Filter
Top Products
IP Configuration Command Set
Configuring Load Sharing Network Address Translation (LSNAT)
12-70 Matrix NSA Series Configuration Guide
If you also want to provide direct client access to real servers configured as part of a server farm
group, there are two mechanisms that can provide direct client access.
The first mechanism, configured within virtual server configuration mode with the allow
accessservers command, allows you to identify specific clients who can set up connections directly
to a real server’s IP address, as well as continue to use the virtual server IP address.
The second mechanism, configured in Global configuration mode with the ip slb allowaccess_all
command, allows all clients to directly access all services provided by real servers EXCEPT FOR
those services configured to be accessed by means of a configured virtual server. The real servers
are still protected from direct client access for configured services only. For example, using this
mechanism, if you configured a load balancing server group containing “realserver1” and
“realserver2” to provide HTTP service through virtual server “vserver-http,” clients can only access
the HTTP service on those real servers by means of the “vserver-http” virtual server. However,
clients can directly access “realserver1” and “realserver2” for any services other than HTTP.
If you combine the two mechanisms, that is, configure ip slb allowaccess_all at the Global
configuration mode and also configure allow accessservers within a virtual server’s configuration
mode, the clients identified with the allow accessservers command will have direct access to the
real servers for all services (including those provided by a virtual server) and be blocked from using
the virtual server. So for example, an “allowed” client can access “realserver1” and “realserver2”
directly for all services, including HTTP, but cannot access those servers for HTTP by means of the
“vserver-http” virtual server.
LSNAT Configuration Task List and Commands
Table 12-8 lists the mandatory and optional tasks and commands for configuring LSNAT on the
Matrix Series device. Commands are described in the associated sections as shown.
Table 12-8 LSNAT Configuration Task List and Commands
Task Use these commands...
Configure a server farm:
• (Optional) Display the server farm
configuration.
show ip slb serverfarms (Section 12.2.8.1)
• (Optional) Define an FTP control port. ip slb ftpctrlport (Section 12.2.8.2)
• Specify a server farm name. ip slb serverfarm (Section 12.2.8.3)
• Specify a real server as a member of the server
farm.
real (Section 12.2.8.4)