Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
31323334353637383940
Configuring Basic FWLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 4 - 7
Figure 4.1 Basic FWLB in One Subnet
The following sections show the CLI commands for configuring the basic FWLB implementation in Figure 4.1.
Commands on the External ServerIron
The following commands change the CLI to the global CONFIG level, then change the hostname to "SI-External".
ServerIron> enable
ServerIron# configure terminal
ServerIron(config)# hostname SI-External
The following commands configure a virtual routing interface on VLAN 1 (the default VLAN), then configure an IP
address on the interface. The virtual routing interface is associated with all the ports in the VLAN. In this case,
since all the ServerIron ports are in the default VLAN, the virtual routing interface is associated with all the ports
on the device.
SI-External(config)# vlan 1
SI-External(config-vlan-1)# router-interface ve 1
SI-External(config-vlan-1)# exit
SI-External(config)# interface ve 1
SI-External(config-ve-1)# ip address 10.10.1.111 255.255.255.0
SI-External(config-ve-1)# exit
The following command configures an IP default route. The first two "0.0.0.0" portions of the address are the IP
address and network mask. Always specify zeroes when configuring an IP default route. The third value is the IP
address of the next-hop gateway for the default route. In most cases, you can specify the IP address of one of the
firewalls as the next hop. Specifying the default route is the Layer 3 equivalent of specifying the default gateway.
SI-External(config)# ip route 0.0.0.0 0.0.0.0 10.10.1.5
The following commands add the firewall definitions. In this example, port HTTP is configured on each firewall.
Specifying the application ports on the firewalls is optional. If you configure an application port on a firewall, load
balancing is performed for the configured port. All traffic from a given client for ports that are not configured is sent
to the same firewall.
SI-External(config)# server fw-name fw1 10.10.1.5
SI-External(config-rs-fw1)# port http
SI-A
SI-C
Layer 3
Firewall-1
Layer 3
Firewall-2
Client
IP:10.10.1.15
Gtwy:10.10.1.111
or 10.10.1.5
Server
Internal
ServerIron
External
ServerIron
IP:10.10.2.40
Gtwy:10.10.2.222
or 10.10.2.5
IP:10.10.2.5
MAC:00.80.c8.b9.ab.aa
IP:10.10.1.5
MAC:00.80.c8.b9.ab.a9
IP:10.10.1.6
MAC:00.80.c8.b9.91.09
IP:10.10.2.6
MAC:00.80.c8.b9.91.0a
Port 4/3
Port 4/3
Port 4/2
Port 4/2
Port 4/1
Port 4/1
VLAN 1
Virtual Interface:
10.10.1.111
VLAN 1
Virtual Interface:
10.10.2.222
Default Route: 10.10.1.5
Default Route: 10.10.2.5