#Configuring forefront tmg 2010 twoleg mac
Mac address-table static 03bf.0a0a.3201 vlan 50 interface Po1 Gi6/12 Mac address-table static 03bf.0a0a.0b01 vlan 11 interface Po1 Po2 Mac address-table static 03bf.0a0a.0a01 vlan 10 interface Po1 Po2 To avoid flooding traffic on all ports we must tweak it some more (only on ports that are needed): Our VIPs will look like:Ĭonfigure the 4506 core switches with static arp entries (only needed for the Multicast VIP’s): Decimal 10 = hexadecimal 0a, decimal 100 = hexadecimal 64. If you are good at converting decimal values to hexadecimal values you can convert them yourself fairly easy. a Multicast MAC Address will start with 03:bf and a Unicast MAC Address will start with 02:bf. So we need to find out the Multicast MAC Addresses and Unicast MAC Addresses of our VIP’s. Still we need one thing to do on our Cisco 4506 Core switches : creating static ARP entries to avoid flooding on the Cores. We choose to configure VLAN 100 as an UNICAST NLB. I think it can be solved by asking your ISP to configure static ARP entries on their router that point to your VLAN 100 NLB VIP’s. It worked when we placed an workstation in VLAN 100 but it did not work from any other external subnet (different ISPs). Note: We ran into problems when enabling MULTICAST NLB for VLAN 100. Repeat the same action for VLAN 11 : IP address 10.10.11.1, for VLAN 50 : IP address 10.10.50.1 and for VLAN 100 : IP address 100.100.100.1 (if you need more VIP’s for extra services like OWA, MAIL then enter them here) Now configure your primary NLB VIP address : 10.10.10.1. Select the appropriate (VLAN 10 network) and select configure NLB. Select the VLAN 10 network and choose Configure Load Balanced networks. If you finished installing & configuring Forefront (not included here! maybe in another post one day) on both machines (make sure you have networks configured for VLAN 10, 11 and 50) then its time to config the NLB’s. Now its time to config the first Core switch (left one):ĭescription 20GB connection to other Coreĭescription Uplink to other Core 20Gb Channelĭescription Connection from TMG-FE-1 to ISP2ĭescription Connection to TMG-FE-1 (Array NIC)ĭescription Connection from TMG-FE-1 to ISP1ĭescription Connection to TMG-FE-1 (DMZ NIC)ĭescription Connection from TMG-FE-2 to ISP2ĭescription Connection to TMG-FE-2 (Array NIC)ĭescription Connection from TMG-FE-2 to ISP1ĭescription Connection to TMG-FE-2 (DMZ NIC) Start off by running the HP Network Configuration utility on TMG-FE-1 and TMG-FE-2 and configure it like this:ĭefine VLAN 10 and 11 on TMG-FE-1 teaming interface (configured on port-channel 2)ĭefine VLAN 10 and 11 on TMG-FE-2 teaming interface (configured on port-channel 2) VLAN 99 is used for the Intra-Array adapter between the TMG’s.
![configuring forefront tmg 2010 twoleg configuring forefront tmg 2010 twoleg](http://cdn.techgenix.com/media/upls/image002_200.jpg)
![configuring forefront tmg 2010 twoleg configuring forefront tmg 2010 twoleg](http://www.isaserver.org/img/upl/image0021310413805690.jpg)
We choose not to use it for ISP 2 (VLAN 101). We are going to configure NLB for VLAN 10, 11, 50 and 100.
![configuring forefront tmg 2010 twoleg configuring forefront tmg 2010 twoleg](https://araihan.files.wordpress.com/2010/04/layoutlargesnm_thumb.png)
VLAN 100 is the internet connection from ISP1 and VLAN 101 is the internet connection from ISP2. VLAN 50 is used for the DMZ subnet (webserver running here). VLAN 10 and 11 are used for internal traffic (lets say student and teacher traffic). Port-channel 2 is configured between the 4506 and the TMG-FE-x server. Port-channel 1 is used between the 2 core switches and all vlan are allowed on this trunk.
#Configuring forefront tmg 2010 twoleg how to
Little information was to be found on how to configure the NLB configuration if you had 2 cisco 4506 core switches.
![configuring forefront tmg 2010 twoleg configuring forefront tmg 2010 twoleg](http://www.elmajdal.net/ISAServer/Managing_TMG_2010_Remotely_From_a_32bit_Client/0-system-editor.png)
We bought 2 HP D元60 G7 servers with 24GB Mem, 4 x 300 SAS disks, 2 x Quad core CPU’s to support 3500 users (in theory). Recently we migrated our edge Forefront TMG standard machine to a Forefront TMG Enterprise standalone array to create redundancy for incoming traffic (NLB) and outgoing traffic (ISP-R).