Method used to configure VLAN communications through L2 subinterfaces on USG firewalls

You can configure subinterfaces for L2 Ethernet interface and L2 Eth-Trunk interface. The system can forward traffic between different VLANs by terminating the VLAN at the subinterface.
You can configure the VLAN communications through L2 subinterfaces as follows:
1. Run the system-view command to enter the system view.
2. Switch the L3 Ethernet interface mode to the L2 Ethernet interface mode.
a. Run the interface interface-type interface-number command to enter the interface view.
b. Run the portswitch command to switch the L3 Ethernet interface mode to L2 Ethernet interface mode.
c. Run the quit command to return to the system view.
3. Create an L2 subinterface.
a. Run the interface interface-type interface-number.subinterface-number command to create a subinterface and enter the subinterface view.
b. Run the vlan-type dot1q vlan-id command to configure the encryption type and the homed VLAN ID for the subinterface. Traffic of subinterfaces of a physical port is distinguished based on VLANs. Each subinterface receives or forwards packets of only the homed VLAN.
c. Run the portswitch command to set the subinterface to an L2 subinterface.
d. Run the quit command to return to the system view.
e. Repeat the preceding steps to create multiple L2 subinterfaces.
4. Add all L2 subinterfaces created in step 3 to the same VLAN, so that VLANs connected to these subinterfaces can communicate with each other.
a. Run the vlan vlan-id command to create a VLAN and enter the VLAN view.
b. Run the port interface-type interface-number.subinterface-number command to add L2 subinterfaces created in step 3 to the same VLAN. By adding these subinterfaces to the same VLAN, these interfaces, belonging to different VLANs, can communicate with each other.

Scroll to top