Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 8
Registered: ‎09-13-2011

Filtering traffic to VIP

Hello All,

We have gotten a request to filter traffic to a certain port on a VIP.

We have found the relevant material in the switching and routing guide, but we still have a question.

In this guide they refer to a permit all rule (1024) so as to not block other traffic when enabling the ip filter.

In doing so we would only block known unwanted traffic. Is there a setup where you can just whitelist for one specific VIP and not have to include all other VIPs on the serveriron?

thank you for your time.

Occasional Contributor
Posts: 8
Registered: ‎09-13-2011

Re: Filtering traffic to VIP

the command I am referring to is

ip filter

or would you suggest using an access-list, if so how would you bind it for usage.

thanks.

Contributor
Posts: 47
Registered: ‎07-14-2010

Re: Filtering traffic to VIP

How about below?

SSH@ServerIronADX 1000(config)# server vir vip1 1.1.1.1
SSH@ServerIronADX 1000(config-vs-vip1)# acl-id 101
SSH@ServerIronADX 1000(config-vs-vip1)#
SSH@ServerIronADX 1000(config-vs-vip1)#
SSH@ServerIronADX 1000(config-vs-vip1)#exit
SSH@ServerIronADX 1000(config)# access-list 101 deny tcp host 1.2.3.4 any eq 80
SSH@ServerIronADX 1000(config)#

But, applying ACL in interface would be much better than acl-id from my point of view. Please show me show version if you have further question.

Thanks.

//Kono

Occasional Contributor
Posts: 8
Registered: ‎09-13-2011

Re: Filtering traffic to VIP

SW: Version 11.0.00cTD4 Copyright (c) 1996-2007 Foundry Networks, Inc.
      Compiled on Sep 08 2009 at 18:33:28 labeled as WXR11000c
  HW: ServerIronGT E-1 Router, SYSIF version 21, Serial #: Non-exist
==========================================================================
SL 1: B0GMR WSM6 Management Module, SYSIF 2, M6, ACTIVE
      Serial #:   CHXXXXXXXXX
    0 MB SHM, 1 Application Processors
16384 KB BRAM, SMC version 5, BM version 21
  SW: (1)11.0.00cTF2
==========================================================================
SL 2: J-BxG16 JetCore Gig Fiber Module, SYSIF 2 (Mini GBIC)
      Serial #:   CHXXXXXXXXX
4096 KB BRAM, JetCore ASIC IGC version 49, BIA version 8a
32768 KB PRAM and 2M-Bit*1 CAM for IGC  4, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC  5, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC  6, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC  7, version 0449
==========================================================================
Active management module:
  1.0 GHz Power PC processor 750GX (version 7002/0112) 66 MHz bus
  512 KB boot flash memory
16384 KB code flash memory
  512 KB SRAM
  512 MB DRAM
The system uptime is 475 days 21 hours 5 minutes 13 seconds
The system started at 12:13:43 GMT+01 Fri Dec 03 2010

The system : started=warm start   reloaded=by "reload"

so we should bind access-list to the ve interface, since this serveriron uses a trunk to connect to the another switch.

conf t

int ve 1

ip access-group 101

Thank you for your time

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.