Brocade Fabric OS FCIP Administrator's Guide v7.1.0 (53-1002748-01, March 2013)

Fabric OS FCIP Administrator’s Guide 65
53-1002748-01
Inband management
3
For this example, you must configure the following:
On the management station:
- IP address 10.1.1.1/24 (defined)
- IP route to 192.168.3.20/32 via 10.1.1.10
On the 7800 L1:
- CP Management address 10.1.1.10/24
- Inband management address 192.168.3.10/24
- IP filter forward rule with destination IP address 192.168.3.20
On the 7800 R1:
- CP Management address 10.1.2.20/24
- Inband management address 192.168.3.20/24
- Inband management route to 10.1.1.1/32 via 192.168.3.10
Once all of these configurations are complete, proper IP connectivity should occur through the
network. In the case where there are routed networks between the 7800 switches, you will need to
add inband management routes to each 7800 switch. Using host-specific routes will help eliminate
undesired traffic. If network routes are needed, they can be substituted, but you should note that
this will allow anything on that network to be forwarded, which could result in undesired disruption
of FCIP traffic.
NOTE
In all routed network cases, all intermediate hops must have route entries to get to the endpoints.
Using ipfilter
Use the ipfilter command to create and manage forwarding rules for use with inband management.
For full details on this command, options, and arguments, refer to the ipfilter section of the Fabric
OS Command Reference Manual.
To create an IP forwarding rule, you must first create a new policy if one has not yet been created.
The easiest way to do this is with the --clone option to create a copy of the default policy.
ipfilter --clone inband_ipv4 -from default_ipv4
A new rule can be added to allow forwarding traffic.
ipfilter --addrule inband_ipv4 -rule rule_number -dp dest_port -proto protocol
-act [permit|deny] -type FWD -dip destination_IP
Valid dest_port values are any TCP or UDP port numbers or a range of port numbers that you want
forwarded. Valid protocol values are tcp or udp. The destination_IP is the IP address of the inband
management interface on the remote side. After a rule is added, save the policy and activate it
using the --save and --activate options. There can only be a single IPv4 policy active at any time.
Each policy can consist of multiple rules.