Bridge Interface Settings

You configure a bridge at the network interface bridge level.

To add a new bridge interface:

Admin@nodename# create network interface bridge

You need to specify the following parameters:

Parameter

Description

enabled

Enable/disable a bridge:

  • on

  • off

interface-name

Enter a number to include in the interface name (for example, if you enter 1 the interface name will be bridge1).

description

Bridge interface description.

alias

The interface's alias.

node-name

Node name of the cluster where the bridge is created.

zone

Zone to which the bridge belongs.

link-info

Settings for network interface parameters:

  • bc_forwarding: control forwarding the directed broadcast packets arriving at the specified interface.

  • proxy_arp, proxy_arp_vlan: Proxy ARP mechanism. With proxy_arp, UserGate will respond to ARP requests for addresses outside the interface's network; with proxy_arp_vlan, UserGate will respond to ARP requests for addresses that belong to the interface's network.

To specify them, use the following format:

Admin@nodename# create network interface <iface-type> ... link-info [ key/value ]

where key is the parameter name. which can include lowercase Latin letters (a-z) and underscore (_), and

value is the parameter value. Parameter values can only be integers.

For example, use proxy_arp/1 to enable the Proxy ARP mechanism and proxy_arp/0 to disable it.

The link-info field is displayed only when adding parameters.

Important! You cannot delete the specified parameters.

netflow-profile

The Netflow profile to send statistical data to the Netflow collector. For more details on Netflow profile settings, see Configuring Netflow Profiles.

bridging

Additional bridge parameters:

  • iface-type: interface mode:

    • l2: Layer 2 (you do not need to assign an IP address or specify routes and gateways for the bridge to work correctly. In this mode, the bridge works at the MAC address level by forwarding packets from one network segment to another. Mail security rules cannot be used in this case; content filtering is available in this mode).

    • l3: Layer 3 (you can assign an IP address and use it in firewall, content filtering, and other rules; this is the standard interface operation mode).

  • interface: interfaces to use to create the bridge.

  • stp: enable/disable STP (Spanning Tree Protocol) for protection against network loops:

    • on.

    • off

  • forward-delay: delay before the bridge switches to the active mode (Forwarding) if the STP is enabled (in seconds).

  • max-age: time after which the STP connection is considered lost (in seconds).

  • bypass-pair: interface pair to use to build the bypass bridge. UserGate HSC support is required.

iface-mode

IP address assignment mode:

  • dhcp: obtain a dynamic IP address via DHCP.

  • manual: no address.

Static mode is set automatically when an IP address is assigned to the interface.

ip-addresses

Assign an IP address to the interface.

The IP addresses are specified as [ <ip_address/mask> ] or [ <ip_address/mask> <ip_address/mask> ]. In case of several IP addresses (with space used as the separator), the subnet mask is entered in the decimal format.

Important! Make sure to separate the square brackets with spaces on both sides.

mac

Interface MAC address.

mtu

Specify the MTU size.

dhcp-relay

Settings for the DHCP relay on the interface. You need to specify the following:

  • enabled: enable/disable the relay:

    • on

    • off

  • utm-address: IP address of the UserGate interface on which the relay function is added.

  • server-address: addresses of DHCP servers where DHCP requests from clients should be redirected.

To update an existing bridge interface, use the following command:

Admin@nodename# set network interface bridge <bridge-name>

The parameters available for setting are the same as those for creating a bridge, except for interface-name and node-name (you cannot change the values of these parameters).

To delete a bridge interface or its parameters, use the following command:

Admin@nodename# delete network interface bridge <bridge-name>

You can delete the following parameters:

Parameter

Description

ip-addresses

Specified IP address.

dhcp-relay server-address

DHCP server IP address.

To display information about all bridge interfaces, use the following command:

Admin@nodename# show network interface bridge

To display information about a single interface, use the following command:

Admin@nodename# show network interface bridge <bridge-name>