ESR series service routers.ESR-Series. User manual
Create bridge 60, map VLAN 60, define IP address 10.0.60.1/24 and membership in 'LAN2' zone:
esr(config)# bridge 60
esr(config-bridge)# vlan 60
esr(config-bridge)# ip address 10.0.60.1/24
esr(config-bridge)# security-zone LAN2
esr(config-bridge)# enable
Create firewall rules that enable free traffic transmission between zones:
esr(config)# security zone-pair LAN1 LAN2
esr(config-zone-pair)# rule 1
esr(config-zone-pair-rule)# action permit
esr(config-zone-pair-rule)# enable
esr(config-zone-pair-rule)# exit
esr(config-zone-pair)# exit
esr(config)# security zone-pair LAN2 LAN1
esr(config-zone-pair)# rule 1
esr(config-zone-pair-rule)# action permit
esr(config-zone-pair-rule)# enable
esr(config-zone-pair-rule)# exit
esr(config-zone-pair)# exit
esr(config)# exit
To view an interface membership in a bridge, use the following command:
esr# show interfaces bridge
8.10.4 Configuration example of the second VLAN tag adding/removing
Objective:
The gigabitethernet 1/0/1 interface receives Ethernet frames with various VLAN tags. It is necessary to
redirect them to the gigabitethernet 1/0/2 interface, adding the second VLAN-ID 828. When Ethernet frames
with VLAN-ID 828 come on the gigabitethernet 1/0/2, this tag must be removed and sent to the gigabitethernet
1/0/1 interface.
Solution:
Create the bridge without VLAN and IP address on the route:
esr(config)# bridge 1
esr(config-bridge)# enable
esr(config-bridge)# exit
Include the gigabitethernet 1/0/1 interface in bridge 1:
esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# bridge-group 1
esr(config-if-gi)# exit
Include the gigabitethernet 1/0/2.828 sub interface in bridge 1:
To Next Page
Loading...