1. Manuals
  2. Brands
  3. Brocade Communications Systems Manuals
  4. Network Router
  5. 5600 vRouter
  6. Configuration manual

Applying A Rule Set To A Vrrp Interface - Brocade Communications Systems 5600 vRouter Configuration Manual

Hide thumbs Also See for 5600 vRouter:
Table of Contents

Advertisement

Applying a rule set to a VRRP interface

When a host sends a packet to the router, the packet ingresses through the VRRP interface. But when the router sends traffic to the host,
traffic egresses through the parent interface or virtual interface.
The firewall rule sets for the VRRP interface and the physical interface are independent. Specifically, packet-filtering rules applied to
incoming traffic on the parent interface are not applied to traffic arriving on the VRRP interface. When designing firewall rule sets for
incoming traffic, make sure you apply an appropriate rule set for your VRRP interface; otherwise, all incoming traffic is unfiltered.
The example in
Filtering on source IP address
source IP address. The following example shows how to apply the same rule set to inbound traffic on the VRRP interface. In this
example, the dp0p1p3 interface is already configured. Specifically:
It is a member of VRRP group 15.
It has rule set FWTEST-1 applied for inbound traffic.
To apply the rule set to the VRRP interface, perform the following steps in configuration mode.
TABLE 15 Applying a firewall rule set to a VRRP interface
Step
View the initial configuration for the interfaces.
Attach the same FW-TEST1 rule set for inbound traffic on the VRRP
interface.
Commit the configuration.
Show the configuration.
Brocade 5600 vRouter Firewall Configuration Guide
53-1004253-01
on page 22 shows how to define a simple firewall rule set, FWTEST-1, which filters on
Command
vyatta@R1# show interfaces
dataplane dp0p160p1 {
address 10.1.32.73/24
mtu 1500
}
dataplane dp0p192p1 {
address 10.10.10.3/24
address 2014:14::3/64
mtu 1500
vrrp {
vrrp-group 10 {
virtual-address 10.10.10.50
}
}
}
dataplane dp0p224p1 {
address 192.168.1.1/24
ip {
}
mtu 1500
}
dataplane dp0p256p1 {
address 20.20.20.3/24
address 2020:20::3/64
mtu 1500
}
loopback lo {
ipv6 {
}
}
vyatta@R1# set interfaces dataplane dp0p192p1
firewall in NEGATED-EXAMPLE
vyatta@R1# commit
vyatta@R1# show interfaces dataplane dp0p192p1
address 172.16.1.20/24
firewall {
in FWTEST-1
Configuration Examples
35

Advertisement

Table of Contents
loading

Related Manuals for Brocade Communications Systems 5600 vRouter

Related Content for Brocade Communications Systems 5600 vRouter

Table of Contents