Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

101

102

103

104

105

106

107

108

109

110

96 ServerIron ADX Firewall Load Balancing Guide

53-1002436-01

Configuration examples with Layer 3 routing

DRAFT: BROCADE CONFIDENTIAL

The following commands configure the zone parameters. To configure a zone, specify a name for

the zone, and then a zone number (from 1 through 10), followed by the number of the ACL that

specifies the IP addresses in the zone. In this example, the ACL numbers and zone numbers are

the same, but this is not required.

Zone1-SI-A(config)# server fw-group 2

Zone1-SI-A(config-fw-2)# fwall-zone Zone2 2 2

Zone1-SI-A(config-fw-2)# exit

The following commands configure the SLB information. Each of the servers in zones 2 and 3 is

added as a real server, and then the servers are bound to a virtual IP. The servers are added using

the server remote-name command instead of the server real-name command because the servers

are not directly connected to the ServerIron ADX. Instead, they are connected to the ServerIron ADX

through other routers (in this case, the firewalls).

Zone1-SI-A(config)# server remote-name web1 10.10.2.40

Zone1-SI-A(config-rs-web1)# port http

Zone1-SI-A(config-rs-web1)# exit

Zone1-SI-A(config)# server remote-name web2 10.10.2.42

Zone1-SI-A(config-rs-web2)# port http

Zone1-SI-A(config-rs-web2)# exit

Zone1-SI-A(config)# server remote-name web3 10.10.3.41

Zone1-SI-A(config-rs-web3)# port http

Zone1-SI-A(config-rs-web3)# exit

Zone1-SI-A(config)# server remote-name web4 10.10.3.43

Zone1-SI-A(config-rs-web4)# port http

Zone1-SI-A(config-rs-web4)# exit

Zone1-SI-A(config)# server virtual www.web.com 10.10.1.10

Zone1-SI-A(config-vs-www.web.com)# port http

Zone1-SI-A(config-vs-www.web.com)# bind http web1 http web2 http web3 http web4

http

Zone1-SI-A(config-vs-www.web.com)# exit

The following command enables SLB-to-FWLB.

Zone1-SI-A(config)# server slb-fw

The following command saves the configuration changes to the startup-config file.

Zone1-SI-A(config)# write memory

Commands on zone 1’s standby ServerIron ADX (Zone1-SI-S)

ServerIronADX> enable

ServerIronADX# configure terminal

ServerIronADX(config)# hostname Zone1-SI-S

Zone1-SI-S(config)# vlan 1

Zone1-SI-S(config-vlan-1)# always-active

Zone1-SI-S(config-vlan-1)# no spanning-tree

Zone1-SI-S(config-vlan-1)# router-interface ve 1

Zone1-SI-S(config-vlan-1)# exit

Zone1-SI-S(config)# interface ve 1

Zone1-SI-S(config-ve-1)# ip address 10.10.1.112 255.255.255.0

Zone1-SI-S(config-ve-1)# exit

Zone1-SI-S(config)# ip route 0.0.0.0 0.0.0.0 10.10.1.2

Zone1-SI-S(config)# no ip icmp redirects

Zone1-SI-S(config)# vlan 10

Zone1-SI-S(config-vlan-10)# untagged ethernet 4/9 to 4/10

Zone1-SI-S(config-vlan-10)# exit

Zone1-SI-S(config)# trunk switch ethernet 4/9 to 4/10