Screen OS

folks

i've an isg cluster with spare interfaces one of which i will separate into subinterfaces and i'm looking to check up on the process

i intend to create the subinterfaces, put them in different zones, address them, configure a ruleset and then attach a switch

i'll configure the uplink port on the switch as a trunk port and then configure the access ports in various private vlans

have i missed anything?

thanks to anyone taking the time to read this or to reply

Hi

Does your cluster run active-passive or active-active?

Are you using VSYS?

Below example should work in an active-passive cluster

Be sure to set the physical interface in the Null-zone

set interface ethernet2/4.95 tag 95 zone Trust (VLAN 95 with ifindex 95)

set interface ethernet2/4.95:0 ip 10.x.x.x/24 ( :0 is the vsd-group)

set interface ethernet2/4.95:0 ip manageable

set interface ethernet2/4.95:0 route

set interface ethernet2/4.95: manage ping

set interface ethernet2/1.803 tag 803 zone Untrust

set interface ethernet2/1.803:0 ip 84.x.x.x/24

set interface ethernet2/1.803:0 ip manageable

set interface ethernet2/1.803:0 route

set interface ethernet2/1.803:0 manage ping

moerkholt

many thanks for your reply

this is pretty much what i expected though i didn't realise the physical interface had to be in a null zone

thanks again

greatly appreciated

Hi ,

it is not a must  to put the physical interface  at NULL zone if you will configure  subinterfaces under it