificate are displayed, as in the following example.
Click Download for the selected entry to save the certificate to a file on your local drive. Likewise, you can download the SSL keys by clicking SSL Keys under the Summary tab.
117
118
Chapter
Configuring Layer 7 Switching
10
In this chapter
Creating a Layer 7 Switching Rule (Request). . . . . . . . . . . . . . . . . . . . . . . . 119 Creating a Layer 7 Request Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Enabling Layer 7 Switching (HTTP Requests) . . . . . . . . . . . . . . . . . . . . . . . 123 Displaying Layer 7 Summary (HTTP Requests) . . . . . . . . . . . . . . . . . . . . . . 124 Creating Layer 7 Rules for HTTP Response . . . . . . . . . . . . . . . . . . . . . . . . . 124 Creating Layer 7 Policies for HTTP Responses . . . . . . . . . . . . . . . . . . . . . . 125 Enabling Layer 7 Switching for HTTP Responses . . . . . . . . . . . . . . . . . . . . 128 Displaying Layer 7 Summary of Response Rules, Policies, and associated virtual servers
129
Using the L7 Switching Request Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Creating a Layer 7 Switching Rule (Request)

1. Click L7 Traffic Management on the context bar and select L7 Switching (Request). The L7 Switching (Request) window is displayed.
2. Click the Req. Rule tab.
119
10
3. Select New from the list. 4. Provide the following information:
Name: Enter a name for the rule. Type: Select the type of rule from the list.
The appropriate parameters are displayed depending on what Type you selected. Fill in the values for the parameters displayed.
Case Insensitive: Select this check box if you want the rule to be case insensitive.
5. Click Apply. The rule is listed in the Rule Summary table. You can click Edit to modify the rule or select it from the list at the top of the page, next to New. You can also delete the rule from the Rule Summary table. However, you cannot edit or delete rules if they are in use.
Click the arrow next to rule name in Rule Summary table to display its details.
120
10
Creating a nested rule

The following steps describe how to create a nested rule. 1. Click the down arrow next to Nested Rules to display the parameters for nested rules.
2. Enter the Name for the nested rule. 3. Identify individual rules and select the appropriate operator (AND, OR) from the list. You can use the NOT operator by placing a check mark in the NOT box. ServerIron starts generating an expression for the Nested Rule, which will be visible in grey color in the Input Expression field. 4. To add brackets to an expression, select the option for the Input Expression field and build your own custom expression. 5. Click Apply when you have finished. The nested rule is created and is listed in the Rule Summary table.
121
10
Creating a Layer 7 Request Policy
Creating a Layer 7 Request Policy

1. With the L7 Switching (Request) selected from L7 Traffic Management, click the Req. Policy tab.
2. Select New from the list. 3. Enter the name of the Layer 7 policy in the Name field. 4. Click Add. The fields to define the policy are displayed.
5. Select a rule from the Rule list. If a rule is not created already, then you can define one by clicking Create New Rule.
122
Enabling Layer 7 Switching (HTTP Requests)
10
6. Select an action from the Action list. Depending on the selected Action, the display changes and the system asks for additional information. 7. Provide the required additional information and click Add Rule to Policy. 8. Repeat step 4 to step 7 if you wish to add more rules to this policy. You can also add a default rule to the policy. The rule is listed in the policy table. You can delete a rule from the policy table by clicking Del. You can also click the down arrows to display details for a rule.
Enabling Layer 7 Switching (HTTP Requests)

1. Click L7 Traffic Management on the context bar and select L7 Switching (Request). 2. Click the L7 Switching tab.
3. Select a virtual server from the Virtual Server list or click Create Virtual Server to create one. 4. Select a virtual port from the Virtual Port list or click Add Virtual Port to create one. 5. Select Enable to enable Layer 7 switching under the selected VIP and VIP port; select Disable to disable Layer 7 switching. 6. Select a request policy from the Request Policy list or click Create New Policy to create one. 7. Click Apply.
123
10
Displaying Layer 7 Summary (HTTP Requests)
Displaying Layer 7 Summary (HTTP Requests)

To display a summary of L7 request rules, policies and switching definitions, click the Summary tab on L7 Switching (Request).
Click Request Rules to display summary of Layer 7 rules for HTTP requests. Click the down arrow next to the rule name to display details for that rule. Rules that are not in use can be modified or deleted. Click Request Policies to display a summary Layer 7 policies for HTTP requests. Click the down arrow next to the policy name to display its details. You can edit or delete polices from the summary. Click L7 Switching to display the summary of VIPs that are enabled with Layer 7 switching for HTTP requests. Click the down arrow next to the policy name to view its details. You can also click Edit to modify the policy or Unbind to remove the policy from the virtual server. For example, the following shows a summary of the Layer 7 rules for HTTP requests.
Creating Layer 7 Rules for HTTP Response

1. Click L7 Traffic Management on the context bar and select L7 Switching (Response). 2. Click the Resp. Rule tab.
124
Creating Layer 7 Policies for HTTP Responses
10
3. Click New from the list. 4. Provide the following information:
Name: Name of the response rule. Type: Select the type of the response rule: response status code, response header, or
response body from the list. The display changes depending on the selected rule type. Fill in the requested data. 5. Click Apply. The new rule is listed in the Rule Summary table. You can edit or delete rules.

1. Click L7 Traffic Management on the context bar and select L7 Switching (Response). 2. Click the Resp. Policy tab.
3. Select New from the list. 4. Enter the name of the Layer 7 policy for HTTP response in the Name field. 5. Click Add.
125
10
There are two types of Layer 7 HTTP response policies - HTTP header rewrite and HTTP body rewrite:
For HTTP header rewrite policy, click the down arrow next to Response Rewrite on HTTP
Header and configure as described in Configuring Response Rewrite on HTTP Header on page 126.
For HTTP body rewrite policy, click the down arrow next to Response Rewrite on HTTP Body
and configure as described in Configuring Response Rewrite on HTTP Body on page 127.
Configuring Response Rewrite on HTTP Header

Layer 7 policy creation for HTTP header rewrite is a two-step process. In the first step, select the Layer 7 response rule that identifies the status code in the response packets on which the Layer 7 response policy should act upon. In the second step, select the rule and action for the header rewrite. 1. For Step 1 under the Response Rewrite on HTTP Header, select the HTTP Response Status Code Rule that identifies the response packets on which Layer 7 policy should act upon. If the rule is not present, then click Create New Rule to create a new rule. 2. Click Add to add the rule.
126
10
3. For Step 2 under the Response Rewrite on HTTP Header, select a rule from the HTTP Response Header Name & String Rule list that identifies an HTTP response header name and the string that needs to be rewritten. If the rule is not present, then click the Create New Rule to create a new one. 4. Enter the New String Value. The Offset and Length parameters are automatically filled in. 5. Click Add Rules to Policy. The new Layer 7 Response Policy is added to the Policy table. You can click Del to delete a rules from inside the policy.
Configuring Response Rewrite on HTTP Body

1. To create HTTP body rewrite policy then click the down arrow next to Response Rewrite on HTTP Body and follow the steps below. Layer 7 policy creation for HTTP body rewrite is a two-step process. In the first step, select the Layer 7 request rule that identifies the flow with the response that needs Layer 7 rewrite. In the second step, select the rule and action for the body rewrite.
2. For Step 1 under the Response Rewrite on HTTP Body, select the HTTP Request Rule with the response packet that needs to be acted upon or select HTTP Response Rule to identify if the response packet needs to be acted upon. If rule is not present, then click Create New Rule to create a new rule. 3. For Step 2 under Response Rewrite on HTTP Body, select the HTTP Response Body String Rule. If the rule is not present, then click Create New Rule to create a new rule. 4. After selecting the rule, its old value is displayed. If necessary, enter the new value for any of the fields displayed. 5. Click Add Rules to Policy.
127
10
Enabling Layer 7 Switching for HTTP Responses
The new Layer 7 Response Policy is added to the Policy table. You can click Del to delete a rule from inside the policy.
Enabling Layer 7 Switching for HTTP Responses

Before enabling Layer 7 Switching for HTTP Responses, you need to define the following in the ServerIron:
Virtual server Virtual server port Layer 7 response policy

If these objects are not defined, then links are provided from the Layer 7 Switching tab to create new ones. To enable Layer 7 switching for HTTP responses, perform the following steps. 1. Click L7 Traffic Management on the context bar and select L7 Switching (Response). The Layer 7 Switching (Response) window is displayed.
2. Click the L7 Switching tab.
128
Displaying Layer 7 Summary of Response Rules, Policies, and associated virtual servers
10
Virtual Server: Select the virtual server for which you wish to enable Layer 7 switching from
the Virtual Server list. If none exists, then click Create Virtual Server to create one.
Virtual Port: Select a port from the Virtual Port list or click Add Virtual Port to create one. Response Policy: Select a response policy from the Response Policy list or click Create
New Policy to create one. 4. Click Apply.
Displaying Layer 7 Summary of Response Rules, Policies, and associated virtual servers
You can display summaries of Layer 7 rules, response policies, and associated virtual servers from the Summary tab. Select L7 Switching (Response) and click the Summary tab.
Click Response Rules to display the summary of response rules. Click the down arrow next to the rule name to display details for that rule. Rules that are not in use can be modified or deleted. Click Response Policies to display a summary of a response policy. Click the down arrow next to the policy name to display its details. Click Edit if you wish to make changes, or Delete to delete the policy. Click L7 Switching to display virtual servers that have Layer 7 response policies associated with them. Click the down arrow next to the policy name to view its details. You can also click Edit to modify the policy or Unbind to remove the policy from the virtual server.
129
10
Using the L7 Switching Request Wizard
For example, the following shows a summary for Response Rules.
You can click the down arrow to the right of Name to display details for a rule.
NOTE
A rule in use cannot be edited or deleted.

The Layer 7 Switching Wizard page provides simple, step-by-step instructions for creating a sample Layer 7 switching configuration. You can choose from one of the predesigned sample scenarios and the GUI will navigate you through rule creation, policy creation, and policy association pages.
Launching the Wizard

To launch the Wizard, do the following. 1. Click L7 Switching (Request) to display the configuration tabs. 2. Click the Wizard tab. 3. When the start page for the Wizard displays, select a scenario from the Select Scenario list and click Start.
130
10
4. The Wizard guides you through the steps for creating a Layer 7 switching configuration.
Wizard 1: Traffic Forwarding based on URL prefix

The following steps describe how to configure Traffic Forwarding Based on a URL Prefix by following these steps. Step 1: Creating a rule In this step, the rule is named and the Type, Operator, and Value are defined. Step 2: Creating a policy In this step, the policy is named and defined. Step 3: Enabling Layer 7 switching In this step, the Virtual Server and Virtual Port are enabled for Layer 7 Switching and the Layer 7 Policy is applied.
131
10
Step 1: Creating a rule

Selecting the Traffic Forwarding based on URL Prefix scenario displays the Create Rule page as shown in the following.
1. Enter a name for the rule in the Name field. The type and the operator with this rule would be URL and Prefix respectively. Select Case Insensitive if case sensitivity is not required. 2. Click Create to create the rule. This rule will then be displayed under the Rule summary table. 3. Repeat step 1 and step 2 within this procedure if you wish to create additional rules. 4. Click >> to continue to the next step.
Step 2: Creating a policy

The second step is to create a policy for the rule. 1. On the Create Policy page, enter a name for the policy, select the rule to which the policy will be applied, select an action, and provide any information required for the policy. 2. Click Add Rule to Policy. The new policy is listed in the Policy Summary table.
132
10
3. Repeat step 1 and step 2 within this procedure if you wish to create additional rules. 4. Click >> to continue to the next step.
Step 3: Enabling Layer 7 Switching

The last step is to enable the rule. When the Enable Switching page is displayed, the virtual server to which the rule will be enabled, the virtual server port, and the selected request policy are displayed. 1. Select the Virtual Server and Virtual Port for which you want to enable Layer 7 switching. 2. Click Enable to enable the rule. 3. Select the L7 policy from Request Policy list. 4. Click Apply. The Layer 7 switching details are now displayed in the Summary table.
133
10
5. Click Finish to complete the procedure.
Wizard 2: Traffic Forwarding based on URL suffix

Traffic Forwarding based on URL suffix is configured using the same procedure as Traffic Forwarding based on URL prefix, as described in Wizard 1: Traffic Forwarding based on URL prefix on page 131.
134
Chapter
Maintenance
11
In this chapter
Software upgrade overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Software upgrade overview

You can upgrade the application images from a TFTP server that is connected to the ServerIron ADX. While upgrading the image, make sure that there are no power failures. To access the software upgrade window, click Maintenance on the context bar and select Software Upgrade.
135
11
You can perform the following actions using the software upgrade window:
Copy the system software Reboot the device
Copying system software

To copy system software from the TFTP server, follow these steps. 1. Click Maintenance on the context bar and select Software Upgrade. The copy window is displayed.
2. Enter the TFTP server IP address in the TFTP Server IP field. 3. Enter the image name in the Software Image Name field. 4. By default, the flash memory is set as Primary. Select Secondary to download the image to secondary memory. 5. Click Copy to start loading the software image. On successful completion, a status message is displayed, TFTP copy completed successfully. If an error occurs, an error message is displayed.
Rebooting the device

To reboot the device, follow these steps. 1. Click Maintenance on the context bar and select Software Upgrade. 2. Click Reboot. The reboot window is displayed.
136
11
3. The current configured boot location is displayed on the screen. You can change the current boot location by selecting Primary or Secondary. 4. By default, the system is configured to boot from the Primary memory. Select Secondary to configure the boot from the secondary memory. 5. Click Save and Reboot. On successful reboot, a status message is displayed, System reboot complete. Now the system is up. If any of the embedded system images such as boot image or other image files require update, an information message with further instructions to be performed using CLI are displayed on the screen as shown below.
137
11
You must perform the following procedure using the CLI. 1. Connect your system to the ServerIron console connector using the serial cable. 2. Press Enter to bring up the command line prompt.
ServerIronADX1000> ServerIronADX1000>enable ServerIronADX1000#
3. Enter boot upgrade flash primary/Secondary as specified in the Web GUI boot upgrade message.
ServerIronADX1000#boot upgrade flash primary
The system will start rebooting. Wait until the following prompt comes up.
MP-Appl#
4. Enter the upgrade all command.

MP-Appl# upgrade all
5. After the MP-Appl# prompt reappears, enter the reset command.

MP-Appl# reset
The boot code upgrading process is complete.
138
Chapter
Displaying Statistics
12
In this chapter
Statistics overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing system resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying traffic statistics for a real server . . . . . . . . . . . . . . . . . . . . . . . . Displaying statistics for a real server port . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying statistics for a virtual server . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying statistics for virtual server port . . . . . . . . . . . . . . . . . . . . . . . . . Displaying global traffic statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying interface statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Syslog entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
139 140 141 146 148 151 154 154 158
Statistics overview
The ServerIron GUI displays information about system CPU and memory resources; traffic statistics for real servers, virtual server and ports; details on system interfaces, ARP and MAC tables; and system resources. To view system statistics, click Overview on the context bar and select Statistics.
139
12
Viewing system resources
By default, real server statistics is displayed.
Viewing system resources

Information about the available system resources can be viewed from Dashboard on Overview or from the System Resources tab of the Statistics page. To view system resources from the Statistics page, click Overview on the context bar and select Statistics, then click the System Resources tab.
140
Displaying traffic statistics for a real server
12
The System Resources page displays CPU and memory utilization of the management processor (MP), and CPU and session utilization of barrel processors (BP).

To display traffic statistics for a real server, follow these steps. 1. Click the Traffic Statistics tab. By default, traffic statistics for the first real server is displayed. 2. Select the real server by using one of the following methods:
Select a real server from the list. Click the left or right arrow to the sides of the list.
141
12
3. You can select how often the display is refreshed by selecting a value from the Refresh Interval list on the Live Chart bar. The default refresh interval is 10 seconds and it can be adjusted from 5 seconds to 2 minutes. 4. By default, auto-refresh is enabled. You can stop auto-refresh by clicking Stop. Resume the refresh by clicking Start again, or start over by clicking Reset.
The top portion of the display shows a summary for the real server. The remainder of the page contains several charts that shows the statistical information for the real server:
Current Connection Rate on page 142 Current Connections on page 143 Connection Distribution among Application Ports on page 144 Total Accumulated Connections to Server on page 144 Total Accumulated Connections per Application Port on page 145 Received and Transmitted Packets among Application Ports on page 145
The charts show live client connections to the real servers and the number of packets that have been sent or received by the real server.
Current Connection Rate

The Current Connection Rate live chart shows the rate at which the current connections are made to a selected real server. The X-axis displays the time interval, based on your selection for Refresh Interval. For example, if you select 1-minute interval, one-minute increments are displayed on the X-axis. The Y-axis shows the connection rate.
142
12
Current Connections
The Current Connections live chart shows the current connections to a selected real server. The X-axis displays the time interval, based on your selection for Refresh Interval. For example, if you selected 1-minute intervals, one-minute increments are displayed on the X-axis. The Y-axis shows the number of connections.
143
12
Connection Distribution among Application Ports

The Connection Distribution among Application Ports chart shows the number of current connections for each application port and also displays the peak number of connections for each of these application ports.
.
Total Accumulated Connections to Server

The Total Accumulated Connections to Server chart shows the total number of connections that are serviced by a given real server over a period of time.
144
12
Total Accumulated Connections per Application Port

The Total Accumulated Connections per Port chart shows the total number of connections serviced by a given real server over a period of time for a given application port since the last time the statistics were cleared using the CLI.
Received and Transmitted Packets among Application Ports

The RX & TX Packets among Application Ports chart shows the number of packets received and transmitted by a real server for a given application port since the last time statistics were cleared using the CLI.
145
12
Displaying statistics for a real server port

1. Click the Traffic Statistics tab. 2. Click Real Port. 3. From the Real Server list, select a real server. Use one of the following methods:
Select a real server from the Real Server list. Click the left or right arrow to the sides of the Real Server list.
4. From the Real Port list, select a real port. Use one of the following methods:
Select a real port from the Real Port list. Click the left or right arrow to the sides of the Real Port list.
The table at the top of the page displays information about the selected real server port.
5. To view statistics on the Live Chart, select the refresh rate from the Refresh Interval list. 6. Click Start to start or resume the data display, Stop to stop it, or Reset to start over again. The following charts are displayed:
Current Connections on Ports on page 147 Total Accumulated Connections on Ports on page 147 Received and Transmitted Packets on Ports on page 148
146
12
Current Connections on Ports

The Current Connections on Port <port> chart shows the current connection count of a given port on a given real server.
Total Accumulated Connections on Ports

The Total Accumulated Connections on Port <port> chart shows the total number of connections serviced over a period of time by given a real server on a given application port.
147
12
Displaying statistics for a virtual server
Received and Transmitted Packets on Ports

The Rx and Tx Packets on Port <port> chart shows the total number of received and transmitted packets for a given port on a given real server.

1. Click the Traffic Statistics tab. 2. Click Virtual Server. 3. Select the virtual server by using one of the following methods:
Select a virtual server from the list. Click the left or right arrow to the sides of the list.
The top portion of the display shows a summary of the statistics for the virtual server.
148
12
4. You can select how often the display is refreshed by selecting a value from the Refresh Interval list on the Live Chart bar. 5. Click Start to begin or resume the statistics display. Click Stop to stop it or Reset to start over. The page displays the following charts:
Connection Distribution among Application Ports on page 149 Total Accumulated Connections to Server on page 150 Total Accumulated Connections per Port on page 150
Connection Distribution among Application Ports

The Connection Distribution among Application Ports chart shows the number of current connections to the virtual server for each application port at a given point of time.
149
12
Total Accumulated Connections to Server

The Total Accumulated Connections to Server chart shows the total number of connections that are serviced by the virtual server over a given period of time since the last reboot.
Total Accumulated Connections per Port

The Total Accumulated Connections per Port shows the total number of connections serviced by a given virtual server on a given application port over a period of time.
150
Displaying statistics for virtual server port
12

1. Click the Traffic Statistics tab. 2. Click the Virtual Port. 3. From the Virtual Server list, select a virtual server. Use one of the following methods:
Select a virtual server from the Virtual Server list. Click the left or right arrow to the sides of the Virtual Server list.
4. From the Virtual Port list, select a virtual port. Use one of the following methods:
Select a virtual port from the Virtual Port list. Click the left or right arrow to the sides of the Virtual Port list.
The top portion of the display shows the summary of statistics for the virtual server port.
5. You can select how often the display is refreshed by selecting a value from the Refresh Interval list on the Live Chart bar. 6. Click Start to start or resume the statistics display. Click Stop to stop it or Reset to start over. The page shows the following charts:
Current Connections on Ports on page 152 Current Connection Distribution among Real Servers on page 152 Total Accumulated Connections on page 153 Total Accumulated Connection Distribution among Real Servers on page 153
151
12
Current Connections on Ports

The Current Connections on Port <port> shows the number of current connections being serviced on a given virtual server at a given point of time.
Current Connection Distribution among Real Servers

The Current Connection Distribution among Real Servers shows the distribution of connections among backend real servers that are bound to a given virtual server on a given virtual port.
152
12
Total Accumulated Connections

The Total Accumulated Connections on Port <port> shows the total number of connections serviced on a given virtual port by a given virtual server over a period of time since the last system reboot.
Total Accumulated Connection Distribution among Real Servers

The Total Accumulated Connection Distribution Among Real Servers shows the distribution among real servers for the total number of connections that are serviced on a given virtual port by a given virtual server over a period of time since last system reboot. Each column or bar indicates the total number of connections serviced by the associated real server on it corresponding real port.
153
12
Displaying global traffic statistics
Displaying global traffic statistics

1. Click the Traffic Statistics tab. 2. Click Traffic. Global traffic statistics for the device are displayed.
Displaying interface statistics

To display statistics for an interface, perform the following steps.. 1. Click Overview on the context bar and select Statistics. 2. Click the Interface / IP tab. 3. Click I/F Summary to display a quick summary of all the interfaces on the ServerIron.
154
12
4. Click I/F Details to view more details for an interface. The Interface Details page provides data for the interface attributes, its utilization, and errors on the interface.
155
12
5. Click IP to display ICMP, IP, TCP, and UDP protocol statistics.
6. Click ARP to display the ARP Statistics and the entries in the ARP Cache. The ARP cache table shows IP to MAC address association.
I/F Summary, I/F Details and ARP also display the management port statistics.
NOTE
156
12
7.
Click MAC to display Layer 2 MAC table information. The MAC Address table shows the association between a MAC address and a system port.
157
12
Viewing Syslog entries
Viewing Syslog entries

Click the System Log tab to view the entries in the Syslog. The System Log page shows the date and time when the entry was generated, the severity of the entry, and the generated message.
158

Server Iron 1230 GUI

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Server Iron 1230 GUI

Uploaded by

Copyright:

Available Formats

53-1002074-01 25 March 2011

Brocade Communications Systems, Incorporated

About This Document

Getting Started with the GUI

ServerIron ADX Graphical User Interface Guide 53-1002074-01

Configuring a Real Server and a Real Server Port

Configuring a Virtual Server and a Virtual Server Port

ServerIron ADX Graphical User Interface Guide 53-1002074-01

Configuring Health Checks

Configuring Role Based Management

Configuring VLANs, ACLs, and Routes

ServerIron ADX Graphical User Interface Guide 53-1002074-01

Configuring High Availability

SSL Acceleration and Certificate Management

Configuring Layer 7 Switching

ServerIron ADX Graphical User Interface Guide 53-1002074-01

ServerIron ADX Graphical User Interface Guide 53-1002074-01

ServerIron ADX Graphical User Interface Guide 53-1002074-01

About This Document

Supported hardware and software

ServerIron ADX Graphical User Interface Guide 53-1002074-01

Identifies CLI output

Notes, cautions, and danger notices

Notice to the reader

ServerIron ADX Graphical User Interface Guide 53-1002074-01

Referenced Trademarks and Products

Getting technical help or reporting errors

ServerIron ADX Graphical User Interface Guide 53-1002074-01

ServerIron ADX Graphical User Interface Guide 53-1002074-01

Getting Started with the GUI

The ServerIron ADX GUI

ServerIron ADX Graphical User Interface Guide 53-1002074-01

The ServerIron ADX GUI

ServerIron web interface home page

ServerIron ADX Graphical User Interface Guide 53-1002074-01

Accessing the GUI through HTTP

Accessing the GUI through HTTP

Step 1: Connecting to the switch

Step 2a: Logging in with switch code

2. Assign an IPv4 address and default gateway.

Or assign an IPv6 address and default gateway.

Step 2b: Logging in with router code

ServerIron ADX Graphical User Interface Guide 53-1002074-01

Accessing the GUI through HTTP

1. Enable configuration mode.

3. Assign an IPv4 address.

Or assign an IPv6 address.

4. Configure an IPv4 default route.

Or configure an IPv6 default route.

Step 3: Connecting ServerIron to the network

Step 4: Opening a browser (Internet Explorer or Firefox)

2. Press Enter. The Login window displays.

ServerIron ADX Graphical User Interface Guide 53-1002074-01

Accessing the GUI through HTTP

3. Click HTTP. The User name and Password window displays.

4. Enter the user name and password and click OK.

ServerIron ADX Graphical User Interface Guide 53-1002074-01

Accessing the GUI through HTTPS

The home page for the ServerIron web interface is displayed.

Accessing the GUI through HTTPS

Step 1: Connecting to the switch

Step 2 : Logging commands

ServerIron ADX Graphical User Interface Guide 53-1002074-01