Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
919293949596979899100
Configuring Multizone FWLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 6 - 33
Zone1-SI-S(config-rs-web1)# port http
Zone1-SI-S(config-rs-web1)# exit
Zone1-SI-S(config)# server remote-name web2 10.10.8.42
Zone1-SI-S(config-rs-web2)# port http
Zone1-SI-S(config-rs-web2)# exit
Zone1-SI-S(config)# server remote-name web3 10.10.6.41
Zone1-SI-S(config-rs-web3)# port http
Zone1-SI-S(config-rs-web3)# exit
Zone1-SI-S(config)# server remote-name web4 10.10.6.43
Zone1-SI-S(config-rs-web4)# port http
Zone1-SI-S(config-rs-web4)# exit
Zone1-SI-S(config)# server virtual www.web.com 10.10.1.10
Zone1-SI-S(config-vs-www.web.com)# port http
Zone1-SI-S(config-vs-www.web.com)# bind http web1 http web2 http web3 http web4 http
Zone1-SI-S(config-vs-www.web.com)# exit
Zone1-SI-S(config)# server slb-fw
Zone1-SI-S(config)# ip l4-policy 1 fw tcp 0 global
Zone1-SI-S(config)# ip l4-policy 2 fw udp 0 global
Zone1-SI-S(config)# write memory
Commands on Zone 2’s Active ServerIron (Zone2-SI-A)
The following commands configure ServerIron Zone2-SI-A in zone 2. The configuration is similar to the
configuration for ServerIron Zone1-SI-A, except the ACL and zone information are for zone 3, and FWLB-to-SLB is
enabled instead of SLB-to-FWLB.
ServerIron> enable
ServerIron# configure terminal
ServerIron(config)# hostname Zone2-SI-A
Zone2-SI-A(config)# vlan 1
Zone2-SI-A(config-vlan-1)# always-active
Zone1-SI-A(config)# vlan 2
Zone1-SI-A(config-vlan-2)# always-active
Zone1-SI-A(config-vlan-2)# tagged ethernet 4/11 to 4/12
Zone1-SI-A(config-vlan-2)# untagged ethernet 4/1 to 4/8
Zone1-SI-A(config-vlan-2)# router-interface ve 1
Zone1-SI-A(config-vlan-2)# exit
Zone1-SI-A(config)# interface ve 1
Zone1-SI-A(config-ve-1)# ip address 10.10.2.222 255.255.255.0
Zone1-SI-A(config-ve-1)# exit
Zone1-SI-A(config)# vlan 20
Zone1-SI-A(config-vlan-20)# always-active
Zone1-SI-A(config-vlan-20)# tagged ethernet 4/11 to 4/12
Zone1-SI-A(config-vlan-20)# untagged ethernet 4/13 to 4/24
Zone1-SI-A(config-vlan-20)# router-interface ve 2
Zone1-SI-A(config-vlan-20# exit
Zone1-SI-A(config)# interface ve 2
Zone1-SI-A(config-ve-2)# ip address 10.10.8.101 255.255.255.0
Zone1-SI-A(config-ve-2)# exit
Zone2-SI-A(config)# ip route 0.0.0.0 0.0.0.0 10.10.2.1
Zone2-SI-A(config)# vlan 10
Zone2-SI-A(config-vlan-10)# untagged ethernet 4/9 to 4/10
Zone2-SI-A(config-vlan-10)# exit
Zone2-SI-A(config)# trunk switch ethernet 4/9 to 4/10
Zone2-SI-A(config)# server fw-port 4/9
Zone2-SI-A(config)# trunk switch ethernet 4/11 to 4/12
Zone2-SI-A(config)# server partner-ports ethernet 4/11
Zone2-SI-A(config)# server partner-ports ethernet 4/12
Zone2-SI-A(config)# server fw-group 2