Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
How to configure an ACL for Inter-GSS communication?
This document provides a sample ACL (access control list) configuration, for GSS appliance, to allow inter-GSS communication within a cluster.
The packet filtering tools on the GSS instruct each device to permit or refuse specific packets based on a combination of criteria.Access lists are collections of filtering rules that you create using the access-list CLI command. The GSS examines each packet to determine whether to forward or drop the packet based on the criteria specified within the access lists. When the GSS decides whether to forward or block a packet, it tests the packet against each criteria statement in the order that the statements were created. After a match is found, the GSS does not check any additional criteria statements.
GSS appliances in a cluster use following TCP ports for Inter-GSS communication:
200, 2001-2005 and 3002-3008.
Each GSS appliance in a cluster can be configured with an ACL that would allow only these appliances to communicate with each other by blocking rest of the traffic on an inside ethernet interface of an appliance.
Consider an example where there are two GSS appliances in a cluster. Both appliances communicate with each other over ethernet interface eth0.
Primary GSSM eth0 interface is configured with IP address 10.10.10.1.
Standby GSSM eth0 interface is configured with IP address 10.10.10.2.
Given that, you can configure following access control lists (ACLs) to allow Inter-GSS communication over ethernet interface eth0.
Note: Additional entries can be added to these ACLs to accommodate some other type of traffic such as telnet or SSH access to GSS.
Primary GSSM (IP address for interface eth0 10.10.10.1) :