Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 8
Registered: ‎09-13-2011

Filtering traffic to VIP

Hello All,

We have gotten a request to filter traffic to a certain port on a VIP.

We have found the relevant material in the switching and routing guide, but we still have a question.

In this guide they refer to a permit all rule (1024) so as to not block other traffic when enabling the ip filter.

In doing so we would only block known unwanted traffic. Is there a setup where you can just whitelist for one specific VIP and not have to include all other VIPs on the serveriron?

thank you for your time.

Occasional Contributor
Posts: 8
Registered: ‎09-13-2011

Re: Filtering traffic to VIP

the command I am referring to is

ip filter

or would you suggest using an access-list, if so how would you bind it for usage.

thanks.

Contributor
Posts: 47
Registered: ‎07-14-2010

Re: Filtering traffic to VIP

How about below?

SSH@ServerIronADX 1000(config)# server vir vip1 1.1.1.1
SSH@ServerIronADX 1000(config-vs-vip1)# acl-id 101
SSH@ServerIronADX 1000(config-vs-vip1)#
SSH@ServerIronADX 1000(config-vs-vip1)#
SSH@ServerIronADX 1000(config-vs-vip1)#exit
SSH@ServerIronADX 1000(config)# access-list 101 deny tcp host 1.2.3.4 any eq 80
SSH@ServerIronADX 1000(config)#

But, applying ACL in interface would be much better than acl-id from my point of view. Please show me show version if you have further question.

Thanks.

//Kono

Occasional Contributor
Posts: 8
Registered: ‎09-13-2011

Re: Filtering traffic to VIP

SW: Version 11.0.00cTD4 Copyright (c) 1996-2007 Foundry Networks, Inc.
      Compiled on Sep 08 2009 at 18:33:28 labeled as WXR11000c
  HW: ServerIronGT E-1 Router, SYSIF version 21, Serial #: Non-exist
==========================================================================
SL 1: B0GMR WSM6 Management Module, SYSIF 2, M6, ACTIVE
      Serial #:   CHXXXXXXXXX
    0 MB SHM, 1 Application Processors
16384 KB BRAM, SMC version 5, BM version 21
  SW: (1)11.0.00cTF2
==========================================================================
SL 2: J-BxG16 JetCore Gig Fiber Module, SYSIF 2 (Mini GBIC)
      Serial #:   CHXXXXXXXXX
4096 KB BRAM, JetCore ASIC IGC version 49, BIA version 8a
32768 KB PRAM and 2M-Bit*1 CAM for IGC  4, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC  5, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC  6, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC  7, version 0449
==========================================================================
Active management module:
  1.0 GHz Power PC processor 750GX (version 7002/0112) 66 MHz bus
  512 KB boot flash memory
16384 KB code flash memory
  512 KB SRAM
  512 MB DRAM
The system uptime is 475 days 21 hours 5 minutes 13 seconds
The system started at 12:13:43 GMT+01 Fri Dec 03 2010

The system : started=warm start   reloaded=by "reload"

so we should bind access-list to the ve interface, since this serveriron uses a trunk to connect to the another switch.

conf t

int ve 1

ip access-group 101

Thank you for your time

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Click to Register
Download FREE NVMe eBook