Technical data
Configuring FWLB for Layer 2 Firewalls
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 10 - 5
Commands for Standby ServerIron A (External Standby)
SI-StandbyA(config)# server fw-name 01fw1 1.1.1.100
SI-StandbyA(config-rs-01fw1)# exit
SI-StandbyA(config)# server fw-name 02fw2 1.1.1.101
SI-StandbyA(config-rs-02fw2)# exit
SI-StandbyA(config)# server fw-group 2
SI-StandbyA(config-tc-2)# fw-name 01fw1
SI-StandbyA(config-tc-2)# fw-name 02fw2
Commands for Active ServerIron B (Internal Active)
SI-ActiveB(config)# server fw-name 01fw1 1.1.1.100
SI-ActiveB(config-rs-01fw1)# exit
SI-ActiveB(config)# server fw-name 02fw2 1.1.1.101
SI-ActiveB(config-rs-02fw2)# exit
SI-ActiveB(config)# server fw-group 2
SI-ActiveB(config-tc-2)# fw-name 01fw1
SI-ActiveB(config-tc-2)# fw-name 02fw2
Commands for Standby ServerIron B (Internal Standby)
SI-StandbyB(config)# server fw-name 02fw1 1.1.1.100
SI-StandbyB(config-rs-01fw1)# exit
SI-StandbyB(config)# server fw-name 02fw2 1.1.1.101
SI-StandbyB(config-rs-02fw2)# exit
SI-StandbyB(config)# server fw-group 2
SI-StandbyB(config-tc-2)# fw-name 02fw1
SI-StandbyB(config-tc-2)# fw-name 02fw2
Command Syntax
Syntax: [no] server fw-name <string> <ip-addr>
NOTE: When you add a firewall name, the CLI level changes to the Firewall level. This level is used when you
are configuring stateful FWLB.
Syntax: server fw-group 2
This command changes the CLI to firewall group configuration level. The firewall group number is 2. Only one
firewall group is supported.
Syntax: [no] fw-name <string>
Adds a configured firewall to the firewall group.
Enabling the L2-fwall Option
For a static route configuration such as the one in the example in 8-1, you need to enable the L2-fwall option on
each ServerIron.
USING THE CLI
To enable the L2-fwall option on a ServerIron, enter the following commands:
ServerIron(config)# server fw-group 2
ServerIron(config-tc-2)# l2-fwall
Syntax: [no] l2-fwall
Configuring Paths and Adding Static MAC Entries for Layer 2