Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 43
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
32 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuration examples with Layer 3 routing support
2
DRAFT: BROCADE CONFIDENTIAL
Commands on the external ServerIron ADX
The following commands change the CLI to the global CONFIG level, and then change the host
name to "SI-External".
ServerIron ADX> enable
ServerIron ADX# configure terminal
ServerIron ADX(config)# hostname SI-External
The following commands configure virtual routing interface 1, which is connected to the firewalls.
Because both firewalls are in the same sub-net, you must configure the ServerIron ADX’s IP
interface with the firewalls on a virtual routing interface. Otherwise, you cannot configure the same
address on more than one port.
The first three commands configure the VLAN. The last two commands configure an IP address on
the interface. The IP address is assigned to all the ports in the VLAN associated with the virtual
routing interface.
SI-External(config)# vlan 10
SI-External(config-vlan-10)# untagged ethernet 4/1 to 4/4
SI-External(config-vlan-10)# router-interface ve 1
SI-External(config-vlan-10)# exit
SI-External(config)# interface ve 1
SI-External(config-ve-1)# ip address 10.10.1.111 255.255.255.0
SI-External(config-ve-1)# exit
The following commands configure virtual routing interface 2, which is connected to the client.
SI-External(config)# vlan 20
SI-External(config-vlan-20)# untagged ethernet 4/5 to 4/24
SI-External(config-vlan-20)# router-interface ve 2
SI-External(config-vlan-20)# exit
SI-External(config)# interface ve 2
SI-External(config-ve-2)# ip address 10.10.7.101 255.255.255.0
SI-External(config-ve-2)# exit
Because Figure 8 on page 31 shows only one port connected to one client, you could configure the
IP address on the physical port attached to the client instead of configuring the address on a
separate VLAN. This example uses a virtual routing interface to demonstrate that you can use
multiple virtual routing interfaces in your configuration.
The following command configures an IP default route. The first two "0.0.0.0" portions of the
address are the IP address and network mask. Always specify zeroes when configuring an IP
default route. The third value is the IP address of the next-hop gateway for the default route. In
most cases, you can specify the IP address of one of the firewalls as the next hop. Specifying the
default route is the Layer 3 equivalent of specifying the default gateway.
SI-External(config)# ip route 0.0.0.0 0.0.0.0 10.10.1.5
The following commands add the firewall definitions.
SI-External(config)# server fw-name fw1 10.10.1.5
SI-External(config-rs-fw1)# port http
SI-External(config-rs-fw1)# exit
SI-External(config)# server fw-name fw2 10.10.1.6
SI-External(config-rs-fw2)# port http
SI-External(config-rs-fw2)# exit
The following commands add the firewall definitions to the firewall port group.
SI-External(config)# server fw-group 2
SI-External(config-fw-2)# fw-name fw1
SI-External(config-fw-2)# fw-name fw2
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 1.643 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals