Creating a L2 bridge

You can create up to 4094 L2 bridges on a Kaspersky NGFW device. An L2 bridge can be empty (without interfaces), or it can include from 2 to 4094 interfaces. One L2 bridge can include only interfaces with the same L3 MTU, and each interface can be included in only one L2 bridge. The maximum allowed L3 MTU is 9000 bytes.

Modifying the settings of an existing L2 bridge may clear the MAC address table.

You can add the following interfaces to an L2 bridge:

You can create a L2 bridge in a network template or on a Kaspersky NGFW device: An L2 bridge created in a network template is automatically created on all devices that use this template.

To create an L2 bridge:

  1. In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
  2. Create an L2 in one of the following ways:
    • If you want to create an L2 bridge in a device template, in the menu, select the Network templates tab, click the device template, and select the Interfaces section.
    • If you want to create an L2 bridge on a Kaspersky NGFW device, select the Devices tab in the menu, click a Kaspersky NGFW device and select the Interfaces section.

    The table of network interfaces is displayed.

  3. Click Create.

    This opens the interface creation window with the General tab selected.

  4. Set an administrative status. The default status is Down.
  5. Specify the Bridge interface type.
  6. In the Bridge ID field, specify a unique ID for the L2 bridge.

    The identifier must be an integer from 1 to 4094.

  7. If necessary, in the Description field, enter an arbitrary description of the interface.
  8. If you want a new entry to be added to the MAC address table when a packet with a previously unknown sender MAC address passes through the bridge, enable MAC learning.
  9. If you want the MAC address of the bridge to be deleted from the table after a specified period of time, specify it in MAC aging (min) field. The default setting is 5 minutes. The maximum value is 255 minutes.
  10. In the Protocol field, select the type of IP address assignment to the interface:
    • None means an IP address is not assigned. This is the default setting.
    • Static IPv4 address means a static IPv4 address is assigned.

      If you select this option, you need to specify the IP addresses of the network interface with a mask in the IPv4 addresses section in the lower part of the page. Click Add to add more than one IP address. You can add up to 20 IP addresses.

      If necessary, you can also delete an added IP address by selecting its row and clicking the Delete button.

    • DHCP client means the IP address is automatically assigned by DHCP.

      To get the DNS server address from a DHCP server, set the corresponding toggle switch to Yes.

      If you select this option, in the DNS servers section in the lower part of the page, you can specify IP addresses with masks of the DNS servers that you want to use. You can add up to 8 DNS servers.

      If the IP address of the default static route is obtained from the DHCP server, you can view it in the static routing RIB table on the command line.

      You can change the protocol only for interfaces included in the L3 security zone. For interfaces included in the L2 security zone, the None value is selected.

  11. From the Security zone drop-down list, select one of the previously created security zones or create a new security zone to add the created interface to it. L2 and L3 security zones are available.
  12. If necessary, in the Override MTU field, enter the MTU value for the interface that you are creating. You can enter a value from 576 to 9000. The entered value overrides the default MTU. The default value is 1500.
  13. If necessary, in the Override MAC field, specify the MAC address of the L2 bridge.
  14. Select the Interface members tab.
  15. From the list of interfaces, select the interfaces that you want to add to the L2 bridge by setting the toggle switch next to the relevant interface to On.

    You can add physical interfaces, aggregated interfaces, and subinterfaces.

  16. Click Create.

    The created interface appears in the list of interfaces.

  17. Apply the OSMP policy changes by clicking the Commit and push button.
Page top