[x]

Configuring a security zone > Adding members to a security zone

 

 Next

Adding members to a security zone

A security zone can include member types listed in Table 17.

Table 17: Security zone members and objects that the members identify

Security zone member

Objects that each member identifies

Layer 3 interface:

  • Layer 3 Ethernet interface

  • Layer 3 logical interface, such as a Layer 3 subinterface

All packets received or sent on the interface

Layer 2 interface-VLAN combination

All packets received or sent on the interface that carry the specified VLAN tag

If a security zone has multiple types of members, a packet is matched in the following order: service chain, subnet, interface, and VLAN. The match operation stops when the first matching member is found.

To add members to a security zone:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter security zone view.

security-zone name zone-name

N/A

3. Add members to the security zone.

  • Add a Layer 3 Ethernet interface:import interface layer3-interface-type layer3-interface-number

  • Add Layer 2 interface-VLAN combinations:import interface layer2-interface-type layer2-interface-number vlan vlan-list

By default, a security zone does not have any members.

You can perform this step multiple times to add multiple members.

prev

 

up

 next

Creating a security zone 

home

 Creating a zone pair

© Copyright 2017 Hewlett Packard Enterprise Development LP