1. Manuals
  2. Brands
  3. Brocade Communications Systems Manuals
  4. Network Router
  5. 5600 vRouter
  6. Configuration manual

Using Vrrp With A Zone-Based Firewall; Enabling Control Plane Policing - Brocade Communications Systems 5600 vRouter Configuration Manual

Hide thumbs Also See for 5600 vRouter:
Table of Contents

Advertisement

TABLE 15 Applying a firewall rule set to a VRRP interface (continued)
Step

Using VRRP with a zone-based firewall

When a physical interface or virtual interface has a VRRP interface defined, all incoming traffic arrives through the VRRP interface. Zone-
based firewalls drop all traffic in and out unless explicitly allowed. Therefore, if you are using VRRP interfaces with a zone-based firewall,
you must make sure you include the VRRP interfaces in your zone.
To use VRRP interface in a zone you must attach the physical interface on which VRRP is enabled. The configuration is the same as
zone configuration on a physical interface, the only difference is that VRRP is running on this interface.

Enabling control plane policing

This section provides configuration examples on how to enable or disable CPP on Brocade 5600 vRouter data plane and loopback
interfaces.
To enable or disable CPP on a data plane interface, perform the following steps in configuration mode.
TABLE 16 Enabling and disabling CPP on a data plane interface
Step
Enable CPP on a data plane interface by applying a firewall
instance or rule set with the local keyword.
Commit the configuration.
Show the CPP configuration.
Disable CPP by deleting a data plane interface that is
applied with a firewall instance or rule set with local keyword.
Commit the configuration.
To enable or disable CPP on the lo loopback interface, perform the following steps in configuration mode.
36
Command
}
mtu 1500
vrrp {
vrrp-group 15 {
}
}
Command
vyatta@R1# set interfaces dataplane dp0s4 firewall local
cpp_group
vyatta@R1# commit
vyatta@R1# show interfaces dataplane dp0s4 firewall local
cpp_group
interfaces
{
dataplane dp0s4 {
}
vyatta@R1# delete interfaces dataplane dp0s4 firewall local
cpp_group
vyatta@R1# commit
advertise-interval 1
preempt true
sync-group test
virtual-address 172.16.1.25
firewall {
local cpp_group
}
}
Brocade 5600 vRouter Firewall Configuration Guide
Configuration Examples
53-1004253-01

Advertisement

Table of Contents
loading

Related Manuals for Brocade Communications Systems 5600 vRouter

Related Content for Brocade Communications Systems 5600 vRouter

Table of Contents