Resource Orchestrator provides sample rulesets for the L2 switch used in the standard model in which firewall and server load balancer are used. The sample ruleset names are shown below.

tag_vlan_net--SR-X300
tag_vlan_net--SR-X300_n

For system that sets tagged VLAN network
Tagged VLAN is set to port by using tag_vlan_port--SR-X300 or tag_vlan_port--SR-X300_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters need to be customized

The target of customizing is a parameter in all the related script list.
The list of parameters needs to be customized is shown.

Table G.3 The list of parameters needs to be customized (For SR-X300 tagged VLAN setting)

Parameter	Details of Modification	Ruleset name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	tag_vlan_net--SR-X300 tag_vlan_net--SR-X300_n
%UP_PORT1%	Change this to the physical port number connected to the firewall or the server load balancer. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X300
	Change this to the physical port number connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X300_2
	Change this to the physical port number of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X300_3
%UP_PORT2%	Change this to the physical port number connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X300_2
	Change this to the physical port number of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be equal to that of %UP_PORT1%. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X300_3
%UP_PORT3%	Change this to the physical port number of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X300_3
%UP_PORT4%	Change this to the physical port number of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be equal to that of %UP_PORT3%. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X300_3
%DOWN_PORT1%	Change this to the physical port number connected to the server. When there are some physical ports connected to servers, change sample script.	tag_vlan_net--SR-X300 tag_vlan_net--SR-X300_2
	Change this to the physical port number of LAG connected to the server.	tag_vlan_net--SR-X300_3
%DOWN_PORT2%	Change this to physical port number of LAG connected to the server. Note that this port number must not be equal to that of %DOWN_PORT1%. When there are several LAGs connected to the server, change sample script.	tag_vlan_net--SR-X300_3

tag_vlan_port--SR-X300
tag_vlan_port--SR-X300_n

For SR-X300 that sets tagged VLAN to the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specfic ruleset registration folder of the network device.

untag_vlan_net--SR-X300
untag_vlan_net--SR-X300_n

For system that sets untagged VLAN network
Port VLAN is set to port by using untag_vlan_port--SR-X300 or untag_vlan_port--SR-X300_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters need to be customized

The target of customizing is a parameter in all the related script list.
The list of parameters needs to be customized is shown.

Table G.4 The list of parameters needs to be customized (For SR-X300 port VLAN setting)

Parameter	Details of Modification	Ruleset name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	untag_vlan_net--SR-X300 untag_vlan_net--SR-X300_n
%UP_PORT1%	Change this to the physical port number connected to the firewall or the server load balancer. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X300
	Change this to the physical port number connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X300_2
	Change this to the physical port number of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X300_3
%UP_PORT2%	Change this to the physical port number connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X300_2
	Change this to the physical port number of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be equal to that of %UP_PORT1%. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X300_3
%UP_PORT3%	Change this to the physical port number of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X300_3
%UP_PORT4%	Change this to the physical port number of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be equal to that of %UP_PORT3%. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X300_3
%DOWN_PORT1%	Change this to the physical port number connected to the server. When there are some physical ports connected to servers, change sample script.	untag_vlan_net--SR-X300 untag_vlan_net--SR-X300_2
	Change this to the physical port number of LAG connected to the server.	untag_vlan_net--SR-X300_3
%DOWN_PORT2%	Change this to physical port number of LAG connected to the server. Note that this port number must not be equal to that of %DOWN_PORT1%. When there are several LAGs connected to the server, change sample script.	untag_vlan_net--SR-X300_3

untag_vlan_port--SR-X300
untag_vlan_port--SR-X300_n

For SR-X300 that sets port VLAN to the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specfic ruleset registration folder of the network device.

n: Number of "2" or larger

tag_vlan_net--SR-X500
tag_vlan_net--SR-X500_n

For system that sets tagged VLAN network
Tagged VLAN is set to port by using tag_vlan_port--SR-X500 or tag_vlan_port--SR-X500_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters need to be customized

The target of customizing is a parameter in all the related script list.
The list of parameters needs to be customized is shown.

Table G.5 The list of parameters needs to be customized (For SR-X500 tagged VLAN setting)

Parameter	Details of Modification	Ruleset name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	tag_vlan_net--SR-X500 tag_vlan_net--SR-X500_n
%UP_PORT1%	Change this to the physical port number connected to the firewall or the server load balancer. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X500
	Change this to the physical port number connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X500_2
	Change this to the physical port number of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X500_3
%UP_PORT2%	Change this to the physical port number connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X500_2
	Change this to the physical port number of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be equal to that of %UP_PORT1%. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X500_3
%UP_PORT3%	Change this to the physical port number of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X500_3
%UP_PORT4%	Change this to the physical port number of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be equal to that of %UP_PORT3%. When there are some physical ports connected to servers or server load balancers, change sample script.	tag_vlan_net--SR-X500_3
%DOWN_PORT1%	Change this to the physical port number connected to the server. When there are some physical ports connected to servers, change sample script.	tag_vlan_net--SR-X500 tag_vlan_net--SR-X500_2
	Change this to the physical port number of LAG connected to the server.	tag_vlan_net--SR-X500_3
%DOWN_PORT2%	Change this to physical port number of LAG connected to the server. Note that this port number must not be equal to that of %DOWN_PORT1%. When there are several LAGs connected to the server, change sample script.	tag_vlan_net--SR-X500_3

tag_vlan_port--SR-X500
tag_vlan_port--SR-X500_n

For SR-X500 that sets tagged VLAN to the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specfic ruleset registration folder of the network device.

untag_vlan_net--SR-X500
untag_vlan_net--SR-X500_n

For system that sets untagged VLAN network
Port VLAN is set to port by using untag_vlan_port--SR-X500 or untag_vlan_port--SR-X500_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters need to be customized

The target of customizing is a parameter in all the related script list.
The list of parameters needs to be customized is shown.

Table G.6 The list of parameters needs to be customized (For SR-X500 port VLAN setting)

Parameter	Details of Modification	Ruleset name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	untag_vlan_net--SR-X500 untag_vlan_net--SR-X500_n
%UP_PORT1%	Change this to the physical port number connected to the firewall or the server load balancer. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X500
	Change this to the physical port number connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X500_2
	Change this to the physical port number of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X500_3
%UP_PORT2%	Change this to the physical port number connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X500_2
	Change this to the physical port number of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be equal to that of %UP_PORT1%. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X500_3
%UP_PORT3%	Change this to the physical port number of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X500_3
%UP_PORT4%	Change this to the physical port number of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be equal to that of %UP_PORT3%. When there are some physical ports connected to servers or server load balancers, change sample script.	untag_vlan_net--SR-X500_3
%DOWN_PORT1%	Change this to the physical port number connected to the server. When there are some physical ports connected to servers, change sample script.	untag_vlan_net--SR-X500 untag_vlan_net--SR-X500_2
	Change this to the physical port number of LAG connected to the server.	untag_vlan_net--SR-X500_3
%DOWN_PORT2%	Change this to physical port number of LAG connected to the server. Note that this port number must not be equal to that of %DOWN_PORT1%. When there are several LAGs connected to the server, change sample script.	untag_vlan_net--SR-X500_3

untag_vlan_port--SR-X500
untag_vlan_port--SR-X500_n

For SR-X500 that sets port VLAN to the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specfic ruleset registration folder of the network device.

n: Number of "2" or larger

tag_vlan_net--Catalyst
tag_vlan_net--Catalystn

For system that sets tagged VLAN network
Tagged VLAN is set to port by using tag_vlan_port--Catalyst or tag_vlan_port--Catalystn.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters need to be customized

The target of customizing is a parameter in all the related script list.
The list of parameters needs to be customized is shown.

Table G.7 The list of parameters needs to be customized (Catalyst tagged VLAN setting)

Parameter	Details of Modification	Ruleset name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	tag_vlan_net--Catalyst tag_vlan_net--Catalystn
%UP_PORT1%	Change this to the physical interface name connected to the firewall or the server load balancer. When there are some physical interfaces connected to servers or server load balancers, change sample script.	tag_vlan_net--Catalyst
	Change this to the physical interface name connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical interfaces connected to servers or server load balancers, change sample script.	tag_vlan_net--Catalyst2
	Change this to the physical interface name of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical interfaces connected to servers or server load balancers, change sample script.	tag_vlan_net--Catalyst3
%UP_PORT2%	Change this to the physical interface name connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical interfaces connected to servers or server load balancers, change sample script.	tag_vlan_net--Catalyst2
	Change this to the physical interface name of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be equal to that of %UP_PORT1%. When there are some physical interfaces connected to servers or server load balancers, change sample script.	tag_vlan_net--Catalyst3
%UP_PORT3%	Change this to the physical interface name of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical interfaces connected to servers or server load balancers, change sample script.	tag_vlan_net--Catalyst3
%UP_PORT4%	Change this to the physical interface name of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. Note that this interface name must not be equal to that of %UP_PORT3%. When there are some physical interfaces connected to servers or server load balancers, change sample script.	tag_vlan_net--Catalyst3
%DOWN_PORT1%	Change this to the physical interface name connected to the server. When there are some physical interfaces connected to servers, change sample script.	tag_vlan_net--Catalyst tag_vlan_net--Catalyst2
	Change this to the physical interface name of LAG connected to the server.	tag_vlan_net--Catalyst3
%DOWN_PORT2%	Change this to physical interface name of LAG connected to the server. Note that this interface must not be equal to that of %DOWN_PORT1%. When there are plural physical LAG interface connected to the server, change sample script.	tag_vlan_net--Catalyst3

tag_vlan_port--Catalyst
tag_vlan_port--Catalystn

For Catalyst that sets tagged VLAN to the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specfic ruleset registration folder of the network device.

untag_vlan_net--Catalyst
untag_vlan_net--Catalystn

For system that sets untagged VLAN network
Port VLAN is set to port by using untag_vlan_port--Catalyst or untag_vlan_port--Catalystn.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters need to be customized

The target of customizing is a parameter in all the related script list.
The list of parameters needs to be customized is shown.

Table G.8 The list of parameters needs to be customized (Catalyst port VLAN setting)

Parameter	Details of Modification	Ruleset name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	untag_vlan_net--Catalyst untag_vlan_net--Catalystn
%UP_PORT1%	Change this to the physical interface name connected to the firewall or the server load balancer. When there are some physical interfaces connected to servers or server load balancers, change sample script.	untag_vlan_net--Catalyst
	Change this to the physical interface name connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical interfaces connected to servers or server load balancers, change sample script.	untag_vlan_net--Catalyst2
	Change this to the physical interface name of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical interfaces connected to servers or server load balancers, change sample script.	untag_vlan_net--Catalyst3
%UP_PORT2%	Change this to the physical interface name connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical interfaces connected to servers or server load balancers, change sample script.	untag_vlan_net--Catalyst2
	Change this to the physical interface name of LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. Note that this interface name must not be equal to that of %UP_PORT1%. When there are some physical interfaces connected to servers or server load balancers, change sample script.	untag_vlan_net--Catalyst3
%UP_PORT3%	Change this to the physical interface name of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical interfaces connected to servers or server load balancers, change sample script.	untag_vlan_net--Catalyst3
%UP_PORT4%	Change this to the physical interface name of LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. Note that this interface name must not be equal to that of %UP_PORT3%. When there are some physical interfaces connected to servers or server load balancers, change sample script.	untag_vlan_net--Catalyst3
%DOWN_PORT1%	Change this to the physical interface name connected to the server. When there are some physical interfaces connected to servers, change sample script.	untag_vlan_net--Catalyst untag_vlan_net--Catalyst2
	Change this to the physical interface name of LAG connected to the server.	untag_vlan_net--Catalyst3
%DOWN_PORT2%	Change this to physical interface name of LAG connected to the server. Note that this interface name must not be equal to that of %DOWN_PORT1%. When there are plural physical LAG interface connected to the server, change sample script.	untag_vlan_net--Catalyst3

untag_vlan_port--Catalyst
untag_vlan_port--Catalystn

For Catalyst that sets port VLAN to the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specfic ruleset registration folder of the network device.

n: Number of "2" or larger