ESR Series Routers Operation Manual
55
Objective 2:
Configure routing between VLAN 50 (10.0.50.0/24) and VLAN 60 (10.0.60.1/24). VLAN
50 should belong to 'LAN1', VLAN 60
—
to 'LAN2', enable free traffic transmission between zones.
Fig. 7.11
—
Network structure
Solution:
Create VLAN 50 and 60:
esr(config)#
vlan 50,60
esr(config-vlan)#
exit
Create 'LAN1' and 'LAN2' security zones.
esr(config)#
security-zone LAN1
esr(config-zone)#
exit
esr(config)#
security-zone LAN2
esr(config-zone)#
exit
Map VLAN 50 to gi1/0/11, gi1/0/12 interfaces:
esr(config)#
interface gigabitethernet 1/0/11-12
esr(config-if-gi)#
switchport general allowed vlan add 50 tagged
Map VLAN 60 to gi1/0/14 interface:
esr(config)#
interface gigabitethernet 1/0/14
esr(config-if-gi)#
switchport general allowed vlan add 60 tagged
Create bridge 50, map VLAN 50, define IP address 10.0.50.1/24 and membership in 'LAN1' zone:
esr(config)#
bridge 50
esr(config-bridge)#
vlan 50
esr(config-bridge)#
ip address 10.0.50.1/24
esr(config-bridge)#
security-zone LAN1
esr(config-bridge)#
enable
Create bridge 60, map VLAN 60, define IP address 10.0.60.1/24 and membership in 'LAN2' zone:
esr(config)#
bridge 60
esr(config-bridge)#
vlan 60
esr(config-bridge)#
ip address 10.0.60.1/24
esr(config-bridge)#
security-zone LAN2
esr(config-bridge)#
enable
Create firewall rules that enable free traffic transmission between zones:
esr(config)#
security zone-pair LAN1 LAN2
esr(config-zone-pair)#
rule 1
