< Home

firewall transparent vsys-binding inside-vlan enable

Function

The firewall transparent vsys-binding inside-vlan enable command enables the function of allocating virtual systems based on inner VLAN tags in QinQ packets in Layer 2 transparent transmission scenarios.

The undo firewall transparent vsys-binding inside-vlan enable command enables the function of allocating virtual systems based on outer VLAN tags in QinQ packets in Layer 2 transparent transmission scenarios.

Format

firewall transparent vsys-binding inside-vlan enable

undo firewall transparent vsys-binding inside-vlan enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

By default, virtual systems are allocated based on outer VLAN tags in QinQ packets in Layer 2 transparent transmission scenarios.

After a VLAN is bound to a virtual system, the packets that belong to the VLAN are sent to the virtual system bound to the VLAN. In this manner, the virtual system is allocated based on the VLAN.

A QinQ packet contains two layers of VLAN tags (outer VLAN tag and inner VLAN tag). By default, the FW can parse the outer VLAN tag of a packet and import the packet to the corresponding virtual system based on the outer VLAN tag.

To implement traffic distribution based on the inner VLAN, run the firewall transparent vsys-binding inside-vlan enable command to enable the function of allocating virtual systems based on the inner VLAN.

You must run the port trunk allow-pass command on the inbound interface to bind the outer VLAN ID and inner VLAN ID. That is, the interface permits the specified VLAN packets. Or run the port trunk allow-pass vlan all command to permit all VLAN packets.

Example

# Configure the function of allocating virtual systems based on inner VLAN tags in QinQ packets in Layer 2 transparent transmission scenarios.

<sysname> system-view
[sysname] interface GigabitEthernet 0/0/1
[sysname-GigabitEthernet 0/0/1] portswitch
[sysname-GigabitEthernet 0/0/1] port link-type trunk
[sysname-GigabitEthernet 0/0/1] port trunk allow-pass vlan all  //	Configure the inbound interface to permit all VLAN packets.
[sysname-GigabitEthernet 0/0/1] quit
[sysname] firewall transparent vsys-binding inside-vlan enable  //Enable the function of allocating virtual systems based on inner VLAN tags in QinQ packets in Layer 2 transparent transmission scenarios.
Parent Topic: Status Check and Packet Processing Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >