The VSA cluster network must have at least 1 dedicated Gigabit Ethernet switch that supports IEEE 802.1Q VLAN trunking.

You can have 2 dedicated switches to eliminate a single point of failure in the physical network. The switches must be configured to support the IP ranges of the front-end and back-end networks of the VSA cluster. To isolate front-end and back-end networks, you should use VLANs instead of physical isolation. VLAN isolation protects the VSA virtual NICs from Ethernet broadcast storms and malicious capturing and parsing of Ethernet frames.

You can configure two VLAN IDs on your switches to isolate traffic between the front-end and back-end networks. You can use the VLAN IDs in the VSA Installer and VSA Automated Installer to specify the VLAN IDs for the front-end and back-end networks. Using VLAN IDs is not mandatory.

Note

VLAN IDs can range from 1 to 4094. You cannot use 0 and 4095.

VLAN ID Configuration for a VSA Cluster

VSA Cluster Network

Example VLAN ID

Front-end network

1337

Back-end network

3598