Example: Configuring a Subinterface (NSM Procedure)

A subinterface, like a physical interface, is a doorway through which traffic enters and exits a security zone. You can logically divide a physical interface into several virtual subinterfaces, each of which borrows the bandwidth it needs from the physical interface. Subinterfaces use names that indicate their physical interface, such as ethernet3/2.1 or ethernet2.1.

You can create three types of subinterfaces:

You can create a subinterface on any physical interface in the root system or virtual system, and you can bind a subinterface to the same zone as its physical interface or to a different zone. However, the IP address of a subinterface must be in a different subnet from the IP addresses of all other physical interfaces and subinterfaces.

In this example, you create a subinterface for the Trust zone in the root system. You configure the subinterface on ethernet1, which is bound to the Trust zone. You bind the subinterface to a user-defined zone named “ accounting,” which is in the trust-vr. You assign it subinterface ID 3, IP address 10.2.1.1/24, and VLAN tag ID 3. The interface mode is NAT.

To configure a subinterface:

  1. Add a device.
  2. Configure a new zone:
    • Double-click the device icon to open the device configuration. In the device navigation tree, select Network > Zone.
    • Click the Add icon and select Security Zone. The General Properties Screen appears.
  3. Configure the following options, and then click OK:
    • For Name, enter accounting.
    • For Virtual Router, select trust-vr.
  4. Configure the subinterface:
    • In the device navigation tree, select Network > Interface.
    • Click the Add icon and select Sub Interface. The General Properties screen appears.
  5. Configure the following options, and then click OK:
    • For Name, select ethernet1, and then select 3.
    • For VLAN tag, enter 3.
    • For Zone, select accounting.
    • For IP Address/Netmask, enter 10.2.1.1/24.
    • Ensure that Manageability is enabled.
    • Ensure that the Management IP is 10.2.1.1.
    • For Interface Mode, select NAT.
  6. Click OK to save your changes to the device.

Related Documentation