Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
151152153154155156157158159160
Configuring FWLB for Layer 2 Firewalls
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 10 - 3
Configuring a Switch Trunk Group for the Firewall Ports
When you configure FWLB for Layer 2 firewalls, you must configure all the ServerIron ports that are connected to
firewalls together as a switch trunk group.
NOTE: To place a trunk group configuration into effect, you must save the configuration to the startup-config file,
then reload the software. You can perform these steps as soon as you configure the trunk group or later, after you
complete the other firewall configuration steps. In either case, use the write memory command to save the
configuration to the startup-config file, then enter the reload command at the Privileged EXEC level of the CLI to
reload the software.
USING THE CLI
To configure a trunk group, enter a command such as the following at the global CLI level:
ServerIron(config)# trunk switch ethernet 1 to 2
Syntax: [no] trunk switch ethernet <portnum> to <portnum>
You can specify up to four ports. For complete trunk group configuration rules and guidelines, see the "Trunks"
section of the ServerIron TrafficWorks Switching and Routing Guide.
Specifying the Partner Port
If you are configuring the ServerIron for IronClad FWLB, you need to specify the port number of the dedicated link
between the ServerIron and its partner.
USING THE CLI
To specify the port, enter a command such as the following at the global CLI level:
ServerIron(config)# server fw-port 13
Syntax: [no] server fw-port <portnum>
The command shown above configures port 13 as the dedicated link to the other ServerIron in the active-standby
pair. In the example in Figure 10.1 on page 10-2, each of the ServerIrons is configured so that port 13 is the
dedicated link to the other ServerIron in the active-standby pair. Thus, the command shown above is entered on
each of the ServerIrons. You must specify the partner port on each ServerIron, but using the same port number on
each ServerIron is not required.
Identify the partner port (the link between the active and standby ServerIrons) 10-3
Identify the router port (ServerIron ports connected to routers) 10-4
Configure Firewall Parameters
Define the firewalls and add them to the firewall group 10-4
Configure Firewall Group Parameters
Enable the L2-fwall option 10-5
Configure the paths and add static MAC entries for the firewall interfaces with the ServerIron 10-5
Specify the ServerIron priority (determines which ServerIron in the active-standby pair is the default
active ServerIron)
10-8
Globally enable FWLB
Globally enable FWLB 10-8
Table 10.1: Configuration tasks – IronClad FWLB for Layer 2 firewalls(Continued)
Task See page...