Shulou(Shulou.com)06/01 Report--

NGAF Virtual Network Line Mode deployment case introduction to 1.1NGAF Virtual Network Line deployment

Virtual network line deployment is similar to transparent deployment, but the application scenario is different. Virtual network cable is mainly used in the case of multiple bridges. When customers need to deploy NGAF devices with multiple bridges, it is recommended to use virtual network cables instead of transparent deployment. The main reason is that MAC table disorder is easy to occur under multiple bridges, after the virtual network cable is set, there is no need to look up the MAC table, the data comes in through one port and is forwarded directly from another port set up by the virtual network cable.

Customer environment and demand: a customer's network environment is shown in the following figure, the exit is the Aitai router, and there are two layer 3 intersections in the intranet.

For replacement, H3C-An is divided into five network segments VLAN10 to 50, and the intranet has AD domain control to do DNS and DHCP services to link the switch and router through VLAN10. Customers want to deploy NGAF devices transparently without changing the original way of surfing the Internet. In this environment, virtual network cable is needed to deploy.

2 original network configuration

Aitai local LAN192.168.10.2

Routing tabl

H3C-A configuration

Default rout

0.0.0.0 .0.0.0.0 192.168.10.2

The VLAN partition is shown in the figure.

H3C-B connects to VLAN40 port, extends physical LAN port, and internal PC accesses the Internet through VLAN40.

1.3 deeply convinced that NGAF is configured with virtual network cable (WAN is eth2,LAN and eth3)

2.1 Zone physical Interfac

Interface / area-physical interface

Interface / area-area

2.2 enter "Network configuration" → "Interface / Zone" → "Interface Linkage", and click add. The interface settings are as follows: 2.3.Open firewall rules. Since the firewall forbids all data by default, you need to apply control policy in "content security" →. Add a rule to allow the interconnection of data between private and public network areas. The interface is configured as follows:

3 configure NGAF to manage remotely

NGAF configures eht3 connection type as DHCP, connects to H3C-B to obtain ip192.168.40.161 of VLAN40, and connects to public network updatable rule base and other information.

Aitai route adds an IP/MAC rule to bind NGAF's ip 192.168.40.161 and adds L2TP's × × account to remotely manage the intranet.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.