Method used to configure the mutual access between VLANs by configuring the VLANIF interface on USG firewalls

16

The method used to configure the mutual access between VLANs by configuring the VLANIF interface on USG firewalls is as follows:

Create VLAN100 and VLAN200.
Set interface GigabitEthernet 0/0/1 to an L2 Trunk interface that allows the packets from VLAN100 and VLAN200.
Configure the IP address for the VLANIF interface.
Add the VLANIF interface to the security zone and configure the security policy.
Set the gateway address of the host to the IP address of the VLANIF interface.
[USG] interface Vlanif100
[USG-Vlanif100] ip address 120.1.1.1 255.255.255.0 //Configure the IP address for the VLANIF interface.
[USG-Vlanif100] quit
[USG] interface Vlanif200 //Configure the VLANIF interface.
[USG-Vlanif200] ip address 130.1.1.1 255.255.255.0
[USG-Vlanif100] quit
[USG] interface GigabitEthernet 0/0/1
[USG-GigabitEthernet0/0/1] portswitch //Configure the system to convert an interface to an L2 interface.
[USG-GigabitEthernet0/0/1] port link-type trunk //Set the interface type to Trunk.
[USG-GigabitEthernet0/0/1] port trunk permit vlan 100 200 //Set the interface to transparently transmit packets from VLAN100 and VLAN200.
[USG-GigabitEthernet0/0/1] quit
[USG] firewall zone trust //Add the interface to the zone.
[USG-trust] add interface Vlanif100
[USG-trust] add interface Vlanif200

Other related questions:
How to control mutual access between network segments
On AR routers, you can configure advanced ACL and ACL-based traffic classifiers to control mutual access between users on different network segments.

Method used to configure the Access interface on USG firewalls
The method used to configure the Access interface on USG firewalls is as follows: Generally, the Access interface is used to connect to a user host. sys [USG]vlan batch 2 //Create a VLAN. [USG]interface gigabitethernet0/0/1 [USG-GigabitEthernet0/0/1]port link-type access //Set the interface type to Access. [USG-GigabitEthernet0/0/1]port default vlan 2 //Add the port to VLAN 2. [USG-GigabitEthernet0/0/1]quit

Method used to configure the Trunk interface on USG firewalls
The method used to configure the Trunk interface on the USG2000, USG5000, and USG6000 is as follows: Generally, interfaces of firewalls are L3 interfaces. These L3 interfaces shall be converted to L2 interfaces. sys [USG]vlan batch 2 3 //Create a VLAN. [USG]interface gigabitethernet 0/0/3 [USG-GigabitEthernet0/0/3]Portswitch //Convert an L3 interface to an L2 interface. If the interface is an L2 interface, this command is not required. [USG-GigabitEthernet0/0/3]port link-type trunk //Set the interface type to Trunk (the default value is Hybrid). [USG-GigabitEthernet0/0/3]port trunk allow-pass vlan all //Set the system to permit packets of all VLANs (by default, only packets in VLAN 1 are permitted). [USG-GigabitEthernet0/0/3]port trunk pvid vlan 2 //(Optional) Set the default VLAN to VLAN 2 (the default VLAN is VLAN 1 previously).

Method used to configure an IPSec tunnel on the AR for mutual access between branches
There are two ways of implementing communication between branches on Huawei AR routers. 1. Branches directly communicate with each other. In this case, implementing communication between branches through configuration of IPSec and DSVPN (not supported by the AR510). For details, see "Example for configuring IPSec-based DSVPN" of "DSVPN Configuration" in Configuration Guide - VPN. 2. Branches communicate with each other through the headquarters. For details, see "Example for Configuring GRE Over IPSec to Implement Communication Between the Branches and Headquarters and NAT to Implement Communication Between Branches (Running OSPF)" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

Method used to configure the Hybrid interface on USG firewalls?
The method used to configure the Hybrid interface on the USG2000, USG5000, and USG6000 is as follows: The Hybrid interface can be used to connect to both the user host and the other switches. sys [USG]vlan batch 2 3 //Create a VLAN. [USG] interface gigabitethernet 0/0/2 [USG-GigabitEthernet0/0/2]Portswitch //Convert an L3 interface to an L2 interface. If the interface is an L2 interface, this command is not required. [USG-GigabitEthernet0/0/2]port link-type hybrid //Set the interface type to Hybrid. [USG-GigabitEthernet0/0/2]port hybrid untagged vlan 2 //Set the packets of VLAN 2 to be sent without carrying tags. [USG-GigabitEthernet0/0/2]port hybrid pvid vlan 2 //(Optional) Set the default VLAN to VLAN 2 (the default VLAN is VLAN 1 previously). [USG-GigabitEthernet0/0/2]port hybrid tagged vlan 3 //Set the packets of VLAN 3 to be sent with tags.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top