Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

462

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

8

6. If adding a new Bridge VLAN configuration, use the spinner control to define a VLAN ID

between 1 - 4094. This value must be defined and saved before the General tab can become
enabled and the remainder of the settings defined. VLAN IDs 0 and 4095 are reserved and
unavailable.

7. Set the following General bridge VLAN parameters:

8. Set the following Extended VLAN Tunnel parameters:

NOTE

Local and Automatic bridging modes do not work with ACLs. ACLs can only be used with tunnel or
isolated-tunnel modes.

9. Set the following Layer 2 Firewall parameters:

10. Select the OK button to save the changes to the General tab. Select Reset to revert to the last

saved configuration.

11. Select the IGMP Snooping tab to define the VLAN’s IGMP configuration.

Description

If creating a new Bridge VLAN, provide a description (up to 64 characters) unique to the VLAN’s
specific configuration to help differentiate it from other VLANs with similar configurations.

Per VLAN Firewall

Enable this setting to provide firewall allow and deny conditions over the bridge VLAN. This setting is
enabled by default.

L2 Tunnel Broadcast
Optimization

Select this option to enhance (optimize) layer 2 traffic broadcast packet transmissions. This settings
is disabled by default.

Bridging Mode

Specify one of the following bridging modes for the VLAN.

•

Automatic: Select automatic to let the controller or service platform determine the best bridging
mode for the VLAN.

•

Local: Select Local to use local bridging mode for bridging traffic on the VLAN.

•

Tunnel: Select Tunnel to use a shared tunnel for bridging traffic on the VLAN.

•

Isolated-Tunnel: Uses a dedicated tunnel for bridging traffic on the VLAN.

IP Outbound Tunnel ACL

Select an IP Outbound Tunnel ACL for outbound traffic from the drop-down menu. If an appropriate
outbound IP ACL is not available, select the Create button to make a new one.

MAC Outbound Tunnel
ACL

Select a MAC Outbound Tunnel ACL for outbound traffic from the drop-down menu. If an appropriate
outbound MAC ACL is not available click the Create button to make a new one.

Tunnel Over Level 2

Select this option to allow VLAN traffic to be tunneled over level 2 links. This setting is disabled by
default.

Trust ARP Response

Select this option to use trusted ARP packets to update the DHCP Snoop Table to prevent IP spoof and
arp-cache poisoning attacks. This feature is disabled by default.

Trust DHCP Responses

Select this option to use DHCP packets from a DHCP server as trusted and permissible within the
managed network. DHCP packets are used to update the DHCP Snoop Table to prevent IP spoof
attacks. This feature is disabled by default.

Edge VLAN Mode

Select this option to enable edge VLAN mode. When selected, the edge controller or service
platform’s IP address in the VLAN is not used, and is now designated to isolate devices and prevent
connectivity. This feature is enabled by default.