Whether the USG firewall supports Layer 3 interfaces to configure Layer 2 VPNs

57

Don't support .

Other related questions:
Whether the firewall supports Layer 2 or Layer 3 forwarding
The USG2000&5000&6000 support implementing the Layer 2 forwarding function in transparent mode. When the firewall implements route-based forwarding, the Layer 3 forwarding function is used.

Whether the firewall supports Layer 2 and Layer 3 hybrid mode
Does the firewall support Layer 2 and Layer 3 hybrid mode? You can run the portswitch command to switch the interface to Layer 2, which is the transparent mode. For other Layer 3 interfaces, configure IP addresses still and use the routing mode to implement Layer 2 and Layer hybrid mode.

USG firewall configuration Layer-2 MPLS VPN and Layer-3 MPLS VPN backup each other
USG firewall does not support configuration Layer-2 VPN and Layer-3 MPLS VPN backup each other

Configuring Layer 2/Layer 3 switchover on the firewall
Perform as follows to configure Layer 2/Layer 3 interface switching on the USG2000&5000&6000: system-view [USG] interface GigabitEthernet 1/0/1 [USG-GigabitEthernet1/0/1] undo portswitch //Switch the interface from Layer 2 mode to Layer 3 mode. [USG-GigabitEthernet1/0/1] portswitch //Switch the interface from Layer 3 to Layer 2. Note: 1. If the device interface attribute specifies that the interface is a Layer 2 interface, the interface cannot be switched to Layer 3 mode. This command applies only to interfaces that support Layer 2/Layer 3 switching. 2. When you use this command to perform Layer 2/Layer 3 mode switching, the interface can contain only the attribute information (such as shutdown and description configurations) so that the mode switching can take effect. If the interface already has service configurations (such as port link-type trunk), clear all these configurations of the interface and then run this command.

Configuring the VLANIF interface on the firewall
Configure the VLANIF interface on the USG as follows: [FW] vlan 10 [FW-vlan-10] quit [FW] interface Vlanif 10 [FW-Vlanif10] quit [FW] interface GigabitEthernet 0/0/1 [FW-GigabitEthernet0/0/1] portswitch [FW-GigabitEthernet0/0/1] port link-type trunk [FW-GigabitEthernet0/0/1] port trunk permit vlan 10 [FW-GigabitEthernet0/0/1] quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top