Modifying Host and Network Integration Settings
  
Modifying Host and Network Integration Settings
This chapter describes how to modify host and network integration settings. It includes these sections:
•  Configuring host settings
•  Configuring the base interface
•  Configuring in-path interfaces
•  Configuring VLAN segregation
Note: This chapter assumes that you have installed and performed the initial configuration of the SteelHead Interceptor. For details, see the SteelHead Interceptor Installation Guide.
Configuring host settings
You can view and modify general host settings in the Host Settings page.
When you initially run the installation wizard, you set required network host settings for the SteelHead Interceptor. You can configure or modify these settings:
•  Name - Modify the hostname only if your deployment requires it.
•  DNS Settings - We recommend that you use DNS resolution.
•  Hosts - If you do not use DNS resolution, or if the host does not have a DNS entry, you can add hosts to the system.
•  Web/FTP Proxy - Configure proxy addresses for web or FTP proxy access to the SteelHead Interceptor.
To view general host settings
•  Choose Networking > Networking: Host Settings to display the Host Settings page.
Figure: Host Settings page
To change the hostname
1. Choose Networking > Networking: Host Settings to display the Host Settings page.
2. Under Name, modify the hostname, if necessary.
3. Click Apply to apply the settings to the current configuration.
4. Click Save to save your settings permanently.
To specify DNS settings
1. Choose Networking > Networking: Host Settings to display the Host Settings page.
Figure: Host Settings page
2. Under DNS Settings, complete the configuration as described in this table.
Control
Description
Primary DNS Server
Specify the IP address for the primary name server.
Secondary DNS Server
Optionally, specify the IP address for the secondary name server.
Tertiary DNS Server
Optionally, specify the IP address for the tertiary name server.
DNS Domain List
Specify an ordered list of domain names.
If you specify domains, the system automatically finds the appropriate domain for each of the hosts that you specify in the system.
3. Click Apply to apply the settings to the current configuration.
4. Click Save to save your settings permanently.
To add a new host
1. Choose Networking > Networking: Host Settings to display the Host Settings page.
Figure: Host Settings page
2. Under Hosts, complete the configuration as described in this table.
Control
Description
Add a New Host
Displays the controls for adding a new host.
IP Address
Specify the IP address for the host.
Hostname
Specify a hostname.
Add
Adds the host.
Remove Selected
Select the check box next to the name, and then click Remove Selected.
3. Click Apply to apply the settings to the current configuration.
4. Click Save to save your settings permanently.
To add a web/FTP proxy
1. Choose Networking > Networking: Host Settings to display the Host Settings page.
2. Under Configure How this Appliance Connects to the Network, complete the configuration as described in this table.
Control
Description
Enable Web Proxy
Select the check box to enable the web proxy.
Web/FTP Proxy
Specify the IP address for the web/FTP proxy.
Port
Specify the port for the web/FTP proxy.
Enable Authentication
Optionally, select this feature to enable authentication. Specify these settings to authenticate the users:
•  User Name - Specify a username.
•  Password - Specify a password.
•  Authentication Type- Select an authentication method from the drop-down list:
–  Basic - Authenticates user credentials by requesting a valid username and password. This is the default setting.
–  NTLM - Authenticates user credentials based on an authentication challenge and response
–  Digest - Provides the same functionality as basic authentication; however, digest authentication improves security because the system sends the user credentials across the network as a Message Digest 5 (MD5) hash.
3. Click Apply to apply the settings to the current configuration.
4. Click Save to save your settings permanently.
Configuring the base interface
You can view and modify settings for the base interface (both the primary and auxiliary) in the Base Interfaces page.
On the appliance, the primary interface is the port you connect to the LAN switch. The primary interface is the appliance management interface. You connect to the primary interface to use the web browser or the CLI.
To configure base interface settings
1. Choose Networking > Networking: Base Interfaces to display the Base Interfaces page.
Figure: Base Interfaces page
2. Under Primary Interface, complete the configuration as described in this table.
Control
Description
Enable Primary Interface
Select the check box to enable the primary interface.
Obtain IPv4 Address Automatically
Select this option to automatically obtain the IPv4 address from a DHCP server. A DHCP server must be available so that the system can request the IP address from it.
Optionally, select Enable IPv4 Dynamic DNS to include the appliance hostname with the DHCP request.
Note: The primary and in-path interfaces can share the same subnet. The primary and auxiliary interfaces cannot share the same network subnet.
Specify IPv4 Address Manually
Select this option if you do not use a DHCP server to set the IP address. Specify these settings:
•  IPv4 Address - Specify an IP address.
•  IPv4 Subnet Mask - Specify a subnet mask.
•  Default IPv4 Gateway - Specify the primary gateway IP address. The primary gateway must be in the same network as the primary interface. You must set the primary gateway for in-path configurations.
Obtain IPv6 Address Automatically
Select this option to automatically obtain the IPv6 address from a DHCP server. A DHCP server must be available so that the system can request the IP address from it.
Optionally, select Enable IPv6 Dynamic DNS to include the appliance hostname with the DHCP request.
Note: The primary and in-path interfaces can share the same subnet. The primary and auxiliary interfaces cannot share the same network subnet.
Specify IPv6 Address Manually
Select this option and specify the settings below to set an IPv6 address. You can set multiple IPv6 addresses for the primary interface.
•  IPv6 Auto-Assigned - Displays the link-local address that is automatically generated when IPv6 is enabled on the base interfaces.
•  IPv6 Address - Specify an IPv6 address and an IPv6 prefix.
•  For the IPv6 address, use this format: eight 16‑bit hexadecimal strings separated by colons, 128-bits. For example:
2001:38dc:0052:0000:0000:e9a4:00c5:6282
You do not need to include leading zeros. For example:
2001:38dc:52:0:0:e9a4:c5:6282
You can replace consecutive zero strings with double colons (::). For example:
2001:38dc:52::e9a4:c5:6282
•  For the IPv6 prefix, use this format: a number from 0 to 128, separated from the IPv6 address by a forward slash (/). In this example, 60 is the prefix:
2001:38dc:52::e9a4:c5:6282/60
Note: Use the IPv6 Address field to modify or delete the IPv6 address. Enter the new information (or delete the information displayed), and click Apply.
•  Add New IPv6 Address - Specify new IPv6 addresses to be added to the interface. Use the same formats as specified for the IPv6 Address field above.
Important: The Add New IPv6 Address field lets you add more than one IPv6 address and prefix to your interface. However, if you later select Obtain IPv6 Automatically and click Apply, all of the new IPv6 address you added manually will be deleted.
•  IPv6 Gateway - Specify the default gateway IP address. The gateway must be in the same network as the primary interface.
Note: You can set an IPv6 address dynamically using a DHCP server.
Speed
Select a speed from the drop-down list. The default value is Auto.
Duplex
Select a choice from the drop-down list. The default value is Auto.
If your network routers or switches do not automatically negotiate the speed and duplex, be sure to set them manually.
The speed and duplex must match (LAN and WAN) in an in-path configuration. If they do not match, you might have a large number of errors on the interface when it is in bypass mode, because the switch and the router are not set with the same duplex settings.
MTU
Specify the MTU value. The MTU is the largest physical packet size, measured in bytes, that a network can send. The default value is 1500.
To configure auxiliary interface settings
1. Choose Networking > Networking: Base Interfaces to display the Base Interfaces page.
2. Scroll to the Auxiliary Interface section of the Base Interfaces page.
Figure: Auxiliary interface settings
3. Under Auxiliary Interface, complete the configuration as described in this table.
Control
Description
Enable Aux Interface
Enables an auxiliary interface.
Obtain IPv4 Address Automatically
Select this option to set the appliance to automatically obtain the IP address.
Optionally, select Enable IPv4 Dynamic DNS to include the appliance hostname with the DHCP request.
The current IPv4 address and IPv4 subnet mask are displayed.
Caution: The primary and auxiliary interfaces cannot share the same network subnet. The auxiliary and in-path interfaces cannot share the same subnet. You cannot use the auxiliary port for out-of-path SteelHead Interceptors.
Specify IPv4 Address Manually
Specify these settings:
•  IPv4 Address - Specify an IP address.
•  IPv4 Subnet Mask - Specify a subnet mask.
Select this option if you do not use a DHCP server to set the IP address.
Obtain IPv6 Address Automatically
Select this option to automatically obtain the IPv6 address from a DHCP server. A DHCP server must be available so that the system can request the IP address from it.
Optionally, select Enable IPv6 Dynamic DNS to include the appliance hostname with the DHCP request.
Note: The primary and in-path interfaces can share the same subnet. The primary and auxiliary interfaces cannot share the same network subnet.
Specify IPv6 Address Manually
Specify these settings:
•  IPv6 Auto-Assigned - Displays the automatic IP address automatically assigned.
•  Add New IPv6 Address - Specify new IPv6 addresses to be added to the interface.
•  For the IPv6 address, use this format: eight 16‑bit hexadecimal strings separated by colons, 128-bits. For example:
2001:38dc:0052:0000:0000:e9a4:00c5:6282
You do not need to include leading zeros. For example:
2001:38dc:52:0:0:e9a4:c5:6282
You can replace consecutive zero strings with double colons (::). For example:
2001:38dc:52::e9a4:c5:6282
•  For the IPv6 prefix, use this format: a number from 0 to 128, separated from the IPv6 address by a forward slash (/). In this example, 60 is the prefix:
2001:38dc:52::e9a4:c5:6282/60
Important: The Add New IPv6 Address field lets you add more than one IPv6 address and prefix to your interface. However, if you later select Obtain IPv6 Automatically and click Apply, all of the new IPv6 address you added manually will be deleted.
Speed
Select the speed from the drop-down list. The default value is Auto.
Duplex
Select a choice from the drop-down list. The default value is Auto.
If your network routers or switches do not automatically negotiate the speed and duplex, be sure to set them on the device manually.
The speed and duplex must match (LAN and WAN) in an in-path configuration. To avoid a speed and duplex mismatch, configure your LAN external pair to match the WAN external pair.
MTU
Specify the MTU value. The MTU is the largest physical packet size, measured in bytes, that a network can send. The default value is 1500.
4. Click Apply to apply the settings to the current configuration.
5. Click Save to save your changes permanently.
6. Under Main IPv4 Routing Table, you can configure a static routing for out-of-path deployments or if your device management network requires static routes, as described in this table.
Control
Description
Add a New Route
Displays the controls for adding a new route.
Destination IPv4 Address
Specify the destination IPv4 address for the out-of-path appliance or network management device.
IPv4 Subnet Mask
Specify the IPv4 subnet mask.
Gateway IPv4 Address
Specify the IPv4 address for the gateway.
Interface
Select the interface for routing from the drop-down list.
Add
Adds the route to the table list.
Remove Selected
Select the check box next to the name and click Remove Selected.
7. Under Main IPv6 Routing Table, you can configure a static routing for out-of-path deployments or if your device management network requires static routes, as described in this table.
Control
Description
Add a New Route
Displays the controls for adding a new route.
Destination IPv6 Address
Specify the destination IPv6 address for the out-of-path appliance or network management device.
IPv6 Prefix
Specify the prefix.
Gateway IPv6 Address
Specify the IPv6 address for the gateway.
Interface
Select the interface for routing from the drop-down list.
Add
Adds the route to the table list.
Remove Selected
Select the check box next to the name and click Remove Selected.
8. Click Save to save your changes permanently.
Configuring in-path interfaces
You can configure in-path interfaces in the In-Path Interfaces page.
This section includes these topics:
•  Unique IP addresses for in-path interfaces
•  Configuring in-path interfaces in standard mode
•  Configuring in-path interfaces in VLAN segregation mode
•  Avoiding speed and duplex mismatches
Unique IP addresses for in-path interfaces
IP addresses assigned to in-path interfaces (such as inpath0_0) or VLAN in-path interfaces (such as inpath0_0.1) must be unique across the configuration mode in use (standard mode or VLAN segregation mode).
If you need to reuse an IP address assigned to an in-path interface for use on a VLAN in-path interface, you need to remove the IP address from the in-path interface. To remove the IP address from the in-path interface, use the CLI. Using the Management Console to remove or edit the IP address has these constraints based on mode:
•  In VLAN segregation mode, you cannot edit the in-path interface or delete the IP address of a VLAN interface.
•  In standard mode, you cannot delete the IP address of the in-path interface.
Configuring in-path interfaces in standard mode
You can view and modify settings for the appliance in-path interfaces in the In-Path Interfaces page.
You configure in-path interfaces for deployments where the SteelHead Interceptor is in the direct path between the client and the server in your network.
Note: You must select an enabled in-path interface for Interceptor-to-Interceptor communication. This requirement applies whether the appliance is deployed as a failover Interceptor or a cluster Interceptor, or if the appliance is deployed as a single SteelHead Interceptor that does not communicate with other SteelHead Interceptors. For more information, see Configuring Interceptor-to-Interceptor communication.
To modify in-path interfaces in standard mode
1. Choose Networking > Networking: In-Path Interfaces to display the In-Path Interfaces page.
Figure: In-Path Interfaces page
 
2. To enable link state propagation (LSP), under In-Path Settings, select the Enable Link State Propagation check box.
With LSP enabled, if the LAN interface drops the link, the WAN also drops the link. LSP is enabled by default. If you require a SteelHead Interceptor to bypass traffic (fail-to-wire) when the LAN or WAN ports become disconnected, enable this feature. This feature is similar to what ISPs do to follow the state of a link.
3. Under In-Path Interface Settings, select the interface name and complete the configuration as described in this table.
Control
Description
IPv4 Address
Specify an IP address. This IP address is the in-path main interface.
IPv4 Subnet Mask
Specify the subnet mask.
IPv4 Gateway
Specify the IP address for the in-path gateway. If you have a router (or a Layer-3 switch) on the LAN side of your network, specify this device as the in-path gateway.
Note: If there is a routed network on the LAN-side of the in-path appliance, the router that is the default gateway for the appliance must not have the ACL configured to drop packets from the remote hosts as its source. The in-path appliance uses IP masquerading to appear as the remote server.
Enable IPv6
Select this check box to assign an IPv6 address. IPv6 addresses are disabled by default. You can only assign one IPv6 address per in-path interface.
Note: The primary and in-path interfaces can share the same subnet. The primary and auxiliary interfaces can’t share the same network subnet.
IPv6 Address
Specify a global or site-local IPv6 address. This IP address is the in-path main interface. You can’t use a DHCP server to assign an IPv6 address automatically.
IPv6 Prefix
Specify the prefix. The prefix length is 0 to 128 bits, separated from the address by a forward slash (/). In this example, 60 is the prefix:
2001:38dc:52::e9a4:c5:6282/60
IPv6 Gateway
Specify the IPv6 address for the in-path gateway. You can use a link local address. If you have a router (or a Layer-3 switch) on the LAN side of your network, specify this device as the in-path gateway.
Note: If there’s a routed network on the LAN-side of the in-path appliance, the router that is the default gateway for the appliance must not have the ACL configured to drop packets from the remote hosts as its source. The in-path appliance uses IP masquerading to appear as the remote server.
Enable Bypass
Select this option to enable bypass on this interface.
Caution: By enabling bypass, you disable load balancing on this interface.
LAN Speed and Duplex
WAN Speed and Duplex
Specify these settings for the LAN and WAN ports:
•  Speed - Select a speed from the drop-down list. The default value is Auto.
•  Duplex - Select a choice from the drop-down list. The default value is Auto.
If your network routers or switches do not automatically negotiate the speed and duplex, be sure to set them on the device manually.
The speed and duplex must match (LAN and WAN) in an in-path configuration. To avoid a speed and duplex mismatch, configure your LAN external pair to match the WAN external pair.
To avoid speed and duplex mismatches, see Avoiding speed and duplex mismatches.
MTU
Specify the MTU value. The MTU is the largest physical packet size, measured in bytes, that a network can send. Applies to optimized traffic only. The default value is 1500.
VLAN Tag ID
Specify a numeric VLAN Tag ID. When you specify the VLAN Tag ID for the maintenance intermediate point (MIP ) interface, all packets originating from the SteelHead Interceptor are tagged with that identification number. Specify the VLAN tag that the appliance uses to communicate with other SteelHead Interceptors in your network. The VLAN Tag ID might be the same value or a different value than the VLAN tag used on the client. A zero (0) value specifies nontagged (or native VLAN) and is the correct setting if there are no VLANs present.
For example, if the in-path interface is 192.168.1.1 in VLAN 200, you would specify tag 200.
Note: When the SteelHead Interceptor communicates with a client or a server, it uses the same VLAN tag as the client or the server. If the SteelHead Interceptor cannot determine which VLAN the client or server is in, it uses its own VLAN until it is able to determine that information.
You must also define in-path rules to apply to your VLANs.
Failure Condition
Select the failure condition from the drop-down list:
•  Block - Enables fail-to-block mode. A failed SteelHead Interceptor blocks any network traffic on its path, as opposed to passing it through.
•  Bypass - Enables fail-to-wire mode. A failed SteelHead Interceptor passes through network traffic.
The default value is Bypass.
The SteelHead Interceptor supports the same concepts of fail-to-block and fail-to-wire as the SteelHead. In physical in-path deployments, the SteelHead Interceptor LAN and WAN ports that traffic flows through are internally connected by circuitry that can take special action in the event of a disk failure, a software crash, a runaway software process, or even loss of power to the SteelHead Interceptor. If a serious failure occurs on the SteelHead Interceptor, the appliance either passes traffic through (for fail-to-wire mode) or prevents traffic from passing (for fail-to-block mode).
Note: In a parallel configuration, fail-to-block mode should be enabled to force all traffic through a cluster SteelHead Interceptor, thereby enabling optimization to continue.
Note: In a serial, quad, or octal configuration, fail-to-wire mode should be enabled to pass all traffic through to the cluster or failover SteelHead Interceptor, thereby enabling optimization to continue.
Apply
Click to apply your changes to the running configuration.
After you apply your settings, you can verify whether changes have had the desired effect by reviewing related reports. When you have verified appropriate changes, you can write the active configuration that is stored in memory to the active configuration file, or save it as a file. For details about saving configurations, see Managing configuration files.
4. Under IPv4 Routing Table, you can configure routes with IPv4 addresses as described in this table.
Control
Description
Add a New Route
Displays the controls for adding a new route.
Destination IP Address
Specify the destination IPv4 address for the out-of-path appliance or network management device.
Subnet Mask
Specify the IPv4 subnet mask.
Gateway IP Address
Specify the IPv4 address for the gateway.
Add
Adds the route to the table list.
Remove Selected
Select the check box next to the name and click Remove Selected.
5. Under IPv6 Routing Table, you can configure routes with IPv6 addresses as described in this table.
Control
Description
Add a New Route
Displays the controls for adding a new route.
Destination IPv6 Address
Specify the destination IPv6 address for the out-of-path appliance or network management device.
IPv6 Prefix
Specify the prefix.
Gateway IPv6 Address
Specify the IPv6 address for the gateway.
Add
Adds the route to the table list.
Remove Selected
Select the check box next to the name and click Remove Selected.
6. Click Save to save your changes permanently.
Configuring in-path interfaces in VLAN segregation mode
When a SteelHead Interceptor is in VLAN segregation mode, in-path interfaces have both global settings and instance-specific settings. Global settings apply to all the in-path interfaces on the SteelHead Interceptor, and instance-specific settings apply only to a single instance.
•  Global settings include whether link state propagation is enabled, whether the in-path interface is active or in bypass mode, LAN speed and WAN speed, and the failure condition (that is, whether a failed SteelHead Interceptor passes through network traffic or blocks it).
•  Instance-specific settings include IP addresses, the MTU value, and routing table settings.
Note: MTU is also a global setting. If you change the MTU value of a VLAN in-path interface, the system propagates the value to the in-path interface and to the physical LAN/WAN interfaces. The system calculates the MTU from the maximum MTU of all the VLAN in-path interfaces (inpathx_y.v) for that in-path interface (inpathx_y).
To modify in-path interfaces in VLAN segregation mode
1. Choose Networking > Networking: In-Path Interfaces to display the In-Path Interfaces page.
Figure: In-Path Interfaces page in VLAN segregation mode
2. To enable Link State Propagation, under In-Path Settings, select the Enable Link State Propagation check box.
Enables link state propagation (LSP). With LSP enabled, if the LAN interface drops the link, the WAN also drops the link. LSP is enabled by default.
If you need a SteelHead Interceptor to fail-to-wire (bypass) when the LAN or WAN ports become disconnected, enable this feature. This feature is similar to what ISPs do to follow the state of a link.
3. Under In-Path Interface Settings, select the interface name and complete the configuration as described in this table.
Control
Description
Enable Bypass
Select this option to enable bypass on this interface.
Caution: By enabling bypass, you disable load balancing on this interface.
LAN Speed and Duplex
WAN Speed and Duplex
Specify these settings for the LAN and WAN ports:
•  Speed - Select a speed from the drop-down list. The default value is Auto.
•  Duplex - Select a choice from the drop-down list. The default value is Auto.
If your network routers or switches don’t automatically negotiate the speed and duplex, be sure to set them on the device manually.
The speed and duplex must match (LAN and WAN) in an in-path configuration. To avoid a speed and duplex mismatch, configure your LAN external pair to match the WAN external pair.
To avoid speed and duplex mismatches, see Avoiding speed and duplex mismatches.
Failure Condition
Select the failure condition from the drop-down list:
•  Bypass - Enables fail-to-wire mode. A failed SteelHead Interceptor passes through network traffic.
•  Block - Enables fail-to-block mode. A failed SteelHead Interceptor blocks any network traffic on its path, as opposed to passing it through.
The default value is Bypass.
The SteelHead Interceptor supports the same concepts of fail-to-block and fail-to-wire as the SteelHead. In physical in-path deployments, the SteelHead Interceptor LAN and WAN ports that traffic flows through are internally connected by circuitry that can take special action in the event of a disk failure, a software crash, a runaway software process, or even loss of power to the SteelHead Interceptor. If a serious failure occurs on the SteelHead Interceptor, the appliance either passes traffic through (for fail-to-wire mode) or prevents traffic from passing (for fail-to-block mode).
Note: In a parallel configuration, fail-to-block mode should be enabled to force all traffic through a cluster SteelHead Interceptor, thereby enabling optimization to continue.
Note: In a serial, quad, or octal configuration, fail-to-wire mode should be enabled to pass all traffic through to the cluster or failover SteelHead Interceptor, thereby enabling optimization to continue.
4. Click Apply to apply your changes to the running configuration.
5. Click Save to save your settings permanently.
To modify the instance-specific configuration settings
1. Click the instance name in the Dashboard page, or choose Networking > Networking: VLAN Segregation, and click Configure in the row for the desired instance to go to the instance dashboard.
2. On the instance configuration navigation bar of the instance dashboard, click VLAN Interfaces in the Networking section to display the VLAN Interfaces page.
3. Under VLAN Interfaces, click the VLAN tag you want to view.
4. Click the in-path interface you want to configure.
The in-path interface is identified by the slot and interface number and appended with the VLAN ID.
Figure: VLAN Interfaces page
5. Under In-path Interface Settings, select the interface name and complete the configuration as described in this table.
Control
Description
Enable for Load Balancing
Select this option to enable load balancing on this interface. Conversely, if this check box is selected, clear it to disable load balancing on this interface.
If selected, specify these settings:
•  IPv4 Address - Specify an IPv4 address. This IPv4 address is the in-path main interface.
•  IPv4 Subnet Mask - Specify the IPv4 subnet mask.
•  IPv4 Gateway - Specify the IPv4 address for the in-path gateway. If you have a router (or a Layer-3 switch) on the LAN side of your network, specify this device as the in-path gateway.
•  Enable IPv6 - Select this option to enable specifying IPv6 addresses.
•  IPv6 Address - Specify an IPv6 address. Use this format: eight16‑bit hexadecimal strings separated by colons, 128-bits. For example:
2001:38dc:0052:0000:0000:e9a4:00c5:6282
You do not need to include leading zeros. For example:
2001:38dc:52:0:0:e9a4:c5:6282
You can replace consecutive zero strings with double colons (::). For example:
2001:38dc:52::e9a4:c5:6282
•  IPv6 Prefix - Specify the IPv6 prefix. Use this format: a number from 0 to 128, separated from the IPv6 address by a forward slash (/). In this example, 60 is the prefix:
2001:38dc:52::e9a4:c5:6282/60
•  IPv6 Gateway - Specify the IPv6 address for the in-path gateway. If you have a router (or a Layer-3 switch) on the LAN side of your network, specify this device as the in-path gateway.
•  MTU - Specify the MTU value. The MTU is the largest physical packet size, measured in bytes, that a network can send. Applies to optimized traffic only. The default value is 1500.
Note: If you change the MTU value of a VLAN in-path interface, the system propagates the value to the in-path interface and to the physical LAN/WAN interfaces. The system calculates the MTU from the maximum MTU of all the VLAN in-path interfaces (inpathx_y.v) for that in-path interface (inpathx_y).
Note: If there is a routed network on the LAN-side of the in-path appliance, the router that is the default gateway for the appliance must not have the ACL configured to drop packets from the remote hosts as its source. The in-path appliance uses IP masquerading to appear as the remote server.
Apply
Click to apply your changes to the running configuration.
6. Under IPv4 Routing Table, you can configure routes with IPv4 addresses as described in this table.
Control
Description
Add a New Route
Displays the controls for adding a new route.
Destination IP Address
Specify the destination IPv4 address for the out-of-path appliance or network management device.
Subnet Mask
Specify the IPv4 subnet mask.
Gateway IP Address
Specify the IPv4 address for the gateway.
Add
Adds the route to the table list.
Remove Selected
Select the check box next to the name and click Remove Selected.
7. Under IPv6 Routing Table, you can configure routes with IPv6 addresses as described in this table.
Control
Description
Add a New Route
Displays the controls for adding a new route.
Destination IPv6 Address
Specify the destination IPv6 address for the out-of-path appliance or network management device.
IPv6 Prefix
Specify the prefix.
Gateway IPv6 Address
Specify the IPv6 address for the gateway.
Add
Adds the route to the table list.
Remove Selected
Select the check box next to the name and click Remove Selected.
8. Click Save to save your changes permanently.
Avoiding speed and duplex mismatches
Speed and duplex mismatches can easily occur in a network. For example, if one end of the link is set at half-duplex or full-duplex mode and the other end of the link is configured to autonegotiate (auto), the link defaults to half-duplex, regardless of the duplex setting on the nonautonegotiated end. This duplex mismatch passes traffic, but it causes interface errors and results in degraded optimization.
These guidelines can help you avoid speed and duplex mismatches when configuring the SteelHead Interceptor:
•  Routers are often configured with fixed speed and duplex settings. Check your router configuration and set it to match the Interceptor WAN and LAN settings. Ensure that your switch has the correct setting.
•  After you finish configuring the SteelHead Interceptor, check for speed and duplex error messages (such as cyclic redundancy checks [crc] or frame errors) in the System Log page of the Management Console.
•  If there is a serious problem with the Interceptor and it goes into bypass mode (that is, it automatically continues to pass traffic through your network), a speed and duplex mismatch might occur when you reboot the Interceptor. To avoid a speed and duplex mismatch, configure your LAN external pair to match the WAN external pair.