VLAN Interfaces

This section shows you how to configure VLAN interfaces in the Gaia PortalClosed Web interface for the Check Point Gaia operating system. and Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)..

You can configure virtual LAN (VLAN) interfaces on Ethernet interfaces.

VLAN interfaces let you configure subnets with a secure private link to Security Gateways and Management Servers using your existing topology.

With VLAN interfaces, you can multiplex Ethernet traffic into many channels using one cable.

Important - In a ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., you must configure all the Cluster Members in the same way.

Notes:

  • The name of a VLAN interface in GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. is "<Name of Physical Interface>.<VLAN ID>".

    For example, the name of a VLAN interface with a VLAN ID of 5 on a physical interface eth1 is "eth1.5".

  • The VLAN tunnel is not secure, because it is not encrypted.

  • To configure MTU on a VLAN interface, you must configure MTU on the physical interface.

    This MTU applies to all VLAN interfaces configured on this physical interface.

  • The Gaia operating system supports the VLAN tagging protocol IEEE 802.1Q.

Configuring VLAN Interfaces in Gaia Portal

Important - On Scalable Platforms (Maestro and Chassis), you must connect to the Gaia Portal of the applicable Security Group.

Configuring VLAN Interfaces in Gaia Clish

Important:

  • On Scalable Platforms (Maestro and Chassis), you must run the applicable commands in Gaia gClish of the applicable Security Group.

  • Make sure that the physical interface, on which you wish to add a VLAN interface, does not have an IP address.

Syntax

Important - After you add, configure, or delete features, run the "save config" command to save the settings permanently.

Parameters

Access Mode VLAN and Trunk Mode VLAN

VLAN traffic can pass through a Bridge interface in one of these modes: