Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
71727374757677787980
Configuring Multizone FWLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 6 - 13
port-based VLAN and is not used in any of the paths. The private link on ports 9 and 10 in VLAN 2 is used only to
exchange failover information. All traffic between zones uses the links in the default VLAN.
Notice that the last path, unlike the other paths, has the same IP address for the destination and the next-hop for
the path. This path is a router path and ends at the router itself. The other paths are firewall paths and end at the
ServerIron at the other end of the firewall.
The following commands add static entries to the ServerIron’s MAC table for the firewall interfaces.
Zone1-SI-A(config)# vlan 1
Zone1-SI-A(config-vlan-1)# static-mac-address abcd.5200.348d ethernet 1 high-
priority router-type
Zone1-SI-A(config-vlan-1)# static-mac-address abcd.5200.0b50 ethernet 16 high-
priority router-type
Zone1-SI-A(config-vlan-1)# exit
Each command includes the MAC address of the firewall’s interface with the ServerIron and the ServerIron port
that is connected to the firewall. The high-priority and router-type parameters identify the MAC entry type and
are required.
NOTE: If you enter the command at the global CONFIG level, the static MAC entry applies to the default port-
based VLAN (VLAN 1). If you enter the command at the configuration level for a specific port-based VLAN, the
entry applies to that VLAN and not to the default VLAN.
NOTE: The syntax for the static-mac-address command is slightly different on ServerIron Chassis devices.
Instead of a port number, you specify a slot and port number. For the priority, specify priority 7 instead of high-
priority.
The following command saves the configuration information to the ServerIron’s startup-config file on flash memory.
You must save the configuration information before reloading the software or powering down the device.
Otherwise, the information is lost.
Zone1-SI-A(config)# write memory
The following commands change the CLI to the Privileged EXEC level, and reload the software. Since this
configuration includes a trunk group, you must reload the software to place the trunk group into effect.
Zone1-SI-A(config)# exit
Zone1-SI-A# reload
Commands on Zone1-SI-S in Zone 1
The following commands configure ServerIron “Zone1-SI-S”, on the right side of zone 1 in Figure 6.2 on page 6-8.
The configuration is similar to the one for Zone1-SI-A, with the following exceptions:
The management IP address is different.
The default gateway goes to firewall FW2’s interface with the ServerIron. (The default gateway for Zone1-SI-A
goes to FW1’s interface with that ServerIron.)
The priority is set to 1 instead of 255. The lower priority makes this ServerIron the standby ServerIron by
default.
The paths are different due to the ServerIron’s placement in the network. (However, like Zone1-SI-A,
ServerIron Zone1-SI-S has a path through each firewall to each of the ServerIrons in the other zones, and
has a path to its directly attached router.)
ServerIron(config)# hostname Zone1-SI-S
Zone1-SI-S(config)# ip address 209.157.24.14 255.255.255.0
Zone1-SI-S(config)# ip default-gateway 209.157.24.254
Zone1-SI-S(config)# no span
Zone1-SI-S(config)# ip policy 1 fw tcp 0 global
Zone1-SI-S(config)# ip policy 2 fw udp 0 global
Zone1-SI-S(config)# server router-ports 5