Ruijie Community

Title: Typical Configuration Example of Layer 2 Transparent Transmission [Print this page]
Author: zhangqiao@ruiji    Time: 2024-11-11 16:02
Title: Typical Configuration Example of Layer 2 Transparent Transmission
1. Device Model and Firmware

  Device Type
  		  Device Model
  		  Version
  
  NGFW
  		  RG-WALL  1600-Z-S series firewall
  		  NGFW_NTOS1.0
  
2. Service Requirements

The firewall needs to transparently transmit multi-VLAN Layer 2 packets.
3. Topology



4. Configuration Description
  Configuration  Item
  		  Description
  
  SW  1
  		  The  configuration of the port connected to the firewall should be trunk permit  vlan 10 20 30.
  
  SW  2
  		  The  configuration of the port connected to the firewall is trunk permit vlan 10  20 30.
  
5. Configuration Roadmap
Create a group of bridge interfaces on the firewall, and add a pair of transparent transmission interfaces to the bridge interface group.
Add the uplink interfaces of the firewall to the untrust zone untrust 1 and the downlink interfaces to the trust zone trust 1. Then, create a security policy to allow mutual access between the two zones.
6. Configuration Procedure
Choose Network > Zone to create a security zone.
Click Create to create security zone trust 1, configure the parameters, and click Save.
Repeat this procedure to create an untrust zone untrust 1.
Choose Network > Interface> Bridge Interface and click Create to create the bridge interface br1.
Configure parameters for br1,and click Save.
Configure a pair of interfaces to transparent mode, and add them to the related bridge interface and security zone. Choose Network > Interface > Physical Interface. Click Edit to edit the related physical interface.
Set the Port Mode to Transparent Mode, Bridge Interface to br1, and Zone to trust1, and click Save.
Repeat this procedure to add the uplink interfaces of the firewall to untrust1. Configure the parameters to be the same as those in the preceding figure.
Create a security policy and apply it to the zone. Choose Policy > Security Policy andclick Create to create security policy 1.
Configure the parameters as shown in the following figure, and click Save.
7. Verification

Layer 2 packets of all VLANs can be transparently transmitted by the firewall, and the downlink devices can successfully ping the uplink gateway address.
You can also view traffic details in the security policy hit records for verification.




Welcome to Ruijie Community (https://community.ruijienetworks.com/) Powered by Discuz! X3.2