Configuring High Availability VLANs
page 3-16 Release 5.1.6.R02 User Guide Supplement June 2005
Application Example 1: Firewall Cluster
This section describes how to configure the traditional firewall implementation, which uses a third-party
high availability firewall cluster, described in “Traditional Firewall Implementation” on page 3-7. As
shown in the figure on page 3-7, traffic from the Internet comes into the switch through high availability
VLAN 10 ingress ports. This VLAN has three egress ports (2/9, 2/10, and 3/5) that connect to the third-
party high availability firewall cluster. The firewall cluster is connected to three ports (4/1, 5/3, 7/6) that
belong to standard VLAN 20. This VLAN connects to devices within a private network.
Follow the steps below to configure the necessary high availability VLAN on an OmniSwitch.
1 Create a default VLAN for HA VLAN 10 ports with the vlan command as shown below:
-> vlan 5
2 Assign ports to the new default VLAN with the vlan port default command as shown below:
-> vlan 5 port default 1/1 2/9 2/10 3/5
3 Configure VLAN 10, which will have the ingress ports, with the vlan command as shown below:
-> vlan 10
4 Assign the ingress port 1/1 to VLAN 10 with the vlan port-mac ingress-port command as shown
below:
-> vlan 10 port-mac ingress-port 1/1
5 Assign the egress ports 2/9, 2/10, and 3/5 to VLAN 10 with the vlan port-mac egress-port command
as shown below:
-> vlan 10 port-mac egress-port 2/9-10 3/5
6 Configure standard VLAN 20, which will carry authorized traffic to the private network, with the vlan
command as shown below:
-> vlan 20
7 Assign destination MAC addresses to VLAN 10 with the mac-address-table port-mac vlan mac
command as shown below:
-> mac-address-table port-mac vlan 10 mac 00:95:2A:01:3C:10