Configuring an Eth-Trunk Interface

Procedure

1. Choose Network > Interface.
2. Click Add.

   

3. Set the following Eth-Trunk interface parameters.

   Parameter	Description
   Interface Name	Alias name for an Eth-Trunk interface.
   Type	Type of an Eth-Trunk interface to be created. Before creating an Eth-Trunk interface, set this parameter to Aggregate Interface.
   Virtual System	Name of a virtual system for an Eth-Trunk interface. The virtual system must exist. This parameter is set only when Mode is set to Route.
   Zone	Security zone to which an Eth-Trunk interface is to be assigned. You can directly assign an Eth-Trunk interface to an existing security zone. If the desired security zone does not exist, create one and assign an Eth-Trunk interface to it.
   Mode	Layer at which the interface works and whether to enable bypass detection when the interface works at Layer 2. Select Route to enable the interface to work at Layer-3. Select Switch to enable the interface to work at Layer 2 and disable bypass detection. For the description of parameter Connection Type in switching mode, see Table 5. Select Bypass to enable the interface to work at Layer 2 and enable bypass detection. For the description of parameter Connection Type in switching mode, see Table 5. After bypass detection is enabled, the device detects packets received on this interface and then discards them. Select Interface Pair to enable the interface work as a member of an interface pair.
   Interface Members	Ethernet interface to be bundled to an Eth-Trunk interface. A physical interface can only be added to a single Eth-Trunk interface. If Mode is set to Route, the interface to be bundled works at Layer-3. If Mode is set to Switch or Bypass, the interface to be bundled works at Layer 2. Perform either of the following operations as needed: In Available, select a desired physical interface and click to bundle it into the Eth-Trunk interface. In Select, select a desired physical interface and click to remove the physical interface from the Eth-Trunk interface.
   IPv4
   Connection Type	Method used by an Eth-Trunk interface to obtain an IPv4 address in routing mode. This parameter is set only when Mode is set to Route. Select one of the following parameters: Static IP: allows an administrator to specify an IPv4 address for the interface. For static IP address parameter descriptions, see Table 1. DHCP: uses DHCP to automatically obtain an IPv4 address. PPPoE: uses PPP negotiation to obtain an IPv4 address. For PPPoE parameter descriptions, see Table 2. NOTE: When the device functions as a PPPoE client (dual-stack access), the configuration of the PPPoE user will be modified accordingly because dual-stack configuration delivery requires the same user.
   Multi-Egress Options	After you select Multi-Egress Options, the interface will function as an intelligent uplink selection member interface. For details on intelligent uplink selection, see Intelligent Uplink Selection.
   Carrier	Select the name of the ISP directly connected to the interface. Selecting the ISP of the interface equals to binding an interface to an ISP interface group.
   Default Route	After you select this option, the FW will generate a default route in its routing table.A default route is a special static route. When the destination address of a data packet does not match any routing table of the FW, the FW will use the default route to forward the data packet. Both the destination network address and the subnet mask of the default route are 0.0.0.0.If the interface serves as an intranet interface and has the sticky load balancing function enabled, the default route must be canceled. Otherwise, the interface cannot access extranets. By default, this function is enabled.
   Carrier Route	After you enable the ISP route function, the FW will generate static routes in a batch to the ISP network. In the generated static routes, the destination is an IP address in the ISP address file, and the next hop is the gateway address specified on the outbound interface. These static routes are called ISP routes. They have the same priority as common static routes, and the default priority is 60. Choose Network > Router > Routing Table. You can view the generated ISP route entries.
   Sticky load balancing	In the multi-ISP load balancing NAT server scenario, the FW looks up the routing table for an outgoing interface to send the return traffic from a server. As a result, the return traffic from the server may take a path on ISP2, although the request to the server takes a link on ISP1. The inconsistent forward and return paths may slow down or even interrupt services. To resolve this issue, configure the sticky load balancing function on the incoming interface of ISP1.The FW uses the incoming interface of the forward packets as the outgoing interface of return packets instead of looking up the routing table. NOTE: When enabling sticky load balancing on an Ethernet interface and its sub-interfaces, an Eth-Trunk interface and its sub-interfaces, a VLANIF interface, or a VXLAN interface, you must also specify the next hop. You do not need to specify the next hop on the dialer interface and tunnel interface. The priority of direct routes is higher than that of the sticky load balancing function. The device preferentially forwards response packets based on direct routes even if the sticky load balancing function is configured. If equal-cost multipath (ECMP) routes are configured, the sticky load balancing function is enabled by default. In case of non-equal-cost routes, the sticky load balancing function is disabled by default, and you need to enable the function.
   Health Check	Apply the health check to the interface.
   IPv6
   IPv6	Enable the IPv6 capability. Enabling the IPv6 capability is the prerequisite for using IPv6 functions. Choose Dashboard > Device Information and enable IPv6 globally to allow the FW to forward IPv6 packets.
   Connection Type	Method used by an Eth-Trunk interface to obtain an IPv4 address. Static IP: allows an administrator to specify an IPv6 address for the interface. For static IP address parameter descriptions, see Table 3. PPPoE: uses PPP negotiation to obtain an IPv6 address. For PPPoE parameter descriptions, see Table 4. NOTE: When the device functions as a PPPoE client (dual-stack access), the configuration of the PPPoE user will be modified accordingly because dual-stack configuration delivery requires the same user. ND-RA: uses ND-RA to obtain an IPv6 address.
   Static Neighbor	Static neighbor address for an Eth-Trunk interface. This setting allows a neighbor relationship to be established and enables a device to resolve the neighbor IPv6 address into a data link layer address.
   Multi-Egress Options	After selecting Multi-Egress Options, you can enable Sticky load balancing.
   Sticky load balancing	In the multi-ISP load balancing scenario, the FW looks up the routing table for an outgoing interface to send the return traffic from a server. As a result, the return traffic from the server may take a path on ISP2, although the request to the server takes a link on ISP1. The inconsistent forward and return paths may slow down or even interrupt services. To resolve this issue, configure the sticky load balancing function on the incoming interface of ISP1. The FW uses the incoming interface of the forward packets as the outgoing interface of return packets instead of looking up the routing table. NOTE: When enabling sticky load balancing on an Ethernet interface and its sub-interfaces, an Eth-Trunk interface and its sub-interfaces, a VLANIF interface, or a VXLAN interface, you must also specify the next hop. You do not need to specify the next hop on the dialer interface and tunnel interface. The priority of direct routes is higher than that of the sticky load balancing function. The device preferentially forwards response packets based on direct routes even if the sticky load balancing function is configured. If equal-cost multipath (ECMP) routes are configured, the sticky load balancing function is enabled by default. In case of non-equal-cost routes, the sticky load balancing function is disabled by default, and you need to enable the function.
   Interface Bandwidth
   Ingress Bandwidth	Maximum bandwidth for inbound traffic on the interface.
   Egress Bandwidth	Maximum bandwidth for outbound traffic on the interface.
   Overload Protection Threshold	Bandwidth usage of the link. After you select Multi-Egress Options, you can set overload protection thresholds for the inbound and Egress Bandwidths of the interface. If an interface is overloaded, the interface no longer participates in intelligent uplink selection.
   Access Management
   Access Management	This function allows an administrator to access a FW using HTTP, HTTPS, ping, SSH, SNMP, NETCONF, or Telnet. Interface access control takes precedence over security policies. This means that an administrator can use an access control-enabled interface to access a FW even if no security policy is configured for communication between the zone of the interface and a local zone. This parameter can only be set when Mode is set to Route. HTTP: allows an administrator to use the web browser (HTTP) to access a device through a VLAN interface. If HTTP is not selected, the interface discards HTTP packets after receiving them. This parameter takes effect only after the HTTP service is enabled. HTTPS: allows an administrator to use the web browser (HTTPS) to access a device through a VLAN interface. If HTTPS is not selected, the interface discards HTTPS packets after receiving them. This parameter takes effect only after the HTTPS service is enabled. Ping: allows an interface to respond to ping requests. A ping checks interface connectivity. If Ping is not selected, the ping function is disabled. SSH: allows an administrator to use SSH to access a device. If SSH is not selected, the interface discards SSH packets after receiving them. Telnet: allows an administrator to use Telnet to access a device. If Telnet is not selected, the interface discards them after receiving them. SNMP: allows administrators to use an SNMP NMS to access a device. If SNMP is not selected, the interface discards SNMP packets after receiving them. NETCONF: allows an administrator to use NETCONF NMS to access a device. If NETCONF is not selected, the interface discards NETCONF packets after receiving them. By default, the management interface (GigabitEthernet 0/0/0) allows HTTP, HTTPS, ping. access to a FW, and a non-management interface denies HTTP, HTTPS, ping, SSH, SNMP, NETCONF, or Telnet. access to a FW.
   Advanced
   Lower Limit of Up Links	Lower limit of member interfaces in the Up state before an Eth-Trunk interface goes Down. If the number of member links in the Up state is smaller than the lower limit, the Eth-Trunk interface goes Down, and all its member interfaces cannot forward data. This prevents a small number of member links in the Up state from discarding packets due to overload. To ensure proper forwarding, configure the same lower limit for an Eth-Trunk interface on both ends of a link.
   MAC Address	MAC address of an Eth-Trunk interface. If multiple Eth-Trunk interfaces are created on a device, you can re-define a unique MAC address for each interface to prevent MAC address conflicts. This parameter is set only when Mode is set to Route.
   IPv4 MTU IPv6 MTU	Maximum transmission unit of an Eth-Trunk interface. Increase the MTU to prevent packet loss or increase the transmission speed if a great number of fragments are generated. After the MTU of an interface is modified, restart the interface to make the MTU take effect. This parameter is set only when Mode is set to Route. Directly connected interfaces must have the same MTU.
   Strict ARP Learning	Enable the strict Address Resolution Protocol (ARP) learning. This parameter is set only when Mode is set to Route.

   Table 1 Description of static IPv4 address parameters

   Parameter	Description
   IP Address	IPv4 address of an Eth-Trunk interface. The IPv4 address must be unique on a network.
   Default Gateway	IPv4 address of the default gateway of an Eth-Trunk interface. The default gateway must be on the same network segment as the IPv4 address of the interface. This setting allows the device to generate a default IPv4 route with the current interface as an outbound interface and the default gateway as a next hop.
   Preferred DNS server	IP address of the preferred DNS server. The configurations completed here will be automatically synchronized to Transparent DNS Proxy in Network > DNS > DNS. NOTE: The DNS server bound to an interface is used only in DNS transparent proxy. You must set a global DNS server for the device to access domain names.
   Alternate DNS server	IP address of the alternate DNS server. The configurations completed here will be automatically synchronized to Transparent DNS Proxy in Network > DNS > DNS. NOTE: The DNS server bound to an interface is used only in DNS transparent proxy. You must set a global DNS server for the device to access domain names.

   Table 2 IPv4 PPPoE parameters

   Parameter	Description
   User Name	User name for PPPoE dial-up. The user name is provided by an ISP.
   Password	Password for PPPoE dial-up. The password is provided by an ISP.
   Disconnection Type	PPPoE dial-up mode: Always online: A device automatically attempts to dial up to a peer end once a physical link connected to the peer end is Up. If the dial-up connection attempt fails, the device automatically re-attempts to dial up at specified intervals. Automatic dial-up applies when the traffic volume and online duration are not restricted, such as with the yearly-payment service. Disconnect after specified idle period: A device sets up a link only when there is data to be transmitted. If an established PPPoE link has no traffic to transmit and the specific link idle period elapses, the device disconnects the PPPoE link. This dial-up mode applies when the traffic volume and online duration are set, such as with the payment-by-traffic service. The payment-by-traffic service allows a specified amount of traffic to be transmitted within a specified period. If you select Disconnect after specified idle period, you must also specify a link idle period.
   Automatically obtain IP address	Obtain an IPv4 address that a PPPoE server assigns after negotiating with a PPPoE client on a PPP link. The IPv4 address to be assigned must be specified on the PPPoE server.
   Specify IP address	Set an IPv4 address statically. This method requires the input of an IPv4 address in IP Address. The IPv4 address must be one that a PPPoE server can assign.

   Table 3 Description of static IPv6 address parameters

   Parameter	Description
   IPv6 Address	IPv6 address of an interface. The IPv6 address must be unique on a network.
   Advertising RA Messages	Enable a device to periodically advertise RA messages, which contain the prefix option and flag bits, to announce the existence of the device.

   Table 4 Description of IPv6 PPPoE parameters

   Parameter	Description
   User Name	User name for PPPoE dial-up. The user name is provided by an ISP.
   Password	Password for PPPoE dial-up. The password is provided by an ISP.
   Online Mode	PPPoE dial-up mode: Always Online: A device automatically attempts to dial up to a peer end once a physical link connected to the peer end is Up. If the dial-up connection attempt fails, the device automatically re-attempts to dial up at specified intervals. Automatic dial-up applies when the traffic volume and online duration are not restricted, such as with the yearly-payment service. Automatic disconnection after an idle period: A device sets up a link only when there is data to be transmitted. If an established PPPoE link has no traffic to transmit and the specific link idle period elapses, the device disconnects the PPPoE link. This dial-up mode applies when the traffic volume and online duration are set, such as with the payment-by-traffic service. The payment-by-traffic service allows a specified amount of traffic to be transmitted within a specified period. If you select Automatic disconnection after an idle period, you must also specify a link idle period.

   Table 5 Description of parameters in switching and bypass detection mode

   Parameter	Description
   Connection Type	Link type of an Eth-Trunk interface: Access: Access interfaces belong to a single VLAN and send and receive packets within this VLAN. These interfaces are connected to PCs. Trunk: Trunk interfaces belong to multiple VLANs and send and receive packets between these VLANs. These interfaces are connected to devices. Hybrid: Hybrid interfaces belong to multiple VLANs and send and receive packets in these VLANs. These interfaces can be connected to both PCs and devices. A hybrid interface sends untagged packets of multiple VLANs, whereas a trunk interface sends untagged packets only from the default VLAN.
   Access VLAN ID	ID of a VLAN to which an Access interface belongs. This parameter is set only when Connection Type is set to Access.
   Trunk VLAN ID	ID of a VLAN, to which a trunk interface belongs. This parameter is set only when Connection Type is set to Trunk. A trunk interface joins multiple VLANs and connects to a network device. To allow all packets from one or more VLANs to pass through a trunk interface, specify VLAN IDs in Trunk VLAN ID.
   Default VLAN ID	Default VLAN ID of a trunk interface. This parameter is set only when Connection Type is set to Trunk.
   Hybrid VLAN ID (With VLAN Tag)	ID of a VLAN, to which a hybrid interface belongs. A hybrid interface sends tagged frames with the specified VLAN ID. This parameter is set only when Connection Type is set to Hybrid.
   Hybrid VLAN ID (Without VLAN Tag)	ID of a VLAN, to which a hybrid interface belongs. A hybrid sends untagged frames with the specified VLAN ID. This parameter is set only when Connection Type is set to Hybrid.
   Hybrid VLAN ID	ID of a VLAN, to which a hybrid interface belongs. A hybrid interface sends tagged frames or untagged frames with the specified VLAN ID. This parameter is set only when Connection Type is set to Hybrid.
   Default VLAN ID	Default VLAN ID of a hybrid interface. This parameter is set only when Connection Type is set to Hybrid.

4. Click OK.

   If the operation is successful, the new Eth-Trunk interface is displayed in Interface List.

   Repeat previous steps to create other Eth-Trunk interfaces.