Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
151152153154155156157158159160
Firewall Load Balancing Guide
10 - 4 © 2012 Brocade Communications Systems, Inc. May 31, 2012
If the link between the two ServerIrons is a trunk group (recommended for added redundancy), specify the port
number of the primary port. The primary port is the first port in the trunk group.
Specifying the Router Ports
IronClad FWLB configurations require paths to the routers as part of the active-standby configuration for the
ServerIrons. You need to identify the ports on the ServerIron that are attached to the router(s).
USING THE CLI
To identify port 9 on a ServerIron as a router port, enter the following command:
ServerIron(config)# server router-port 9
Syntax: [no] server router-ports <portnum>
The command in this example configures port 9 as the router port. In the example shown in Figure 10.1 on
page 10-2, Active ServerIron-A and Active ServerIron-B are connected to their router by port 9. The same port
number is used for simplicity in this example but you do not need to use the same port number on both
ServerIrons.
NOTE: To define multiple router ports on a switch, enter the port numbers, separated by blanks. You can enter
up to eight router ports in a single command line. To enter more than eight ports, enter the server router-port
command again with the additional ports.
Defining the Firewalls and Adding Them to the Firewall Group
When FWLB is enabled, all the ServerIron ports are in firewall group 2 by default. However, you need to add an
entry for each firewall. To add an entry for a firewall, specify the firewall name and IP address. You can specify a
name up to 32 characters long. After you define the firewalls, add them to the firewall group.
To define the firewalls shown in Figure 10.1 on page 10-2, use the following method.
NOTE: In the case of Layer 2 firewalls, the first part of the firewall name must be the ServerIron port number that
is attached to the firewall. In the example in Figure 9.1, the port numbers are 01 and 02. You can use firewall
names such as 01fw1 and 02fw2, but not fw1 and fw2.
NOTE: In case of ServerIron chassis devices, both slot and port numbers must be included in the firewall name.
For example, if Layer 2 firewalls are attached to a ServerIron on interfaces 3/1 and 3/2, the firewall names can be
03/01fw1 and 03/02fw2.
NOTE: For slot numbers 1 through 8 and port numbers 1 through 9, you must use 0 in the number. For example,
03/01fw1 is a valid name, but 3/1fw1 is not.
USING THE CLI
To define the firewalls using the CLI, enter the following commands:
Commands for Active ServerIron A (External Active)
SI-ActiveA(config)# server fw-name 01fw1 1.1.1.100
SI-ActiveA(config-rs-01fw1)# exit
SI-ActiveA(config)# server fw-name 02fw2 1.1.1.101
SI-ActiveA(config-rs-02fw2)# exit
SI-ActiveA(config)# server fw-group 2
SI-ActiveA(config-tc-2)# fw-name 01fw1
SI-ActiveA(config-tc-2)# fw-name 02fw2