Creating a subinterface

You can create a subinterface only for a physical interface or an aggregated interface with the Data plane role. You cannot create a subinterface for an interface added to a L2 security zone.

When creating the first subinterface, the following parameters of the parent interface change and become uneditable:

You can create a subinterface in a network template or on a Kaspersky NGFW device: A subinterface created in a network template is automatically created on all devices that use this template.

To create a subinterface:

  1. In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
  2. Create a subinterface in one of the following ways:
    • If you want to create a subinterface in a device template, in the menu, select the Network templates tab, click the device template, and select the Interfaces section.
    • If you want to create a subinterface on a Kaspersky NGFW device, select the Devices tab in the menu, click a Kaspersky NGFW device and select the Interfaces section.

    The table of network interfaces is displayed.

  3. Select the check box next to the interface in which you want to create a subinterface and click Create subinterface.

    This opens the subinterface creation window.

  4. Set an administrative status. The default status is Down.
  5. In the VLAN ID field, enter a VLAN tag from 1 to 4094. The VLAN ID must be unique among all subinterfaces of the parent interface.

    You cannot change the VLAN ID after creating the subinterface.

  6. If necessary, in the Description field, enter an arbitrary description of the interface.
  7. From the Security zone drop-down list, select one of the previously created security zones or create a new security zone to add the created interface to it. L2 and L3 security zones are available.
  8. In the Protocol field, select the type of IP address assignment to the interface:
    • None means an IP address is not assigned. This is the default setting.
    • Static IPv4 address means a static IPv4 address is assigned.

      If you select this option, you need to specify the IP addresses of the network interface with a mask in the IPv4 addresses section in the lower part of the page. Click Add to add more than one IP address. You can add up to 20 IP addresses.

      If necessary, you can also delete an added IP address by selecting its row and clicking the Delete button.

    • DHCP client means the IP address is automatically assigned by DHCP.

      To get the DNS server address from a DHCP server, set the corresponding toggle switch to Yes.

      If you select this option, in the DNS servers section in the lower part of the page, you can specify IP addresses with masks of the DNS servers that you want to use. You can add up to 8 DNS servers.

      If the IP address of the default static route is obtained from the DHCP server, you can view it in the static routing RIB table on the command line.

      You can change the protocol only for interfaces included in the L3 security zone. For interfaces included in the L2 security zone, the None value is selected.

  9. If necessary, in the Override MTU field, enter the MTU value for the interface that you are creating. You can enter a value from 576 to 9000. The entered value overrides the default MTU. The default value is 1500.

    The MTU value of a subinterface cannot be greater than the MTU value of the parent interface. If you enter a value greater than that of the parent interface, the MTU of the subinterface is set to be equal to the MTU of the parent interface.

  10. Click Create.

    The created subinterface appears in the list of interfaces.

  11. Apply the OSMP policy changes by clicking the Commit and push button.

You need to create subinterfaces for all VLAN IDs that can arrive, otherwise any packets with VLAN IDs that do not have a matching subinterface are dropped.

Page top