Eth-Trunk interconnection of USG5500 and peer vendor device

Publication Date:  2012-12-14 Views:  256 Downloads:  0
Issue Description
Some client need bounding interconnection with peer vendor (H3C) S7506 switch by using our USG5500 10GE firewall.

the bounding link is Trunk link,it need to pass VLAN20 and VLAN30

Alarm Information
NULL
Handling Process
USG5500 configuration:

#
vlan 20
description to_main_server
vlan 30
description to_firewall
interface Vlanif20
description To_Main_server
ip address 172.30.253.254 255.255.255.0
ip address 192.168.205.254 255.255.255.0 sub
#
interface Vlanif30
description To_H3C_7500
ip address 172.30.254.1 255.255.255.252
#interface Eth-Trunk13
portswitch
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20 30
#
#                                       
interface GigabitEthernet0/0/1
portswitch
port link-type access
eth-trunk 13
#
interface GigabitEthernet0/0/2
portswitch
port link-type access
eth-trunk 13
#



H3C side S7506 configuration:

#
interface Bridge-Aggregation13
description to_USG5500_Firewall
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20 30
#
interface GigabitEthernet2/0/13
description to_USG5500_Port_2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20 30
port link-aggregation group 13

#
interface GigabitEthernet7/0/13
description to_USG5500_port_1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20 30
port link-aggregation group 13
#

Root Cause
Eth-Trunk of our company does not support LACP dynamic bounding,it needs the static configuration in peer vendor devcie.

It need to use VLAN20 and VLAN30 at the same time,so it should switch the layer 3 port to layer 2 port.
Suggestions
(1)When it configure Eth-Trunk,it needs to clear up the configuration under interface,if the interface has added to some security area, it needs to delete its configuration, nor it will alarm failure when adding Eth-Trunk.

(2)Layer 2 Eth-Trunk interface should be added to corresponding security area, nor it will cause business blocked.

END