Resource Orchestrator provides sample rulesets for the L2 switch used in the standard model in which firewalls and server load balancers are used. The sample ruleset names are shown below.

tag_vlan_net--SR-X300
tag_vlan_net--SR-X300_n

For the systems with tagged VLAN networks configured
A tagged VLAN is set for a port using tag_vlan_port--SR-X300 or tag_vlan_port--SR-X300_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters requiring customization

The target of customizing is a parameter in all the related script lists.
The list of parameters that need to be customized is shown below.

Table G.3 List of Parameters Needing Customization: SR-X 300 Series Tagged VLAN Settings

Parameter File	Details of Modification	Ruleset Name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	tag_vlan_net--SR-X300 tag_vlan_net--SR-X300_n
%UP_PORT1%	Change this to the physical port number connected to the firewall or the server load balancer. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X300
	Change this to the physical port number connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X300_2
	Change this to the physical port number of the LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X300_3
%UP_PORT2%	Change this to the physical port number connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X300_2
	Change this to the physical port number of the LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be the same as that of %UP_PORT1%. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X300_3
%UP_PORT3%	Change this to the physical port number of the LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X300_3
%UP_PORT4%	Change this to the physical port number of the LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be the same as that of %UP_PORT3%. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X300_3
%DOWN_PORT1%	Change this to the number of the physical port connected to the server. When there are multiple physical ports connected to servers, modify the sample script.	tag_vlan_net--SR-X300 tag_vlan_net--SR-X300_2
	Change this to the physical port number of the LAG connected to the server. When there are multiple LAGs connected to the server, modify the sample script.	tag_vlan_net--SR-X300_3
%DOWN_PORT2%	Change this to the physical port number of the LAG connected to the server. Note that this port number must not be the same as that of %DOWN_PORT1%. When there are multiple LAGs connected to the server, modify the sample script.	tag_vlan_net--SR-X300_3

tag_vlan_port--SR-X300
tag_vlan_port--SR-X300_n

For an SR-X 300 series that sets a tagged VLAN for the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specific ruleset registration folder of the network device.

untag_vlan_net--SR-X300
untag_vlan_net--SR-X300_n

For the systems with untagged VLAN networks configured
A port VLAN is set for a port by using untag_vlan_port--SR-X300 or untag_vlan_port--SR-X300_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters requiring customization

The target of customizing is a parameter in all the related script lists.
The list of parameters that need to be customized is shown below.

Table G.4 List of Parameters Needing Customization: SR-X 300 Series Port VLAN Settings

Parameter File	Details of Modification	Ruleset Name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	untag_vlan_net--SR-X300 untag_vlan_net--SR-X300_n
%UP_PORT1%	Change this to the physical port number connected to the firewall or the server load balancer. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X300
	Change this to the physical port number connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X300_2
	Change this to the physical port number of the LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X300_3
%UP_PORT2%	Change this to the physical port number connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X300_2
	Change this to the physical port number of the LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be the same as that of %UP_PORT1%. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X300_3
%UP_PORT3%	Change this to the physical port number of the LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X300_3
%UP_PORT4%	Change this to the physical port number of the LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be the same as that of %UP_PORT3%. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X300_3
%DOWN_PORT1%	Change this to the number of the physical port connected to the server. When there are multiple physical ports connected to servers, modify the sample script.	untag_vlan_net--SR-X300 untag_vlan_net--SR-X300_2
	Change this to the physical port number of the LAG connected to the server. When there are multiple LAGs connected to the server, modify the sample script.	untag_vlan_net--SR-X300_3
%DOWN_PORT2%	Change this to the physical port number of the LAG connected to the server. Note that this port number must not be the same as that of %DOWN_PORT1%. When there are multiple LAGs connected to the server, modify the sample script.	untag_vlan_net--SR-X300_3

untag_vlan_port--SR-X300
untag_vlan_port--SR-X300_n

For an SR-X 300 series that sets a port VLAN for the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specific ruleset registration folder of the network device.

_n: Configuration differs depending on the number in n.

When _n is not specified: LAN channels are in a non-redundant configuration
When n is "2": LAN channels are in a redundant configuration
When n is "3": LAN channels are in a redundant configuration using link aggregation

tag_vlan_net--SR-X500
tag_vlan_net--SR-X500_n

For systems with tagged VLAN networks configured
A tagged VLAN is set for a port by using tag_vlan_port--SR-X500 or tag_vlan_port--SR-X500_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters requiring customization

The target of customizing is a parameter in all the related script lists.
The list of parameters that need to be customized is shown below.

Table G.5 List of Parameters Needing Customization: SR-X 500 Series Tagged VLAN Settings

Parameter File	Details of Modification	Ruleset Name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	tag_vlan_net--SR-X500 tag_vlan_net--SR-X500_n
%UP_PORT1%	Change this to the physical port number connected to the firewall or the server load balancer. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X500
	Change this to the physical port number connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X500_2
	Change this to the physical port number of the LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X500_3
%UP_PORT2%	Change this to the physical port number connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X500_2
	Change this to the physical port number of the LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be the same as that of %UP_PORT1%. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X500_3
%UP_PORT3%	Change this to the physical port number of the LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X500_3
%UP_PORT4%	Change this to the physical port number of the LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be the same as that of %UP_PORT3%. When there are some physical ports connected to servers or server load balancers, modify the sample script.	tag_vlan_net--SR-X500_3
%DOWN_PORT1%	Change this to the number of the physical port connected to the server. When there are multiple physical ports connected to servers, modify the sample script.	tag_vlan_net--SR-X500 tag_vlan_net--SR-X500_2
	Change this to the physical port number of the LAG connected to the server. When there are multiple LAGs connected to the server, modify the sample script.	tag_vlan_net--SR-X500_3
%DOWN_PORT2%	Change this to the physical port number of the LAG connected to the server. Note that this port number must not be the same as that of %DOWN_PORT1%. When there are multiple LAGs connected to the server, modify the sample script.	tag_vlan_net--SR-X500_3

tag_vlan_port--SR-X500
tag_vlan_port--SR-X500_n

For an SR-X 500 series that sets a tagged VLAN for the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specific ruleset registration folder of the network device.

untag_vlan_net--SR-X500
untag_vlan_net--SR-X500_n

For the systems with untagged VLAN networks configured
A port VLAN is set for a port by using untag_vlan_port--SR-X500 or untag_vlan_port--SR-X500_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters requiring customization

The target of customizing is a parameter in all the related script lists.
The list of parameters that need to be customized is shown below.

Table G.6 List of Parameters Needing Customization: SR-X 500 Series Port VLAN Settings

Parameter File	Details of Modification	Ruleset Name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	untag_vlan_net--SR-X500 untag_vlan_net--SR-X500_n
%UP_PORT1%	Change this to the physical port number connected to the firewall or the server load balancer. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X500
	Change this to the physical port number connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X500_2
	Change this to the physical port number of the LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X500_3
%UP_PORT2%	Change this to the physical port number connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X500_2
	Change this to the physical port number of the LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be the same as that of %UP_PORT1%. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X500_3
%UP_PORT3%	Change this to the physical port number of the LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X500_3
%UP_PORT4%	Change this to the physical port number of the LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. Note that this port number must not be the same as that of %UP_PORT3%. When there are some physical ports connected to servers or server load balancers, modify the sample script.	untag_vlan_net--SR-X500_3
%DOWN_PORT1%	Change this to the number of the physical port connected to the server. When there are multiple physical ports connected to servers, modify the sample script.	untag_vlan_net--SR-X500 untag_vlan_net--SR-X500_2
	Change this to the physical port number of the LAG connected to the server. When there are multiple LAGs connected to the server, modify the sample script.	untag_vlan_net--SR-X500_3
%DOWN_PORT2%	Change this to the physical port number of the LAG connected to the server. Note that this port number must not be the same as that of %DOWN_PORT1%. When there are multiple LAGs connected to the server, modify the sample script.	untag_vlan_net--SR-X500_3

untag_vlan_port--SR-X500
untag_vlan_port--SR-X500_n

For an SR-X 500 series that sets a port VLAN for the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specific ruleset registration folder of the network device.

_n: Configuration differs depending on the number in n.

When _n is not specified: LAN channels are in a non-redundant configuration
When n is "2": LAN channels are in a redundant configuration
When n is "3": LAN channels are in a redundant configuration using link aggregation

tag_vlan_net--Catalyst
tag_vlan_net--Catalystn

For the systems with tagged VLAN networks configured
A tagged VLAN is set for a port by using tag_vlan_port--Catalyst or tag_vlan_port--Catalyst_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters requiring customization

The target of customizing is a parameter in all the related script lists.
The list of parameters that need to be customized is shown below.

Table G.7 List of Parameters Needing Customization: Catalyst Series Tagged VLAN Settings

Parameter File	Details of Modification	Ruleset Name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	tag_vlan_net--Catalyst tag_vlan_net--Catalystn
%UP_PORT1%	Change this to the physical interface name connected to the firewall or the server load balancer. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	tag_vlan_net--Catalyst
	Change this to the name of the physical interface connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	tag_vlan_net--Catalyst2
	Change this to the name of the physical interface of the LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	tag_vlan_net--Catalyst3
%UP_PORT2%	Change this to the name of the physical interface connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	tag_vlan_net--Catalyst2
	Change this to the name of the physical interface of the LAG connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	tag_vlan_net--Catalyst3
%DOWN_PORT1%	Change this to the name of the physical interface connected to the server. When there are multiple physical interfaces connected to servers, modify the sample script.	tag_vlan_net--Catalyst tag_vlan_net--Catalyst2
	Change this to the name of the physical interface of the LAG connected to the server. When there are multiple LAGs connected to the server, modify the sample script.	tag_vlan_net--Catalyst3

tag_vlan_port--Catalyst
tag_vlan_port--Catalystn

For a Catalyst series that sets a tagged VLAN for the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specific ruleset registration folder of the network device.

untag_vlan_net--Catalyst
untag_vlan_net--Catalystn

For the systems with untagged VLAN networks configured
A port VLAN is set for a port by using untag_vlan_port--Catalyst or untag_vlan_port--Catalyst_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters requiring customization

The target of customizing is a parameter in all the related script lists.
The list of parameters that need to be customized is shown below.

Table G.8 List of Parameters Needing Customization: Catalyst Series Port VLAN Settings

Parameter File	Details of Modification	Ruleset Name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	untag_vlan_net--Catalyst untag_vlan_net--Catalystn
%UP_PORT1%	Change this to the physical interface name connected to the firewall or the server load balancer. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	untag_vlan_net--Catalyst
	Change this to the name of the physical interface connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	untag_vlan_net--Catalyst2
	Change this to the name of the physical interface of the LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	untag_vlan_net--Catalyst3
%UP_PORT2%	Change this to the name of the physical interface connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	untag_vlan_net--Catalyst2
	Change this to the name of the physical interface of the LAG connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	untag_vlan_net--Catalyst3
%DOWN_PORT1%	Change this to the name of the physical interface connected to the server. When there are multiple physical interfaces connected to servers, modify the sample script.	untag_vlan_net--Catalyst untag_vlan_net--Catalyst2
	Change this to the name of the physical interface of the LAG connected to the server. When there are multiple LAGs connected to the server, modify the sample script.	untag_vlan_net--Catalyst3

untag_vlan_port--Catalyst
untag_vlan_port--Catalystn

For a Catalyst series that sets a port VLAN for the port connected to the firewall, the server load balancer, or the server
Register this ruleset in the specific ruleset registration folder of the network device.

_n: Configuration differs depending on the number in n.

When _n is not specified: LAN channels are in a non-redundant configuration
When n is "2": LAN channels are in a redundant configuration
When n is "3": LAN channels are in a redundant configuration using link aggregation

Automatic configuration of Nexus 2000 series (except Nexus B22 Blade Fabric Extender) connected to Nexus 5000 series using a fabric interface is possible.

tag_vlan_net--Nexus5000
tag_vlan_net--Nexus5000_n

For the systems with tagged VLAN networks configured
A tagged VLAN is set for a LAN port using tag_vlan_port-- Nexus5000 or tag_vlan_port-- Nexus5000_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters requiring customization

The target of customizing is a parameter in all the related script lists.
The list of parameters that need to be customized is shown below.

Table G.9 List of Parameters Needing Customization: Nexus 5000 Series Tagged VLAN Settings

Parameter File	Details of Modification	Ruleset Name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	tag_vlan_net--Nexus5000 tag_vlan_net--Nexus5000_n
%UP_PORT1%	Change this to the physical interface name connected to the firewall or the server load balancer. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	tag_vlan_net--Nexus5000
	Change this to the name of the physical interface connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	tag_vlan_net--Nexus5000_2
	Change this to the name of the logical interface of the link aggregation group (LAG) connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. However, when there are multiple LAG logical interfaces connected to a server or server load balancer, modify the sample script.	tag_vlan_net--Nexus5000_3
%UP_PORT2%	Change this to the name of the physical interface connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	tag_vlan_net--Nexus5000_2
	Change this to the name of the logical interface of the link aggregation group (LAG) connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. However, when there are multiple LAG logical interfaces connected to a server or server load balancer, modify the sample script.	tag_vlan_net--Nexus5000_3
%DOWN_PORT1%	Change this to the name of the physical interface connected to the server. When there are multiple physical interfaces connected to servers, modify the sample script.	tag_vlan_net--Nexus5000 tag_vlan_net--Nexus5000_2
	Change the logical interface name of the LAG connected to the server. When there are multiple LAG logical interfaces connected to a server, modify the sample script.	tag_vlan_net--Nexus5000_3

When configuring a Nexus 2000 (excluding Nexus B22 Blade Fabric Extender) connected to a Nexus 5000 with fabric interface, set the physical interface name of the Nexus 2000 for the above parameter.

tag_vlan_port--Nexus5000
tag_vlan_port--Nexus5000_n

For a Nexus 5000 with a tagged VLAN configured for the port connected to the firewall, server load balancer, or server
Register this ruleset in the specific ruleset registration folder of the network device.

untag_vlan_net--Nexus5000
untag_vlan_net--Nexus5000_n

For the systems with untagged VLAN networks configured
A port VLAN is set for a port using untag_vlan_port-Nexus5000 or untag_vlan_port-Nexus5000_n.
Register this ruleset in the ruleset registration folder common to network devices.

Parameters requiring customization

The target of customizing is a parameter in all the related script lists.
The list of parameters that need to be customized is shown below.

Table G.10 List of Parameters Needing Customization: Nexus 5000 Series Port VLAN Settings

Parameter File	Details of Modification	Ruleset Name
node operand:	Change this to the network device name of the L2 switch registered in Resource Orchestrator.	untag_vlan_net--Nexus5000 untag_vlan_net--Nexus5000_n
%UP_PORT1%	Change this to the physical interface name connected to the firewall or the server load balancer. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	untag_vlan_net--Nexus5000
	Change this to the name of the physical interface connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	untag_vlan_net--Nexus5000_2
	Change this to the name of the logical interface of the link aggregation group (LAG) connected to the "Active" side of the firewall or the server load balancer of the redundant configuration. However, when there are multiple LAG logical interfaces connected to a server or server load balancer, modify the sample script.	untag_vlan_net--Nexus5000_3
%UP_PORT2%	Change this to the name of the physical interface connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. When there are multiple physical interfaces connected to servers or server load balancers, modify the sample script.	untag_vlan_net--Nexus5000_2
	Change this to the name of the logical interface of the link aggregation group (LAG) connected to the "Standby" side of the firewall or the server load balancer of the redundant configuration. However, when there are multiple LAG logical interfaces connected to a server or server load balancer, modify the sample script.	untag_vlan_net--Nexus5000_3
%DOWN_PORT1%	Change this to the name of the physical interface connected to the server. When there are multiple physical interfaces connected to servers, modify the sample script.	untag_vlan_net--Nexus5000 untag_vlan_net--Nexus5000_2
	Change the logical interface name of the LAG connected to the server. When there are multiple LAG logical interfaces connected to a server, modify the sample script.	untag_vlan_net--Nexus5000_3

When configuring a Nexus 2000 (excluding Nexus B22 Blade Fabric Extender) connected to a Nexus 5000 with fabric interface, set the physical interface name of the Nexus 2000 for the above parameter.

untag_vlan_port--Nexus5000
untag_vlan_port--Nexus5000_n

For a Nexus 5000 with a port VLAN configured for the port connected to the firewall, server load balancer, or server
Register this ruleset in the specific ruleset registration folder of the network device.

_n: Configuration differs depending on the number in n.

When _n is not specified: LAN channels are in a non-redundant configuration
When n is "2": LAN channels are in a redundant configuration
When n is "3": LAN channels are in a redundant configuration using link aggregation