IP Source Guard
You can use IP Source Guard (IPSG) together with DAI on untrusted ports. The Brocade implementation of the IP Source Guard feature
supports conguration on a port, on specic VLAN memberships on a port (for Layer 2 devices only), and on specic ports on a virtual
Ethernet (VE) interface (for Layer 3 devices only). For more information on IPSG, refer to the FastIron Ethernet Switch Security
Conguration Guide.
Conguring Multi-VRF
Conguring VRF system-max values
Use this example procedure to modify the default system-max values to accommodate Multi-VRF.
The default system-max value must be congured because the device does not have routing table space for user VRFs.
Do the following to congure system-max values on a Brocade ICX 7450.
In this example, two user VRFs are congured with 512 maximum routes on each VRF. The ip-route-default-vrf and ip-route-vrf values
must be modied. The write memory and reload commands are required after the modication.
Once the device has rebooted after the reload, enter the show default values command to display the system-max settings.
1. Verify the default values.
device(config)# show default values
sys log buffers:50 mac age time:300 sec telnet sessions:5
ip arp age:10 min bootp relay max hops:4 ip ttl:64 hops
ip addr per intf:24
:
:
System Parameters Default Maximum Current Configured
ip-arp 4000 64000 4000 4000
ip-static-arp 512 6000 512 512
pim-mcache 1024 4096 1024 1024
:
:
ip-route 12000 15168 12000 12000
ip-static-route 64 2048 64 64
:
:
ip-vrf 16 16 16 16
ip-route-default-vrf 12000 15168 12000 12000
ip6-route-default-vr 908 2884 908 908
ip-route-vrf 1024 15168 1024 1024
ip6-route-vrf 100 2884 100 100
device(config)#
Conguring Multi-VRF
FastIron Ethernet Switch Layer 3 Routing
53-1003627-04 563