ELTEX ESR-200 - Page 55

To Next Page

To Previous Page

ESR Series Routers Operation Manual 55

Objective 2: Configure routing between VLAN 50 (10.0.50.0/24) and VLAN 60 (10.0.60.1/24). VLAN

50 should belong to 'LAN1', VLAN 60—to 'LAN2', enable free traffic transmission between zones.

Fig. 7.11—Network structure

Solution:

Create VLAN 50 and 60:

esr(config)# vlan 50,60

esr(config-vlan)# exit

Create 'LAN1' and 'LAN2' security zones.

esr(config)# security-zone LAN1

esr(config-zone)# exit

esr(config)# security-zone LAN2

esr(config-zone)# exit

Map VLAN 50 to gi1/0/11, gi1/0/12 interfaces:

esr(config)# interface gigabitethernet 1/0/11-12

esr(config-if-gi)# switchport general allowed vlan add 50 tagged

Map VLAN 60 to gi1/0/14 interface:

esr(config)# interface gigabitethernet 1/0/14

esr(config-if-gi)# switchport general allowed vlan add 60 tagged

Create bridge 50, map VLAN 50, define IP address 10.0.50.1/24 and membership in 'LAN1' zone:

esr(config)# bridge 50

esr(config-bridge)# vlan 50

esr(config-bridge)# ip address 10.0.50.1/24

esr(config-bridge)# security-zone LAN1

esr(config-bridge)# enable

Create bridge 60, map VLAN 60, define IP address 10.0.60.1/24 and membership in 'LAN2' zone:

esr(config)# bridge 60

esr(config-bridge)# vlan 60

esr(config-bridge)# ip address 10.0.60.1/24

esr(config-bridge)# security-zone LAN2

esr(config-bridge)# enable

Create firewall rules that enable free traffic transmission between zones:

esr(config)# security zone-pair LAN1 LAN2

esr(config-zone-pair)# rule 1

Other manuals for ELTEX ESR-200