Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller System Reference Guide

461

53-1003099-01

8

4. Review the following VLAN configuration parameters to determine whether an override is

warranted:

5. Select Add to define a new bridge VLAN configuration, Edit to modify an existing bridge VLAN

configuration or Delete to remove a VLAN configuration.

FIGURE 50

Bridge VLAN - General tab

The General tab displays by default.

VLAN

Lists the numerical identifier defined for the Bridge VLAN when initially created. The available range is
from 1 - 4095. This value cannot be modified during the edit process.

Description

Lists a description of the VLAN assigned when it was created or modified. The description should be
unique to the VLAN’s specific configuration and help differentiate it from other VLANs with similar
configurations.

Edge VLAN Mode

Defines whether the VLAN is currently in edge VLAN mode. A green checkmark defines the VLAN as
extended. An edge VLAN is the VLAN where hosts are connected. For example, if VLAN 10 is denied
with wireless clients, and VLAN 20 is where the default gateway resides, VLAN 10 should be marked
as an edge VLAN and VLAN 20 shouldn’t. When defining a VLAN as an edge VLAN, the firewall
enforces additional checks on hosts in that VLAN. For example, a host cannot move from an edge
VLAN to another VLAN and still keep firewall flows active.

Trust ARP Response

When ARP trust is enabled, a green checkmark displays. When disabled, a red “X” displays. Trusted
ARP packets are used to update the IP-MAC Table to prevent IP spoof and arp-cache poisoning
attacks.

Trust DHCP Responses

When DHCP trust is enabled, a green checkmark displays. When disabled, a red “X” displays. When
enabled, DHCP packets from a DHCP server are considered trusted and permissible. DHCP packets
are used to update the DHCP Snoop Table to prevent IP spoof attacks.