Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
51525354555657585960
Configuring HA FWLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 5 - 17
SI-Int-B(config)# trunk switch ethernet 4/5 to 4/6
SI-Int-B(config)# trunk switch ethernet 4/13 to 4/14
SI-Int-B(config)# vlan 1
SI-Int-B(config-vlan-1)# always-active
SI-Int-B(config-vlan-1)# no spanning-tree
SI-Int-B(config-vlan-1)# exit
SI-Int-B(config)# vlan 2 name sync_link by port
SI-Int-B(config-vlan-2)# untagged ethernet 4/13 to 4/14
SI-Int-B(config-vlan-2)# no spanning-tree
SI-Int-B(config-vlan-2)# exit
SI-Int-B(config)# server fw-port 4/13
SI-Int-B(config)# server router-ports 4/12
SI-Int-B(config)# server fw-name FW1 10.10.2.1
SI-Int-B(config-rs-FW1)# port http
SI-Int-B(config-rs-FW1)# exit
SI-Int-B(config)# server fw-name FW2 10.10.2.2
SI-Int-B(config-rs-FW2)# port http
SI-Int-B(config-rs-FW2)# server fw-group 2
SI-Int-B(config-tc-2)# fw-name FW1
SI-Int-B(config-tc-2)# fw-name FW2
SI-Int-B(config-tc-2)# sym-priority 1
SI-Int-B(config-tc-2)# fwall-info 1 4/5 10.10.1.111 10.10.2.1
SI-Int-B(config-tc-2)# fwall-info 2 4/1 10.10.1.111 10.10.2.2
SI-Int-B(config-tc-2)# fwall-info 3 4/5 10.10.1.112 10.10.2.1
SI-Int-B(config-tc-2)# fwall-info 4 4/1 10.10.1.112 10.10.2.2
SI-Int-B(config-tc-2)# fwall-info 5 4/12 10.10.2.101 10.10.2.101
SI-Int-B(config-tc-2)# l2-fwall
SI-Int-B(config-tc-2)# exit
SI-Int-B(config)# vlan 1
SI-Int-B(config-vlan-1)# static-mac-address 0050.da92.08dc ethernet 4/5 priority 1
router-type
SI-Int-B(config-vlan-1)# static-mac-address 0050.da92.08d0 ethernet 4/1 priority 1
router-type
SI-Int-B(config-vlan-1)# exit
SI-Int-B(config)# wsm wsm-map slot 3 wsm-slot 2 wsm-cpu 1
SI-Int-B(config)# wsm wsm-map slot 4 wsm-slot 2 wsm-cpu 1
SI-Int-B(config)# ip policy 1 fw tcp 0 global
SI-Int-B(config)# ip policy 2 fw udp 0 global
SI-Int-B(config)# write memory
SI-Int-B(config)# end
SI-Int-B# reload
Configuring New Active-Active HA FWLB
NOTE: This new configuration applies to Releases 09.3.01 and later.
The following Active-Active FWLB configuration has been tested recently. The commands presented below are
documented in the ServerIron Chassis L4-7 Software Configuration Guide, except for the other ip command. The
other ip command interprets the synch messages if firewall IP addresses are different on different ServerIrons.
Example
The following configuration and diagram is example of how active-active FWLB is configured in release 09.3.01.