Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 181

Advertising
background image

Brocade Mobility RFS Controller System Reference Guide

169

53-1003099-01

5

10. Set or override the following Extended VLAN Tunnel parameters:

NOTE

Local and Automatic bridging modes do not work with ACLs. ACLs can only be used with tunnel or
isolated-tunnel modes.

11. Set or override the following Layer 2 Firewall parameters:

12. Select the IGMP Snooping tab.

Bridging Mode

Specify one of the following bridging mode for use on the VLAN.

Automatic - Select automatic mode to let the controller or service platform
determine the best bridging mode for the VLAN.

Local - Select Local to use local bridging mode for bridging traffic on the
VLAN.

Tunnel - Select Tunnel to use a shared tunnel for bridging traffic on the VLAN.

Isolated Tunnel - Select isolated-tunnel to use a dedicated tunnel for bridging
traffic on the VLAN.

IP Outbound Tunnel ACL

Select an IP Outbound Tunnel ACL for outbound traffic from the drop-down menu.
If an appropriate outbound IP ACL is not available, select the Create button.

MAC Outbound Tunnel
ACL

Select a MAC Outbound Tunnel ACL for outbound traffic from the drop-down
menu. If an appropriate outbound MAC ACL is not available, select the Create
button.

Tunnel Over Level 2

Select this option to allow VLAN traffic to be tunneled over level 2 links. This
setting is disabled by default.

Trust ARP Response

Select the check box to use trusted ARP packets to update the DHCP Snoop Table to prevent IP spoof
and ARP-cache poisoning attacks. This feature is disabled by default.

Trust DHCP Responses

Select the check box to use DHCP packets from a DHCP server as trusted and permissible within the
managed network. DHCP packets are used to update the DHCP Snoop Table to prevent IP spoof
attacks. This feature is disabled by default.

Edge VLAN Mode

Select the check box to enable edge VLAN mode. When selected, the edge controller or service
platform’s IP address in the VLAN is not used for normal operations, as its now designated to isolate
devices and prevent connectivity. This feature is enabled by default.

Advertising
Popular Brands
Popular manuals