Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
81828384858687888990
Configuring Multizone FWLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 6 - 15
Zone2-SI-A(config)# ip policy 1 fw tcp 0 global
Zone2-SI-A(config)# ip policy 2 fw udp 0 global
Zone2-SI-A(config)# server router-ports 5
Zone2-SI-A(config)# server fw-port 9
Zone2-SI-A(config)# trunk switch ethernet 9 to 10
Zone2-SI-A(config)# vlan 10 by port
Zone2-SI-A(config-vlan-10)# untagged 9 to 10
Zone2-SI-A(config-vlan-10)# exit
Zone2-SI-A(config)# vlan 1
Zone2-SI-A(config-vlan-1)# always-active
Zone2-SI-A(config-vlan-1)# exit
Zone2-SI-A(config)# server fw-name FW1 209.157.25.1
Zone2-SI-A(config-rs-FW1)# exit
Zone2-SI-A(config)# server fw-name FW2 209.157.25.254
Zone2-SI-A(config-rs-FW2)# exit
Zone2-SI-A(config)# access-list 3 permit 209.157.23.0 0.0.0.255
Zone2-SI-A(config)# server fw-group 2
Zone2-SI-A(config-tc-2)# fwall-zone Zone3 3 3
Zone2-SI-A(config-tc-2)# fw-name FW1
Zone2-SI-A(config-tc-2)# fw-name FW2
Zone2-SI-A(config-tc-2)# l2-fwall
Zone2-SI-A(config-tc-2)# sym-priority 1
Zone2-SI-A(config-tc-2)# fwall-info 1 1 209.157.23.11 209.157.25.1
Zone2-SI-A(config-tc-2)# fwall-info 2 1 209.157.23.12 209.157.25.1
Zone2-SI-A(config-tc-2)# fwall-info 3 1 209.157.24.13 209.157.25.1
Zone2-SI-A(config-tc-2)# fwall-info 4 1 209.157.24.14 209.157.25.1
Zone2-SI-A(config-tc-2)# fwall-info 5 16 209.157.23.11 209.157.25.254
Zone2-SI-A(config-tc-2)# fwall-info 6 16 209.157.23.12 209.157.25.254
Zone2-SI-A(config-tc-2)# fwall-info 7 16 209.157.24.13 209.157.25.254
Zone2-SI-A(config-tc-2)# fwall-info 8 16 209.157.24.14 209.157.25.254
Zone2-SI-A(config-tc-2)# fwall-info 9 5 209.157.25.200 209.157.25.200
Zone2-SI-A(config-tc-2)# exit
Zone2-SI-A(config)# vlan 1
Zone2-SI-A(config-vlan-1)# static-mac-address abcd.5200.348b ethernet 1 high-
priority router-type
Zone2-SI-A(config-vlan-1)# static-mac-address abcd.5200.0b4e ethernet 16 high-
priority router-type
Zone2-SI-A(config-vlan-1)# exit
Zone2-SI-A(config)# write memory
Zone2-SI-A(config)# exit
Zone2-SI-A# reload
Commands on Zone2-SI-S in Zone 2
The following commands configure ServerIron “Zone2-SI-S”, on the right side of zone 2 in Figure 6.2 on page 6-8.
ServerIron(config)# hostname Zone2-SI-S
Zone2-SI-S(config)# ip address 209.157.25.16 255.255.255.0
Zone2-SI-S(config)# ip default-gateway 209.157.25.254
Zone2-SI-S(config)# no span
Zone2-SI-S(config)# ip policy 1 fw tcp 0 global
Zone2-SI-S(config)# ip policy 2 fw udp 0 global
Zone2-SI-S(config)# server router-ports 5
Zone2-SI-S(config)# server fw-port 9
Zone2-SI-S(config)# trunk switch ethernet 9 to 10
Zone2-SI-S(config)# vlan 10 by port
Zone2-SI-S(config-vlan-10)# untagged 9 to 10
Zone2-SI-S(config-vlan-10)# exit
Zone2-SI-S(config)# vlan 1