Configure a Layer 2 Interface, Subinterface, and VLAN

Configure Layer 2 Interfaces with VLANs when you want Layer 2 switching and traffic separation among VLANs. You can optionally control non-IP protocols between security zones on a Layer 2 interface or between interfaces within a single zone on a Layer 2 VLAN.
  1. Configure a Layer 2 interface and subinterface and assign a VLAN ID.
    1. Select NetworkInterfacesEthernet and select an interface. The Interface Name is fixed, such as ethernet1/1.
    2. For Interface Type, select Layer2.
    3. Select the Config tab.
    4. For VLAN, leave the setting None.
    5. Assign the interface to a Security Zone or create a New Zone.
    6. Click OK.
    7. With the Ethernet interface highlighted, click Add Subinterface.
    8. The Interface Name remains fixed. After the period, enter the subinterface number, in the range 1-9,999.
    9. Enter a VLAN Tag ID in the range 1-4,094.
    10. Assign the subinterface to a Security Zone.
    11. Click OK.
  2. Commit.
    Click Commit.
  3. (Optional) Apply a Zone Protection profile with protocol protection to control non-IP protocol packets between Layer 2 zones (or between interfaces within a Layer 2 zone).

