Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
31323334353637383940
Firewall Load Balancing Guide
4 - 10 © 2012 Brocade Communications Systems, Inc. May 31, 2012
Figure 4.2 Basic FWLB in Multiple Sub-nets Using Multiple Routing Interfaces
Commands on the External ServerIron
The following commands change the CLI to the global CONFIG level, then change the hostname to "SI-External".
ServerIron> enable
ServerIron# configure terminal
ServerIron(config)# hostname SI-External
The following commands configure virtual routing interface 1, which is connected to the firewalls. Since both
firewalls are in the same sub-net, you must configure the ServerIron’s IP interface with the firewalls on a virtual
routing interface. Otherwise, you cannot configure the same address on more than port.
The first three commands configure the VLAN. The last two commands configure an IP address on the interface.
The IP address is assigned to all the ports in the VLAN associated with the virtual routing interface.
SI-External(config)# vlan 10
SI-External(config-vlan-10)# untagged ethernet 4/1 to 4/4
SI-External(config-vlan-10)# router-interface ve 1
SI-External(config-vlan-10)# exit
SI-External(config)# interface ve 1
SI-External(config-ve-1)# ip address 10.10.1.111 255.255.255.0
SI-External(config-ve-1)# exit
The following commands configure virtual routing interface 2, which is connected to the client.
SI-External(config)# vlan 20
SI-External(config-vlan-20)# untagged ethernet 4/5 to 4/24
SI-External(config-vlan-20)# router-interface ve 2
SI-External(config-vlan-20)# exit
SI-External(config)# interface ve 2
SI-External(config-ve-2)# ip address 10.10.7.101 255.255.255.0
SI-External(config-ve-2)# exit
Since Figure 4.2 on page 4-10 shows only one port connected to one client, you could configure the IP address on
the physical port attached to the client instead of configuring the address on a separate VLAN. This example uses
a virtual routing interface to demonstrate that you can use multiple virtual routing interfaces in your configuration.
SI-A
SI-C
Layer 3
Firewall-1
Layer 3
Firewall-2
Client
IP:10.10.7.15
Gtwy:10.10.7.101
Server
Internal
ServerIron
External
ServerIron
IP:10.10.5.40
Gtwy:10.10.5.101
Virtual Routing
Interface 2
10.10.7.101
Virtual Routing
Interface 2
10.10.5.101
Virtual Routing
Interface 1
10.10.1.111
Virtual Routing
Interface 1
10.10.2.222