Alteon

34.x

Alteon Level 1
Lab Manual
High Availability
Table of Contents
Objectives .................................................................................................................................. 3

Overview .................................................................................................................................... 3

Lab Configuration Details – Alteon HA ................................................................................... 4

Lab Preparations: ................................................................................................................................ 5
Lab Activities ....................................................................................................................................... 5

Verify and Configure Setup on Active (Device A) ................................................................... 5

Configure Setup on Backup (Device B) ................................................................................... 7

Configure Synchronization on Active (Device A) and setup HA ........................................... 9

Validate your Configuration ................................................................................................... 11

Check - Test ...................................................................................................................................... 11
On current Master we can simulate a port outage. Disable physical port 1. ....................................... 11
After successful testing of High Availability (HA) is complete, ............................................................ 11
Export each configuration file to use as backup. ................................................................................ 11

Alteon Level 1 Lab Manual 2

Objectives
After viewing the High Availability eLearning module and completing this lab, you should be able to:
Configure Active and Backup Alteon devices for High Availability failover.

Overview
In this lab you will set up a redundant network for high availability (HA).
The single-switch configuration is enhanced by a second switch to provide High Availability (HA) based on
enhanced configuration on Alteon OS v30.2 (or higher). The legacy-mode high availability (VRRP) is coverd in
Alteon Level 2 training. For more information on HA, refer to Alteon Application Guide.

You'll configure HA for active Alteon (Active = A) and backup Alteon (Backup = B) devices.
High availability is maintained as follows: if the active device fails and no longer passes
traffic, the backup device takes over. This minimizes downtime on a critical network.

For technical support, ask your local trainer or email to [email protected]

Alteon Level 1 Lab Manual 3

Lab Configuration Details – Alteon HA

Alteon Remote Lab Overview

Alteon Configuration Information

Management: Internet
Alteon-A: 10.10.240.11
Alteon-B: 10.10.240.12
Netmask: 255.255.248.0 SSL-VPN
Gateway: 10.10.240.254 Remote
Desktop
External Network Client
Port / If: 1
VLAN: 11
Alteon-A: 192.168.175.11
Alteon-B: 192.168.175.12 10.249.1.0 /24
Netmask: 255.255.255.0 RDP-Network
Gateway 1: 192.168.175.254
Floating IP: 192.168.175.1

Server Network 10.10.240.0 /21

Port / If: 2 Management-Network
VLAN: 14
Alteon-A: 10.200.1.11
Alteon-B: 10.200.1.12 10.10.240.15
Netmask: 255.255.255.0
Floating IP: 10.200.1.254
Proxy IP: 10.200.1.15 192.168.175.0 /24
External-Network

MNG 1

2
10.200.1.0 /24
Server Network

WebServer1 WebServer2
10.200.1.100 10.200.1.200

Alteon Level 1 Lab Manual 4

Lab Preparations:
Before you begin this lab:
1. Review Lab Configuration Details - Alteon HA (lab layout on the previous page).
For convenience, print the topology.
2. Verify that configuration of management port IP is correct.

Lab Activities
Here is a summary of the activities you'll perform in this High Availability Lab:
• Verify and configure (active) Alteon A:
o Verify Switching & Configure Routing Basic Setup
o Add interface peer IPs
• Configure (backup) Alteon B:
o Verify Management IP on Device B
o Configure Switching & Routing Minimal Setup
• Configure High Availability on A
o Enable HA Switch Mode
o Select advertisement interfaces
o (Opt) Configure Session Mirroring
o (Opt) Configure Failover Trigger
• Configure Synchronization for A to B

Verify and Configure Setup on Active (Device A)

1. Connect to Alteon Active Device A
The following 5 steps are the basic setup you configured in the SWITCHING &
ROUTING STANDARD SETUP -- Standard Layer 2 and Layer 3 setup.
These were performed for Device A.

2. Verify the creation of two VLANs on Active Alteon (Device A); add ports.

Verify L2 VLANs

Physical Port VLAN ID

1 11

2 14

3. Verify that the Spanning Tree Group (STG) is turned off.

4. Configure Layer 3 (L3) IP interfaces. Configure interface Peer IP addresses additionally.

Configure Layer 3 IPs = Alteon A

IF ID IP Address Mask Peer IP VLAN ID

1 192.168.175.11 255.255.255.0 192.168.175.12 11

2 10.200.1.11 255.255.255.0 10.200.1.12 14

Alteon Level 1 Lab Manual 5

 GUI:
Configuration → Network → Layer 2 → VLAN
a. Verify VLANs.
Configuration → Network → Layer 2 → Spanning Tree → Spanning Tree Group
a. Verify Spanning Tree Group 1.
Configuration → Network → Layer 3 → IP Interfaces
Double click on each interface and add peer IP address.

5. Verify default gateway 192.168.175.254

GUI:
b. Configuration → Network → Layer 3 → Gateways
c. Double click on gateway 1 to verify.

6. Check configuration.

CLI:
cc

GUI:
Click “Dump”

7. Test device connectivity.

Ping Default Gateway IP address. Ping Server(s) IP address(es).
If all Pings fail, reboot your Alteon device.

Alteon Level 1 Lab Manual 6

Configure Setup on Backup (Device B)
1. Connect to Alteon-B Device.
2. L2 VLAN and System configuration can’t synchronize. Therefore, you need configure these parameters.
3. Disable VLANs 1-6 and STG 1.
4. Configure Layer 2 (L2), create same two VLANs and add ports as for first Alteon done.
5. Add one interface config for configuration synchronization
6. Add configuration synchronization peer and parameter.
7. These steps are very similar to configuration of Alteon-A. Therefore, we skip details for configuration.

1. Customize the prompt for your Alteon.

Go to Configuration → System → SNMP System Name: Alteon-B
Go to Configuration → System → Management Access → Management Protocols → CLI Prompt:
Hostname

2. Lengthen Alteon idle timeout to 9999 minutes so the device does not idle out.
Go to Configuration → System → Management Access

3. Set service access

By default, all services except Network-HSM using data port stack for communication. We change use
management port stack.
Go to Configuration → System → Management Access → Management Traffic Routing

4. Set time sync by NTP.

Set primary NTP to IP address 10.10.240.254, time zone none and offset to +00:00 and turn it on and
check setup.
Go to Configuration → System → Time and Date

5. Set Domain Name Server Primary IP Address to 10.10.240.254.

Go to Configuration → System → DNS Client

6. Set Syslog Server Host 1 IP Address to 10.10.240.1.

Go to Configuration → System → Logging and Alerts

7. Set VLAN 11 to port 1 and VLAN 14 to port 2, disable all other VLANs
Go to Configuration → Network → Layer 2 → VLAN

8. Turn off Spanning Tree Group (STG).

Go to Configuration -> Network -> Layer 2 -> Spanning Tree -> Spanning Tree Group

9. Define Layer 3 (L3) IP interfaces. For sync we use the Server Network.
IF ID 2, IP Address 10.200.1.12 /24, VLAN 14 and Peer IP 10.200.1.11
Local Go to Configuration → Network → Layer 3 → IP Interfaces
Apply changes

Alteon Level 1 Lab Manual 7

 10. Setup Configuration Sync.
For communication set Peer IP 10.200.1.11
Go to Configuration → Network → High Availability → Configuration Sync
a. Select Peers and press + button.
b. Enable Peers
c. Peer ID set 1
d. IP Address 10.200.1.11
e. Submit changes
f. Select Modules to Sync
g. Remove all and add selection for IP Interfaces, Port, Gateways, PIP, Certificates
h. Certificate and Authentication passphrase we set to radware1 Use in real world use a stronger
password.
i. Submit and Apply changes

IMPORTANT: Do not sync at this time.

11. Verify configuration of both Alteon.

For communication

GUI:

Click “Dump”

Connect by SSH or console

cc or /cfg/dump command

12. Test device connectivity.

Ping opposite Server Net IP interface of Alteon-A, and both Server IP addresses.

Configure High Availability on Device A & B

IMPORTANT: In this lab, we will synchronize HA configuration from Device A to Device B
-- as a result, we configure HA on Device A and set on Alteon-B only required communication parameters.

Alteon Level 1 Lab Manual 8

Configure Synchronization on Active (Device A) and setup HA
IMPORTANT: In this lab, we will synch these HA configuration steps from Device A to Device B
-- as a result, we only configured HA on Device A.
Ensure connection to Active A.
You may still be connected.
Define Peer IP address for Active A

a. Use Peer ID = 1
b. Use Peer IP address = 10.200.1.12
IP Address is for the peer Alteon. Only data ports --not management IP -- are valid for sync.
Any interface IP would work BUT of Radware Lab, use the IP address for IF 2 from Backup B.

GUI:
1. Setup Configuration Sync.
For communication set Peer IP 10.200.1.12
Go to Configuration → Network → High Availability → Configuration Sync
a. Select Peers and press + button.
b. Enable Peers
c. Peer ID set 1
d. IP Address 10.200.1.12

e. Submit changes
f. Select Modules to Sync
g. Remove all and add selection for IP Interfaces, Port, Gateways, PIP, Certificates
h. Certifcate and Authentication passphrase we set to radware1 In real world use a stronger
password.
i. Submit, Apply and Save changes

Click Sync button on top. After a couple of seconds check on Alteon-B the interface and default gateway
configuration. Is now interface 1 and 2 as well gw1 available? Config at Alteon-B is applied and saved by
synchronization.
If you like sync config by only applying a new config turn on automatic sync at Modules to Sync menu.
We recommend doing it.
Alteon-A: Configuration → Network → High Availability → Configuration Sync
a. Select Modules to Sync
b. Check Automatic Sync
c. Click Submit and Apply and Save

2. Test device connectivity.

Ping both opposite IP interface of each Alteon, Default Gateway and both Server IP addresses.

Alteon Level 1 Lab Manual 9

HA Pre-Step: Assign Floating IPs
A floating IP address is a virtual IP address that is identical for both devices in the HA
pair. It must be on the same subnet as the interface and must be different from any other defined
IP.
Assign a floating IP address for each interface on Device A; Device B will receive this IP via configuration
synchronization which we already configured in this lab.

Configure Floating IP for each interface

Interface ID Floating IP Address

1 192.168.175.1

2 10.200.1.254

GUI:

a. Configuration → Network → High Availability → Floating IP

b. Click + [to add new Floating IP]
c. Check Enable Floating IP
d. Enter ID, Floating IP, and IP Interface
e. Click Submit

HA: Enable HA Mode – Device A

1. Enable High Availability: Switch Mode.

GUI:

a. Configuration → Network → High Availability

b. Select High Availability Mode: Switch HA
c. Keep all other parameters like On Failure at default values.

2. Assign Advertisement interfaces.

GUI:

a. In Advertisement Interfaces tab:

b. Select Interfaces 1 and 2 and click > to add to Selected

3. Configure Stateful Failover (optional)

a. Click on Stateful Failover tab
b. Select Unicast Session Mirroring (select 1 as primary and 2 as secondary interface), Persistent
Sessions, Dynamic Data Store, or TLS Session Ticket Encryption Key (radware1 as passphrase).
c. Click Submit, Apply and Save Apply is slow down since we need to sync config with Alteon-B.

Alteon Level 1 Lab Manual 10

Validate your Configuration
Check - Test
a. Status is visible in window top left using access by any browser. HA-Status Master | Backup
b. Status is visible top left > More using access by Cyber Controller. HA-Status Active | Backup
c. Monitoring -> Network -> High Availability -> State

Validate your synchronization on Device A as well on Device B.

d. Test the configuration.

e. Start a continuous ping from VPN RDP machine. ping 192.168.175.1 -t.
f. At current Master Alteon click on Backup to switch manually HA master.
g. Monitoring → Network → High Availability
h. Click on Backup

Continuous ping on RDP client fails for 1 or 2 requests and is continued on new master again.

On current Master we can simulate a port outage. Disable physical port 1.

a. Configuration → Network → Physical Ports → Port Settings
b. Double click port 1 set status to Disable for Enable Port .

Continuous ping on RDP client fails for 1 or 2 requests and is continued on new master again.

c. Enable this port again.

After successful testing of High Availability (HA) is complete,

a. Save configuration
b. At Remote Client computer use the Ctrl+C keys to stop the continuous ping.

Export each configuration file to use as backup.

Name files: ALTEON-A_BACKUP_HA and ALTEON-B_BACKUP_HA . At Cyber Controller is this config
available as ALTEON-A_BACKUP_HA and ALTEON-A_BACKUP_HA and Alteon-B_Minimum-
Configuration.

Alteon Level 1 Lab Manual 11

 For questions, contact [email protected]

© 2024 Radware Ltd. All rights reserved. The Radware products and solutions mentioned in this document
are protected by trademarks, patents and pending patent applications of Radware in the U.S. and other
countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and
names are property of their respective owners.

Alteon Level 1 Lab Manual 12