Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
151152153154155156157158159160
Configuring FWLB for Layer 2 Firewalls
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 10 - 7
SI-StandbyA(config)# static-mac-address 00e0.5202.e282 ethernet 2 high-priority
router-type
Commands for Active ServerIron B (Internal Active)
SI-ActiveB(config)# server fw-group 2
SI-ActiveB(config-tc-2)# fwall-info 1 1 1.1.1.10 1.1.1.10
SI-ActiveB(config-tc-2)# fwall-info 2 2 1.1.1.20 1.1.1.20
SI-ActiveB(config-tc-2)# fwall-info 3 1 1.1.1.10 1.1.1.10
SI-ActiveB(config-tc-2)# fwall-info 4 2 1.1.1.20 1.1.1.20
SI-ActiveB(config-tc-2)# fwall-info 5 9 1.1.1.2 1.1.1.2
SI-ActiveB(config-tc-2)# exit
SI-ActiveB(config)# static-mac-address 00e0.5200.3489 ethernet 1 high-priority
router-type
SI-ActiveB(config)# static-mac-address 00e0.5202.e282 ethernet 2 high-priority
router-type
Commands for Standby ServerIron B (Internal Standby)
SI-StandbyB(config)# server fw-group 2
SI-StandbyB(config-tc-2)# fwall-info 1 1 1.1.1.10 1.1.1.10
SI-StandbyB(config-tc-2)# fwall-info 2 2 1.1.1.20 1.1.1.20
SI-StandbyB(config-tc-2)# fwall-info 3 1 1.1.1.10 1.1.1.10
SI-StandbyB(config-tc-2)# fwall-info 4 2 1.1.1.20 1.1.1.20
SI-StandbyB(config-tc-2)# fwall-info 5 17 1.1.1.2 1.1.1.2
SI-StandbyB(config-tc-2)# exit
SI-StandbyB(config)# static-mac-address 00e0.5200.3489 ethernet 1 high-priority
fixed-host
SI-StandbyB(config)# static-mac-address 00e0.5202.e282 ethernet 2 high-priority
fixed-host
Command Syntax
Syntax: server fw-group 2
Syntax: [no] fwall-info <path-num> <portnum> <other-ServerIron-ip> <next-hop-ip>
The syntax for adding static MAC entries differs depending on whether you are using a stackable or chassis
ServerIron.
Syntax for chassis devices:
Syntax: [no] static-mac-address <mac-addr> ethernet <portnum> [priority <0-7>] [host-type | router-type]
Syntax for stackable devices:
Syntax: static-mac-address <mac-addr> ethernet <portnum> [to <portnum> ethernet <portnum>]
[normal-priority | high-priority] [host-type | router-type | fixed-host]
The priority can be 0 – 7 (0 is lowest and 7 is highest) for chassis devices and either normal-priority or high-priority
for stackable devices.
The defaults are host-type and 0 or normal-priority.
NOTE: The static MAC entries are required. You must add a static MAC entry for each firewall interface with the
ServerIron.
NOTE: Use the fixed-host parameter only for Layer 2 firewall configurations such as the one in this example.
The parameter “fixes” the address to the ServerIron port you specify and prevents other ports on the ServerIron
from learning it. Use the router-type parameter for all other types of FWLB configurations. The fixed-host
parameter is supported only stackable ServerIrons.