Considerations when configuring vlan bridging, Configuring vlan bridging – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

38

ServerIron ADX Security Guide

53-1002440-03

Traffic segmentation

1

Considerations when configuring VLAN bridging

The following considerations apply when configuring VLAN bridging:

•

Up to 64 unique-pair VLAN bridges can be configured.

•

A VLAN cannot be part of two different VLAN bridges.

•

Two VLANs forming a bridge must have the same set of member ports on the ServerIron ADX
where they are joined.

•

The Control VLAN (4094) and system default VLAN cannot be used for VLAN bridging.

•

The hot-standby scenario is the only High Availability configuration supported with VLAN
bridging. In a hot-standby scenario with one-armed topology, after fail over, the existing session
may not be continued if the Layer-2 Switch in the middle cannot learn the MAC address of the
Gateway through the newly-active ServerIron ADX in time.

•

VLAN bridging is only supported with switch code. It is not supported with the ServerIron ADX
router code.

•

VLAN bridging is not supported with the SYN-proxy feature.

•

All ports within a VLAN bridge must be tagged members of a VLAN and its associated bridged
VLAN.

•

MAC learning is shared for VLANs that are bridged together.

Configuring VLAN bridging

The vlan-bridge command is used to configure VLAN bridging. To configure VLAN 10 and VLAN 12
for VLAN bridging, use the following command.

ServerIron(config)# vlan-bridge 10 12

Syntax: [no] vlan-bridge

The variables specify the pair of VLANs that you want to create VLAN bridging for.

Layer-2
Switch

Gateway

ServerIron ADX
(active)

Vlan 2

Vlan 3

Vlan 4

Domain1

Domain2

Domain3

Vlan -Bridging
2-12, 3-13, 4-14

Vlans
2, 3, 4, 12, 13, 14

Vlans
12, 13, 14

Vlans
2, 3, 4, 12, 13, 14

Vlan -Bridging
2-12, 3-13, 4-14

ServerIron ADX
(standby)