Adding a Bridge Interface to a Virtual System

Description

Some Software Blades and features are not supported on a Virtual System in Bridge Mode, because it may not have an IP address.

For example: Threat Emulation, Identity Awareness, Identity Awareness Captive Portal, and UserCheck Portal are not supported.

This command adds a Bridge interface to an existing regular Virtual System object that always has an IP address.

As a result, the Virtual System can support these Software Blades and features for the traffic that passes over the configured bridge interface.

Notes:

  • Names of bridge interfaces have a template "brX", where "X" is a digit.

  • It is necessary to add subordinate interfaces in pairs to a bridge interface.

  • To see the bridge interfaces you configured in the Virtual System object:

    1. Connect to the command line on the VSX Gateway (each VSX Cluster Member).

    2. Log in to the Expert mode.

    3. Go to the context of the Virtual System:

      vsenv <VSID>

    4. Examine the list of interfaces:

      ifconfig

  • You can delete bridge interfaces from a Virtual System either in SmartConsole, or with the "vsx_provisioning_tool" command (see Removing an Interface from a Virtual Device).

Syntax

attach bridge vd <Name of Virtual System Object> ifs1 <Name of First Subordinate Interface> ifs2 <Name of Second Subordinate Interface>

Parameters

Parameter

Value

Notes

vd <Name of Virtual System Object>

Object name

Specifies the name of the Virtual System object.

Mandatory parameter, if this is the first command in a transaction.

ifs1 <Name of First Subordinate Interface>

Interface name

Specifies the name of the physical interface to be the first subordinate interface of a bridge interface.

Note - This physical interface must not have an IP address

ifs2 <Name of First Second Interface>

Interface name

Specifies the name of the physical interface to be the second subordinate interface of a bridge interface.

Note - This physical interface must not have an IP address

Example 1 - Adding a Bridge interface with subordinate interfaces "eth2" and "eth3" in the Virtual System "VS1"

vsx_provisioning_tool -s localhost -u admin -p mypassword -o attach bridge vd VS1 ifs1 eth2 ifs2 eth3

Example 2 - Adding a Multi Bridge interface in the Virtual System "VS1"

In this example, we add pairs of VLAN interfaces to the Virtual System "VS1" to add a Multi Bridge interface (see Multi Bridge Interfaces):

  • VLANs eth2.403 and eth3.403 as the first bridge interface

  • VLANs eth2.504 and eth3.504 as the second bridge interface

The prerequisite is to configure both physical interfaces "eth2" and "eth3" as VLAN Trunks (see Configuring a Physical Interface as VLAN Trunk).

vsx_provisioning_tool -s localhost -u admin -p mypassword -o attach bridge vd VS1 ifs1 eth2.403 ifs2 eth3.403, attach bridge ifs1 eth2.504 ifs2 eth3.504