Configuring VLAN Interfaces on top of a Bond Interface on Uplink Ports

This section shows how to configure VLAN Interfaces on top of a Bond Interface that is configured on Uplink Ports.

Procedure

Add the required VLAN tags and assign the Uplink ports to the applicable Security Group

You can perform this step in either Gaia Portal, or Gaia Clish of the Quantum Maestro Orchestrator.

In Gaia Portal

Step	Instructions
1	Connect with a web browser to the Gaia Portal on one of the Quantum Maestro Orchestrators.
2	Add VLAN tags on the applicable Uplink Ports. See Adding VLAN Interfaces on Uplink Ports.
3	Assign the applicable Uplink ports with VLAN tags to the applicable Security Group. See Assigning Interfaces to a Security Group.
4	In the bottom left corner, click Apply.

In Gaia Clish

Step	Instructions
1	Connect to the command line on one of the Quantum Maestro Orchestrators.
2	Log in to the Gaia Clish.
3	Add VLAN tags on the applicable Uplink Ports. See Adding VLAN Interfaces on Uplink Ports.
4	Assign the applicable Uplink ports to the applicable Security Group. See Assigning One Interface to a Security Group.
5	Verify the new configuration. See Verifying the Configuration Changes.
6	Apply the new configuration. See Applying the Configuration Changes.

Configure the Bond interface and VLAN interfaces on the Bond interface in the Security Group

You can perform this step in either Gaia Portal, or Gaia gClish of the Security Group.

In Gaia Portal

Step

Instructions

Connect with a web browser to the Gaia Portal of the Security Group.

Configure the Bond interface on top of the Uplink ports.

Add the same VLAN interfaces on the Bond interface, which you added in the Quantum Maestro Orchestrator.

In Gateway mode only:

Assign the IP addresses to these VLAN interfaces.

Important - In VSX mode, you must assign the IP addresses in SmartConsole in the VSX Gateway object or applicable Virtual System object.

In Gaia gClish

Step

Instructions

Connect to the command line of the Security Group.

Go to the Gaia gClish:

gclish

Configure the Bond interface on top of the Uplink ports.

Add the same VLAN interfaces on the Bond interface, which you added in the Quantum Maestro Orchestrator.

In Gateway mode only:

Assign the IP addresses to these VLAN interfaces.

Important - In VSX mode, you must assign the IP addresses in SmartConsole in the VSX Gateway object or applicable Virtual System object.

For more information, see the R80.20SP Quantum Maestro Gaia Administration Guide.

Configure the Security Gateway or VSX Gateway object in SmartConsole

If you already created a Security Gateway object for this Security Group:

Step	Instructions
1	Connect with SmartConsole to the Management Server.
2	From the left navigation panel, click Gateways & Servers.
3	Open the applicable Security Gateway object.
4	From the left tree, click Network Management.
5	Click Get Interfaces > Get Interfaces Without Topology.
6	Click OK.
7	Install the Access Control Policy on this Security Gateway object.

If you already created a VSX Gateway object for this Security Group:

Note - For more information, see the R80.20SP Quantum Maestro VSX Administration Guide.

Step

Instructions

Connect with SmartConsole to the Management Server.

From the left navigation panel, click Gateways & Servers.

Open the applicable VSX Gateway object.

From the left tree, click Physical Interfaces.

Click Add.

Add the new Bond interface.

Important - Enter the same name (case sensitive) you see in the Gaia settings of this Security Group.

In the VLAN Trunk column, check the box for this Bond interface.

Click OK.

Install the Access Control Policy on this VSX Gateway object.

Configure the VLAN interfaces in the applicable Virtual System.

Install the Access Control Policy on the applicable Virtual System object.

Example

This example is based on the default configuration of MHO-170:

Explanations

Item

Description

Network 1 in VLAN 10 connected to ports on the Networking Device (3).

Network 2 in VLAN 20 connected to ports on the Networking Device (3).

Networking Device (router or switch) that connects your Network 1 and Network 2 to the Quantum Maestro Orchestrators (10 and 12) with Bond interfaces (Link Aggregation).

Bond interface that connects Network 1 to the Quantum Maestro Orchestrators (10 and 12).

This Bond interface provides a redundant Uplink connection for the traffic inspected by the Security Appliances (26 and 24) in the applicable Security Group (25).

Bond interface that connects Network 2 to the Quantum Maestro Orchestrators (10 and 12).

This Bond interface provides a redundant Uplink connection for the traffic inspected by the Security Appliances (23 and 21) in the applicable Security Group (22).

A DAC cable, Fiber cable (with transceivers), or Breakout cable that connects a first slave of the first Bond (4) on the Networking Device (3) to the first Quantum Maestro Orchestrator (10).

This cable connects to the Uplink port 3 (interface eth1-05), which must be configured with the VLAN tag 10.

A DAC cable, Fiber cable (with transceivers), or Breakout cable that connects a second slave of the first Bond (4) on the Networking Device (3) to the first Quantum Maestro Orchestrator (12).

This cable connects to the Uplink port 3 (interface eth2-05), which must be configured with the VLAN tag 10.

A DAC cable, Fiber cable (with transceivers), or Breakout cable that connects a first slave of the second Bond (5) on the Networking Device (3) to the second Quantum Maestro Orchestrator (10).

This cable connects to the Uplink port 9 (interface eth1-17), which must be configured with the VLAN tag 20.

A DAC cable, Fiber cable (with transceivers), or Breakout cable that connects a second slave of the second Bond (5) on the Networking Device (3) to the second Quantum Maestro Orchestrator (12).

This cable connects to the Uplink port 9 (interface eth2-17), which must be configured with the VLAN tag 20.

First Quantum Maestro Orchestrator.

A DAC that connects the dedicated Synchronization ports 32 on the Quantum Maestro Orchestrators (10 and 12).

Important - This connection is only used to synchronize the configuration of Security Groups between the Quantum Maestro Orchestrators.

Second Quantum Maestro Orchestrator.

13-20

DAC cables, Fiber cables (with transceivers), or Breakout cables that connect Downlink ports on Quantum Maestro Orchestrators to the Security Appliances.

21-23

All Security Appliances assigned to the Security Group 2.

24-26

All Security Appliances assigned to the Security Group 1.

Example procedure

Step	Instructions
1	Configure the required settings on one of the Quantum Maestro Orchestrators: Connect to one of the Quantum Maestro Orchestrators. Add VLAN tag 10 to the Port 1/3/1 (interface `eth1-05`). Add VLAN tag 10 to the Port 2/3/1 (interface `eth2-05`). Add VLAN tag 20 to the Port 1/9/1 (interface `eth1-17`). Add VLAN tag 20 to the Port 2/9/1 (interface `eth2-17`). Assign the Port 1/3/1 with VLAN tag 10 (interface `eth1-05.10`) to the Security Group 1. Assign the Port 2/3/1 with VLAN tag 10 (interface `eth2-05.10`) to the Security Group 1. Assign the Port 1/9/1 with VLAN tag 20 (interface `eth1-17.20`) to the Security Group 2. Assign the Port 2/9/1 with VLAN tag 20 (interface `eth1-17.20`) to the Security Group 2. Apply the configuration.
2	Configure the required settings in the Security Group 1: Connect to the Gaia of the Security Group 1. Configure a new interface Bond1 on top of the interfaces `eth1-05` and `eth2-05`. Add the VLAN tag 10 on top of the new interface Bond1 (`bond1.10`).
3	Configure the required settings in the Security Group 2: Connect to the Gaia of the Security Group 2. Configure a new interface Bond1 on top of the interfaces `eth1-17` and `eth2-17`. Add the VLAN tag 20 on top of the new interface Bond1 (`bond1.20`).
4	In SmartConsole, add the new interface (`bond1.XX`) to the Security Group object.