Chapter 4 - Interface and Route

HCSA-NGFW 2022
 1 Interface
Contents
2 Route
Interface
 Interface Type
• Hillstone products provide a variety of interface types. According to the
nature of interface, the interfaces consist of physical interface and logical
interface：
• Physical interface: Every Ethernet port on the device is a physical interface,
consisting of port type, slot number and port number, e.g. ethernet0/1
• Logical interface ：
 VSwitchif
 Sub-interface
 VLAN interface
 Tunnel interface
 Aggregate interface
 Redundant interface
 PPPoE interface & PPPoE sub-interface

• According to the binding zone, the interfaces can also be categorized into
Layer 2 interface and Layer 3 interface. www.hillstonenet.com
IP Type
• Static IP
• DHCP
• PPPoE

www.hillstonenet.com
 Static Interface
Network > Interface select the interface，click『Edit』button, select layer 3 zone and configure the static IP

www.hillstonenet.com
DHCP Interface
Network > Interface select the interface，click『Edit』button, select layer 3 zone, IP
type is “DHCP”，enable the default route generation.

www.hillstonenet.com
 PPPoE Interface
Network > Interface select the interface，click『Edit』button, select layer 3 zone, IP
type is PPPoE, Re-connect interval can’t be 0， enable the default route generation.

www.hillstonenet.com
Route
Route
• StoneOS Support below routing type:
– Destination Route（Static Route）
– ISP Route
– Destination Interface-based Route
– SBR, SIBR（Source-Based / Source Interface-Based）
– PBR（Policy-based Route）
– Dynamic Route（Rip, OSPF, BGP, IS-IS）

www.hillstonenet.com
Destination Route（Static Route）
Network > Routing select destination route，and click 『New』button
Default route is part of destination route, destination is 0.0.0.0，netmask is 0

Only when next-hope is Tunnel、Null、PPPoE，we will use the “Interface”based route

www.hillstonenet.com
ISP Profile
• ISP profile contains the IP range of this ISP.

www.hillstonenet.com
ISP Route
• Call ISP profile information and automatically generate ISP route

www.hillstonenet.com
Check ISP Route
• Check ISP route under the destination route, Precedence is 10

www.hillstonenet.com
Destination Interface-based Route
Network > Routing select Destination Interface Route，clieck『New』button
 Destination interface route is designed to select a route and forward data based on the Destination IP address and ingress
interface of a packet.

www.hillstonenet.com
Source Route
Network > Routing select Source Route，clieck『New』button
 Source route is designed to select a router and forward data based on the source IP address of a packet.

www.hillstonenet.com
Source Interface-based Route
Network > Routing select Source Interface Route，clieck『New』button
 Source interface route is designed to select a router and forward data based on the source IP address and
ingress interface of a packet.

www.hillstonenet.com
Policy-based Routing（PBR）
• Policy-based Route (PBR) is designed to select a router and forward
data based on the source IP address, destination IP address and
service type of a packet.

• To create a Policy-based route, take the following steps：

1. Create PBR
2. Create PBR rule

www.hillstonenet.com
Create PBR
Network > Routing select Policy-based Routing, click 『New』button
and select PBR

www.hillstonenet.com
 Create PBR Rule
Network > Routing select Policy-based Routing, click 『New』button
and select Rule

www.hillstonenet.com
Policy-based Routing Priority
• Firstly check the PBR bindings，the default priority of policy routing binding is as follows：
Interface > Zone > Virtual Router

• Rules bound to one PBR are matched from top to bottom.

• Only one PBR can be bound to an interface / security zone / virtual router.

www.hillstonenet.com
Routing Sequence

• Routing sequence：

PBR  SIBR  SBR  DIBR  DR/ISP route/dynamic route

www.hillstonenet.com
Routing Example: Distance Value (Precedence)
100.1.1.1/24
ip route 100.1.1.0/24 122.1.1.1 10
ISP ip route 100.1.1.0/24 133.1.1.2 1

GW:122.1.1.1 GW:133.1.1.2

ISP 1 ISP 2

Ethernet0/3 Ethernet0/4
untrust untrust

Ethernet0/1 Ethernet0/2
trust trust

LAN1 LAN2
192.168.1.0/24 192.168.2.0/24

www.hillstonenet.com
Configure Destination Route (Static Route)（CLI）
To enter the VRouter configuration mode, in the global configuration mode, use the following command:
ip vrouter trust-vr

To add a destination route, in the VRouter configuration mode, use the following command:
ip route {A.B.C.D/M | A.B.C.D A.B.C.D} {A.B.C.D | interface-name } [distance-value] [weight weight-
value]
– A.B.C.D/M | A.B.C.D A.B.C.D - Specifies the destination address.
– A.B.C.D | interface-name - Specifies the type of next hop.
• a gateway address (A.B.C.D) or interface (interface-name)
• If the next hop type is interface, you can only select a tunnel interface, Null interface or PPPoE
interface.
– distance-value - Specifies the administrative distance of the route.
• The smaller the value is, the higher the priority is.
– weight-value - Specifies the weight value.
• The weight ratio of traffic forwarding in load balance

www.hillstonenet.com
Questions
1. What types of interfaces does the Hillstone device support？
2. What types of routing does the Hillstone device support？
3. What is the priority of route matching？
4. What is the priority of policy-based routing binding？

www.hillstonenet.com
Thanks