Configuring the interface bypass on the USG firewalls

42

You can configure the electrical interface bypass and optical interface bypass to avoid network communication interruption due to device faults and improve network reliability. The bypass function requires the bypass interface card.
Because the USSG6000 supports only the electrical interface bypass function, the USG6000 has only the electrical interface bypass configuration.//Enter the system view.
[USG] bypass-link 5/0/1 //Enter the bypass interface configuration view.
[USG-bypass-link5/0/1] switch bypass //Switch the interface to the bypass state.
[USG-bypass-link5/0/1] auto-recover //Enable the automatic restoration function in the bypass state.
Note: If the automatic restoration function in the bypass state is enabled, when the interface is automatically switched to the bypass state, the interface state is automatically switched to the non-bypass state. If the automatic restoration function in the bypass state is disabled, the interface remains in the bypass state.
By default, the automatic restoration function in the bypass state is enabled.
When four interfaces of the 4XGE electrical bypass interface card are in the non-bypass state and provide gigabit Ethernet electrical interface functions, one pair of adjacent Bypass interfaces (GE0 and GE1, and GE2 and GE3) are directly interconnected in the bypass state.
USG2000/5000 Example of the bypass function configuration of an optical interface:
[USG] system-view //Enter the system view.
[USG] bypass-link 5/0/1 //Enter the bypass interface configuration view.
[USG-bypass-link5/0/1] mode force protection-path //Forcibly keep the bypass link 5/0/1 work in the protection loop.
Note: By default, the bypass link is in automatic mode. You must specify the bypass link number on the optical interface connected to the bypass interface card to ensure the switching stability of the optical bypass interface.

Other related questions:
Method used to configure the Trunk interface on USG firewalls
The method used to configure the Trunk interface on the USG2000, USG5000, and USG6000 is as follows: Generally, interfaces of firewalls are L3 interfaces. These L3 interfaces shall be converted to L2 interfaces. sys [USG]vlan batch 2 3 //Create a VLAN. [USG]interface gigabitethernet 0/0/3 [USG-GigabitEthernet0/0/3]Portswitch //Convert an L3 interface to an L2 interface. If the interface is an L2 interface, this command is not required. [USG-GigabitEthernet0/0/3]port link-type trunk //Set the interface type to Trunk (the default value is Hybrid). [USG-GigabitEthernet0/0/3]port trunk allow-pass vlan all //Set the system to permit packets of all VLANs (by default, only packets in VLAN 1 are permitted). [USG-GigabitEthernet0/0/3]port trunk pvid vlan 2 //(Optional) Set the default VLAN to VLAN 2 (the default VLAN is VLAN 1 previously).

Method used to configure the Access interface on USG firewalls
The method used to configure the Access interface on USG firewalls is as follows: Generally, the Access interface is used to connect to a user host. sys [USG]vlan batch 2 //Create a VLAN. [USG]interface gigabitethernet0/0/1 [USG-GigabitEthernet0/0/1]port link-type access //Set the interface type to Access. [USG-GigabitEthernet0/0/1]port default vlan 2 //Add the port to VLAN 2. [USG-GigabitEthernet0/0/1]quit

Method used to configure the Hybrid interface on USG firewalls?
The method used to configure the Hybrid interface on the USG2000, USG5000, and USG6000 is as follows: The Hybrid interface can be used to connect to both the user host and the other switches. sys [USG]vlan batch 2 3 //Create a VLAN. [USG] interface gigabitethernet 0/0/2 [USG-GigabitEthernet0/0/2]Portswitch //Convert an L3 interface to an L2 interface. If the interface is an L2 interface, this command is not required. [USG-GigabitEthernet0/0/2]port link-type hybrid //Set the interface type to Hybrid. [USG-GigabitEthernet0/0/2]port hybrid untagged vlan 2 //Set the packets of VLAN 2 to be sent without carrying tags. [USG-GigabitEthernet0/0/2]port hybrid pvid vlan 2 //(Optional) Set the default VLAN to VLAN 2 (the default VLAN is VLAN 1 previously). [USG-GigabitEthernet0/0/2]port hybrid tagged vlan 3 //Set the packets of VLAN 3 to be sent with tags.

USG firewall configuration saving
If the configuration is not saved or fails to be saved, it is lost. You can save the configuration files on USG firewalls as follows: 1. CLI save //Save the input information.// 11:36:31 2015/03/04 The current configuration will be written to the device. Are you sure you want to continue?[Y/N]y //Click Y to configure the saving.// Now saving the current configuration to the device............................................ Info: The current configuration was saved to the device successfully. 2. Web UI: Click the Save button in the upper right corner on the web UI. In the displayed window, click Overwrite the profile used for next boot and then click OK.

RIP configuration of USG firewalls
Configure the RIP on the USG2000 or USG5000 as follows: 1. Run the system-view command to enter the system view. 2. Run the rip [ process-id ] command to enable the RIP route process and enter the RIP view. If the RIP commands are configured in the interface view before the RIP is enabled, the configuration only takes effect after the RIP is enabled. 3. Run the network network-address command to enable the RIP in the specified network segment. The RIP runs only at the interface in the specified network segment. For other interfaces, the RIP does not receive and send routes or does not forward the interface route. Therefore, after the RIP is enabled, you must specify the network segment. The network-address indicates the address in the natural network segment. By default, the RIP is disabled at all interfaces after it is enabled. Note: The RIP does not support different addresses specified for different RIP processes of the same physical interface. 4. By default, the interface receives RIP-1 and RIP-2 packets but sends only RIP-1 packets. When the interface version is RIP-2, you can specify the packet sending mode. If the RIP version is not configured for the interface, the global version shall prevail. Configure the global RIP version by running the version { 1 | 2 } command. Configure the RIP version for the interface. a. Run the system-view command to enter the system view. b. Run the interface interface-type interface-number command to enter the interface view. c. Run the rip version { 1 | 2 [ broadcast | multicast ] } command to specify the RIP version of the interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top