Method used to configure the router-on-a-stick on USG firewalls

0

The router-on-a-stick can address the limited physical interface resources issue. By configuring multiple subinterfaces, corresponding to different VLANs, for a physical interface, a physical interface can enable different VLANs to communicate with each other.

For example, you can configure the router-on-a-stick on the USG2000, USG5000, and USG6000 as follows:
[USG] interface GigabitEthernet1/0/3.1//Configure subinterface 1.
[USG-GigabitEthernet1/0/3.1] vlan-type dot1q 10//Terminate VLAN 10.
[USG-GigabitEthernet1/0/3.1] ip address 10.3.1.1 255.255.255.0//Configure the IP address for the subinterface.
[USG-GigabitEthernet1/0/3.1] quit
[USG] interface GigabitEthernet1/0/3.2//Configure subinterface 2.
[USG-GigabitEthernet1/0/3.2] vlan-type dot1q 20//Terminate VLAN 20.
[USG-GigabitEthernet1/0/3.2] ip address 10.3.1.1 255.255.255.0//Configure the IP address for the subinterface.

Other related questions:
Method used to configure the routing policy on USG firewalls
The method used to configure the routing policy on USG2000, USG5000, and USG6000 is as follows: 1. Create a routing policy. 2. Configure the If-match sub-sentence. 3. Configure the Apply sub-sentence. 4. Filter the routes upon receiving, publishing, and introducing routes.

Method used to configure the Trunk interface on USG firewalls
The method used to configure the Trunk interface on the USG2000, USG5000, and USG6000 is as follows: Generally, interfaces of firewalls are L3 interfaces. These L3 interfaces shall be converted to L2 interfaces. sys [USG]vlan batch 2 3 //Create a VLAN. [USG]interface gigabitethernet 0/0/3 [USG-GigabitEthernet0/0/3]Portswitch //Convert an L3 interface to an L2 interface. If the interface is an L2 interface, this command is not required. [USG-GigabitEthernet0/0/3]port link-type trunk //Set the interface type to Trunk (the default value is Hybrid). [USG-GigabitEthernet0/0/3]port trunk allow-pass vlan all //Set the system to permit packets of all VLANs (by default, only packets in VLAN 1 are permitted). [USG-GigabitEthernet0/0/3]port trunk pvid vlan 2 //(Optional) Set the default VLAN to VLAN 2 (the default VLAN is VLAN 1 previously).

Method used to configure the authorized ARP on USG firewalls
After the Authorized Address Resolution Protocol (authorized ARP) is enabled, the DHCP server automatically adds an ARP entry that contains the MAC address and IP address of the client to the ARP mapping table when successfully allocating an IP address to the client. In this way, the attacks to the network by forging IP addresses or MAC addresses of other legal DHCP clients are prevented, and the network security is improved. The authorized ARP is valid only on devices that enable the DHCP server function. The authorized ARP is only applicable to the networking on which the DHCP server and DHCP client are in the same network segment instead of the DCHP relay networking. To enable the authorized ARP, run the dhcp arpbind enable command in the system view. By default, the authorized ARP is not enabled on the device.

Method used to configure the Access interface on USG firewalls
The method used to configure the Access interface on USG firewalls is as follows: Generally, the Access interface is used to connect to a user host. sys [USG]vlan batch 2 //Create a VLAN. [USG]interface gigabitethernet0/0/1 [USG-GigabitEthernet0/0/1]port link-type access //Set the interface type to Access. [USG-GigabitEthernet0/0/1]port default vlan 2 //Add the port to VLAN 2. [USG-GigabitEthernet0/0/1]quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top