1
General Discussion / Re: VXLAN setup
« on: November 28, 2023, 10:44:53 am »
1. If doing this on VMware check the port security on the ports connecting to the firewall.
2. OPT1 Physical interface will be for the connection of VXLAN
Router A
Add interface>Other types>VXLAN
VNI=1
Source address= local L3 Interface facing Router B
Remote address= remote L3 Interface on Router B
Interface> Assignments
Add OPT1( where the l2 network will connect)
Add new vxlan interface.
Interface > VXLAN
Enable Interface
No IP address
Interface > OPT1
Enable Interface
No IP address
Add interface>Other types>Bridge
members= OPT1 + vxlan
Interface> Assignments
Add Bridge
Interface > Bridge
Enable Interface
Add the l3 network gateway IP address here for the l2 subnet
System > Tunables
net.link.bridge.pfil_bridge (Set to 1 to enable filtering on the bridge interface) = 1
net.link.bridge.pfil_member (Set to 0 to disable filtering on the incoming and outgoing member interfaces. ) = 0
REBOOT!!!!!!!
Firewall Rules > Bridge
Do the firewall rules here
Repeat for Router B
swap the IP address on the vxlan device
If it not working check the device that you are plugging the firewall into for security at layer 2 eg vmware port security
2. OPT1 Physical interface will be for the connection of VXLAN
Router A
Add interface>Other types>VXLAN
VNI=1
Source address= local L3 Interface facing Router B
Remote address= remote L3 Interface on Router B
Interface> Assignments
Add OPT1( where the l2 network will connect)
Add new vxlan interface.
Interface > VXLAN
Enable Interface
No IP address
Interface > OPT1
Enable Interface
No IP address
Add interface>Other types>Bridge
members= OPT1 + vxlan
Interface> Assignments
Add Bridge
Interface > Bridge
Enable Interface
Add the l3 network gateway IP address here for the l2 subnet
System > Tunables
net.link.bridge.pfil_bridge (Set to 1 to enable filtering on the bridge interface) = 1
net.link.bridge.pfil_member (Set to 0 to disable filtering on the incoming and outgoing member interfaces. ) = 0
REBOOT!!!!!!!
Firewall Rules > Bridge
Do the firewall rules here
Repeat for Router B
swap the IP address on the vxlan device
If it not working check the device that you are plugging the firewall into for security at layer 2 eg vmware port security