Citrix Netscaler 10 Summary Notes – Getting Started – Day 5

Networking 2 Minutes

System Configuration

slot/port

VLANS

  • Supports IEEE802.1Q
  • VLANS Supported:
    • Default VLAN = 1
    • PortBased VLAN
    • Tagged VLAN (nsvlan)

Link Aggregate Channels

  • Channel parameters have precedence over the interface parameters

Clock

  • Clock synchronization is done in shell

DNS

  • Can Function as:
    • Authoritative Domain Name Server (ADNS)
    • DNS proxy server
    • End Resolver
    • Forwarder (typical config)
  • Can add resource records such as:
  • Can balance load on external DNS Servers
  • Actions allowed for external name servers:
    • add server

add dns nameServer

show dns nameServer

  • By IP address – appliance will load balance requests to the dns servers in round robin
  • By Virtual IP (VIP) – can specify load balancing method
  • remove server
  • enable server
  • disable server

SNMP

  • Supports SNMP v1, v2 and v3
  • Message types:
    • Alarms
    • Traps – events that the agent generates to signal abnormal conditions
  • Agent Operates in bilingual mode
    • Can handle SNMPv2 queries eg. Get-Bulk
    • Can handle SNMPv1 queries
    • Sends traps compliant with SNMPv2
    • Supports SNMPv2 data types eg counter64
  • SNMPv1 managers use NS-MIB-smiv1.mib file when processing SNMP queries
  • SNMPv2 Managers use NS-MIB-smiv2.mib file to process snmp queries
  • Supported enterprise-specific MIBs
    • A subset of standard MIB-2 groups – Provides MIB-2 groups SYSTEM, IF, ICMP, UDP, and SNMP
    • A system enterprise MIB – Provides system-specific configuration and statistics
  • Configuration Procedure:
    • Specify managers that can query SNMP agent
      • This is a computer running a management application
      • If not configured, Netscaler accepts and responds to all IP address
      • If configured, Netscaler accepts and responds snmp queries only from them
      • Netmask can be used to allow a subnet
      • Maxium 100 managers in a network

add snmp manager … [-netmask ]

show snmp manager

  • Add SNMP trap listeners that receive trap messages
    • Specify IP address + Destination port
    • Type of trap (generic or specific)
    • SNMP version
    • Max of 20 listeners

add snmp trap specific

show snmp trap

OR

System > SNMP > Traps> Add

  • configure SNMP alarms
    • Enable the alarm

set snmp alarm [-state ENABLED | DISABLED ]

show snmp alarm

  • Set the severity level (Critical, Major, Minor, Warning, and Informational) when the trap will be generated

set snmp alarm [-severity ]

show snmp alarm

System > SNMP > Alarms

Syslog

  • Logging can be done locally in Netscaler or to external log servers
  • Audit Server Logging feature is used to log the states and status information collected in different modules in the kernel and by user-level daemons
  • Used to monitor netscaler and log info

Firewall ports

  • • UDP 161 (SNMP)
    • UDP 162 (SNMP trap)
    • TCP/UDP 3010 (GUI)
    • HTTP 80 (GUI)
    • TCP 22 (SSH)

Server Configuration

  • Keep-alive should be enabled on servers
  • If Microsoft® Internet Information Server – enable buffering
  • If Apache Server – maximum connections (MaxConn) should be enabled on server and netscaler
  • If Netscape® Enterprise Server – max request per connection should be set on netscaler

Software features

  • L2 Mode should be disabled if  L2 device is working in parallel with netscaler
  • Disable MAC based forwarding if MAc address of return traffic is different

Published by CyberSecFaith

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s