Method used to configure VLAN communications through L3 subinterfaces on USG firewalls

To enable different VLANs to communicate with each other, you can connect different VLANs to different interfaces of an L3 device. In this way, a router can exchange data between different VLANs. However, this method wastes limited physical interface resources of the device. The Ethernet subinterfaces can be used to address this issue. Currently, the Ethernet subinterfaces can be configured for the Ethernet interfaces and Eth-Trunk interfaces.
By configuring multiple subinterfaces, corresponding to different VLANs, for a physical interface, a physical interface can enable different VLANs to communicate with each other.
The method for enabling VLANs to communicate with each other through L3 subinterfaces is only applicable to the scenario in which hosts in each VLAN are in different network segments. If hosts in a VLAN are in the same network segment, you can configure L2 subinterfaces to enable VLANs to communicate with each other.
To configure VLAN communications through L3 subinterfaces, perform the following steps: 1. Run the system-view command to enter the system view.
2. Run the interface interface-type interface-number.subinterface-number command to create a subinterface and enter the subinterface view.
3. Run the vlan-type dot1q vlan-id command to configure the encryption type and associated VLAN ID for the subinterface.
4. Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP address for the subinterface.
The IP addresses of the subinterface and the main interface can be in the same network segment, but the subnet masks of the subinterface and the main interface must different.

Scroll to top