L2V Interface Management In Nsm Overview; Configuring L2V Vlan Management Interfaces - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Related
Documentation

L2V Interface Management in NSM Overview

Configuring L2V VLAN Management Interfaces

Copyright © 2010, Juniper Networks, Inc.
You can also create custom L2V zones in the root system or vsys, although you cannot
configure a custom L2V zone as sharable. When you define a new L2 zone, NSM prepends
the prefix "L2-" to the name during a device update. However, the L2 prefix does not
appear in the NSM UI. For example, if you create an L2 zone named "music," the UI displays
the zone name as "music," but the Web UI and CLI displays the zone name as "L2-music."
NOTE: When configuring a custom L2V zone, the name must include only
lowercase letters.
L2V Interface Management in NSM Overview on page 261
Converting L2V to VLAN Trunking (NSM Procedure) on page 262
L2V VLAN Groups in NSM Overview on page 260
In the root system, you can bind any interface to an L2 zone. If the zone is shared with
vsys, the interface also becomes shared with vsys. You cannot import or export interfaces
between root and vsys, and you cannot assign an IP address to an interface (except the
VLAN management interfaces).
In the root system, you can create VLAN management interfaces and aggregate interfaces.
At the vsys level, you can only create VLAN management interfaces. The topic includes
the following:
Configuring L2V VLAN Management Interfaces on page 261
Configuring L2V Aggregate Interfaces on page 262
The root system contains a predefined VLAN management interface (vlan1) that is bound
to the VLAN zone. You can configure this interface as you would a normal security
interface, for example, assign the interface an IP address, configure DHCP, or configure
monitoring.
For each vsys that you want to manage, you must create the VLAN management interface
on the vsys, and then bind the interface to the VLAN zone. Because each VLAN interface
uses a VLAN ID, you must have previously imported VLAN IDs from a root system before
creating the VLAN interface on a vsys device. For example, before you create vlan.3
management interface on a vsys, you must import the VLAN ID 3 from the root system.
For both root and vsys, the VLAN interface name is the VLAN ID for the interface. To add
multiple management interfaces, bind each interface to the VLAN zone and assign each
interface a unique vlan name (vlan1, vlan2, vlan3, and so on; acceptable range is 2-4094
only in Transparent mode). When assigning IP address to each interface, ensure that the
IP subnets for all interfaces do not overlap.
Chapter 8: Configuring VPNs
261