Whether the firewall supports Layer 2 or Layer 3 forwarding


The USG2000&5000&6000 support implementing the Layer 2 forwarding function in transparent mode. When the firewall implements route-based forwarding, the Layer 3 forwarding function is used.

Whether the firewall supports Layer 2 and Layer 3 hybrid mode
Does the firewall support Layer 2 and Layer 3 hybrid mode? You can run the portswitch command to switch the interface to Layer 2, which is the transparent mode. For other Layer 3 interfaces, configure IP addresses still and use the routing mode to implement Layer 2 and Layer hybrid mode.

Whether the USG firewall supports Layer 3 interfaces to configure Layer 2 VPNs
Don't support .

Are packets in a bridge group forwarded at Layer 2 or Layer 3
Packets in a bridge group are forwarded at Layer 2. Only interfaces supporting Layer 3 functions can be added to a bridge. Data in a bridge, however, is forwarded at Layer 2.

Configuring Layer 2/Layer 3 switchover on the firewall
Perform as follows to configure Layer 2/Layer 3 interface switching on the USG2000&5000&6000: system-view [USG] interface GigabitEthernet 1/0/1 [USG-GigabitEthernet1/0/1] undo portswitch //Switch the interface from Layer 2 mode to Layer 3 mode. [USG-GigabitEthernet1/0/1] portswitch //Switch the interface from Layer 3 to Layer 2. Note: 1. If the device interface attribute specifies that the interface is a Layer 2 interface, the interface cannot be switched to Layer 3 mode. This command applies only to interfaces that support Layer 2/Layer 3 switching. 2. When you use this command to perform Layer 2/Layer 3 mode switching, the interface can contain only the attribute information (such as shutdown and description configurations) so that the mode switching can take effect. If the interface already has service configurations (such as port link-type trunk), clear all these configurations of the interface and then run this command.

