Method used to enable the fast forwarding function of L2 interfaces on USG firewalls

14

The method used to enable the fast forwarding function of L2 interfaces on USG firewalls is as follows:
In the system view, run the l2fwdfast enable command to enable the fast forwarding function of an L2 interface.
system-view
[USG] l2fwdfast enable

Other related questions:
Whether the L2 interface of USG firewalls can function as a WAN interface?
The L2 interface of USG firewalls can function as a WAN interface. The WAN interface mentioned here refers to an interface connected to an external network, generally an optical fiber of a carrier. IP addresses cannot be directly configured for L2 interfaces. Therefore, you can use the VLANIF interface as the WAN interface (L3 interface). The configuration is as follows: 1. Choose Network > Interface. Create a VLAN interface, and set parameters such as the IP address, mask, and gateway.2. Choose Network > Interface. Change the mode of the corresponding L2 interface to Access, and add the configured VLAN interface.

Method used to configure VLAN communications through L2 subinterfaces on USG firewalls
You can configure subinterfaces for L2 Ethernet interface and L2 Eth-Trunk interface. The system can forward traffic between different VLANs by terminating the VLAN at the subinterface. You can configure the VLAN communications through L2 subinterfaces as follows: 1. Run the system-view command to enter the system view. 2. Switch the L3 Ethernet interface mode to the L2 Ethernet interface mode. a. Run the interface interface-type interface-number command to enter the interface view. b. Run the portswitch command to switch the L3 Ethernet interface mode to L2 Ethernet interface mode. c. Run the quit command to return to the system view. 3. Create an L2 subinterface. a. Run the interface interface-type interface-number.subinterface-number command to create a subinterface and enter the subinterface view. b. Run the vlan-type dot1q vlan-id command to configure the encryption type and the homed VLAN ID for the subinterface. Traffic of subinterfaces of a physical port is distinguished based on VLANs. Each subinterface receives or forwards packets of only the homed VLAN. c. Run the portswitch command to set the subinterface to an L2 subinterface. d. Run the quit command to return to the system view. e. Repeat the preceding steps to create multiple L2 subinterfaces. 4. Add all L2 subinterfaces created in step 3 to the same VLAN, so that VLANs connected to these subinterfaces can communicate with each other. a. Run the vlan vlan-id command to create a VLAN and enter the VLAN view. b. Run the port interface-type interface-number.subinterface-number command to add L2 subinterfaces created in step 3 to the same VLAN. By adding these subinterfaces to the same VLAN, these interfaces, belonging to different VLANs, can communicate with each other.

Method used to configure the Trunk interface on USG firewalls
The method used to configure the Trunk interface on the USG2000, USG5000, and USG6000 is as follows: Generally, interfaces of firewalls are L3 interfaces. These L3 interfaces shall be converted to L2 interfaces. sys [USG]vlan batch 2 3 //Create a VLAN. [USG]interface gigabitethernet 0/0/3 [USG-GigabitEthernet0/0/3]Portswitch //Convert an L3 interface to an L2 interface. If the interface is an L2 interface, this command is not required. [USG-GigabitEthernet0/0/3]port link-type trunk //Set the interface type to Trunk (the default value is Hybrid). [USG-GigabitEthernet0/0/3]port trunk allow-pass vlan all //Set the system to permit packets of all VLANs (by default, only packets in VLAN 1 are permitted). [USG-GigabitEthernet0/0/3]port trunk pvid vlan 2 //(Optional) Set the default VLAN to VLAN 2 (the default VLAN is VLAN 1 previously).

L2 MPLS VPN supported by USG firewalls
The USG2000, USG5000, and USG6000 do not support L2 MPLS VPN.

Method used to configure the Access interface on USG firewalls
The method used to configure the Access interface on USG firewalls is as follows: Generally, the Access interface is used to connect to a user host. sys [USG]vlan batch 2 //Create a VLAN. [USG]interface gigabitethernet0/0/1 [USG-GigabitEthernet0/0/1]port link-type access //Set the interface type to Access. [USG-GigabitEthernet0/0/1]port default vlan 2 //Add the port to VLAN 2. [USG-GigabitEthernet0/0/1]quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top